"no evidence" that the information has been accessed.... of course. They probably don't do any logging, central log storage, or security monitoring. See no evil, hear no evil etc.
412 posts • joined 19 Jul 2011
"And lo! did many infuriated commentards gather, and repeatedly did they thump the downvote button. Yea, verily unto the Rage of the Internets did the mob's inflamed passions overspill at the Heretic who Sullied the Sacred Name of Open Source."
Argh, Verity, is that you? Or are you being channeled through the Reg sales^H^H^H editorial team?
When can we expect another of your heavenly missives? Verily, we are thirsting*) in the desert of Stoblessness (+ a lot of wailing, gnashing of teeth & tearing out of hair...)
*) Yeah, even unto beer and other beverages do we thirst!
Seems about right: my words.exe (aging but useful Latin dictionary):
-ess, -or; -er; indicates the doer; one who performs action of verb (act.ess);
operatrix N 3 1 NOM S F
operatrix N 3 1 NOM S F
operatrix N 3 1 VOC S F
operatrix N 3 1 VOC S F
opero, operare, operavi, operatus V (1st) [EXXDX] Later lesser
work; operate (math.);
operor, operari, operatus sum V (1st) DEP [XXXBX]
labor, toil, work; perform (religious service), attend, serve; devote oneself;
Not that individual points are invalid or not well made, but this discussion can be held for any kind of stack: web applications, traditional client applications, anything that is part of a process etc.
It's just that I suspect the security solutions are too fragmented/immature that anything but a single vendor/coordinated vendor solution is likely to involve a humongous amount of duck tape/custom programming that may not be worth the investment etc.
Yes, that. The company giving third parties access also have a responsibility to vet these third parties/make sure they abide by security policies, monitor for security intrusions and actually are responsible (versus their own clients) for everything that is done once logged in with that account.
But it makes nicer spin if you just repeat "third party" as if it wasn't their own shoddy IT security... it's just that it's not ONLY their own shoddy IT security.
"Our engineering team is engaging with FTDI to prevent these problems"
1. Would that be engaging as in engaging in hand-to-hand combat with cutlasses to avoid future problems.... terminally?
2. What problems are these exactly? AFAIU, the driver did what it was supposed to do: disable illegal ripoffs of FTDI chips. Not that I particularly like that idea, but the amount of corporate doublespeak in this short statement is astronomical...
How about if Microsoft stipulate "thou shalt not fry other people's hardware using a driver" as a rule for driver submissions?
Encryption by Hong Kong student protesting = good (see article)
Encryption by US citizens going about their lawful business = bad (US Govt; see earlier article)
No contradiction here, no none at all...
And yes, I know the company behind Firechat <> US Govt but still, US Navy did sponsor Tor whose goals include overseas dissidents communicating encrypted (given recent revalations: ...but who knows with what NSA backdoor).
Cynical? Me? Nah.
I appreciate your sentiments but...
If you were running that infrastructure, why would you allow access to those routers and embedded systems in the first place? Using things like management VLANs, VPN, SSH and doubtlessly more modern stuff I haven't kept up with?
Ok, critical web server with CGI+bash vulnerability I can understand...
"Where the value comes from is to have the community develop the project – that's what leads what to community, collaboration and innovation"
Given the way Vyatta/Brocade killed any community involvement, basically yanked open source Vyatta, didn't accept patches etc, I'm choosing to insert hearty sarcastic laughter rather than the alternative wailing and gnashing of teeth.
Pull the other one, it's got bells on.
Yes, they often do. Once again security researchers shout very loudly "biggest hole since whenever"... while reality is a bit more nuanced.
Seems to me that crying wolf all the time is hardly a worthwile strategy to pursue (but of course it is commercially almost imperative given the competition between various security outfits).
Given all that there are probably still routers etc that do run bash... but definitely not all of them.
Sorry Mark, you lost me last week when you started going on about what music to play with a certain novel.
Those problems are insignificant and childish compared to my problem: do I get my posse of nubile, scantily clad, beautiful girls of the female persuasion to pop green or red grapes into my mouth?
I'll skim the article hoping you do address this searing problem... but I'm not hopeful.
I'm afraid it's not only your Spanish that isn't good.
All well and good that you prefer to use the best tool for the job but if you cannot convince your boss of the need perhaps it's a good idea to
1. go looking for a less toxic environment to work in or
2. see if your own communication skills are lacking
yet another random internet user with an opinion
"Satisfying auditors... primitive technology...what they understand"
ROFLMAO. I'd guess about 90% wouldn't understand even a command prompt if you threw it at them. The rest will grasp that cloud is just a different name for a familiar concept.
Perhaps you mean that Business Critical is essential for the business and MS cannot afford to screw up for their OWN sakes (not regulators, auditors etc)... in which case Mark does have a point.
The suggestion in the article that pilots may ignore the collision avoidance system blaring sounds like a potentially suicidal thing to do and I really have doubts that is the case.
Why not execute (say - I don't know the exact procedures) a diving turn to the right just to be sure?
Apart from that: nice to hear something fairly optimistic coming out of Defcon...
Yes, but paying tax is not the same as being independent - your parent company may own you and you poor Irish subsidiary may be making massive *cough* profits due to trading with said parent company and then proceed to say pay a lower tax rate than the parent company would.
But your US parent company still owns you=>has control. (Though I agree popcorn may be in short supply if Irish judges/privacy commissioners get involved for the opposite view)
"Mopping up after an incident isn't as simple as it used to be," ...bla... "You can't just stick a patch on and call it done."
Well, it depends on the issue and the patch, doesn't it? A current patch for a buffer overflow would be very simple to apply and forget, as usual. Otherwise I'd like that guy to tell me what exactly changed in the environment that would cause his comment to be true...
Does this guy happen to sell custom vulnerability mitigation stuff/consultancy services or something?
Biting the hand that feeds IT © 1998–2019