Well, that sinks my plans to consider a Google phone next time around. Nice move.
164 posts • joined 9 Jul 2007
'We should have done better' – the feeble words of a CEO caught using real hospital IT in infosec product demos
What is it with next-gen AV?
Between this and Cylance, it seems like it's all bad decisions and knife fights in the land of next-gen AV.
Google should make it easier to report these discoveries of false/incorrect entities, too. I once drove to a hotel on their map in western NY that was in actuality nothing more than a hay field - the hotel was literally 3 miles away. Trying to contact Google was a bit of an uphill struggle to report that issue.
They still are snake oil to me. We had a 2 month demo with them and experienced significant false-positives involving well-known commercial software components. At that point, it seemed like an exercise of manually identifying each file on your network, which defeats the purpose. Others swear by them, and yet I've never heard an explanation to reveal the reasons why some love it and others have our experience.
Like paying criminals is a better answer? Might as well award the crims honorary degrees while they're at it.
"If you are contacted by a vendor who is requesting immediate payment, please advise that we have an emergency process in place, and your unit will submit a request for expedited payment," the bulletin reads.
That should put the crims on notice to submit phony invoices, El Reg. Nicely done.
Any time I see a Weekly World News article cited then I know it's going to be a good day.
The saddest thing is to only discover the brilliance of people after they've passed. Thanks for the great read.
*Where's the IT angle? in honor of Lester...
I'm leaving - so reduce your bid by $0.0003, Verizon.
Banks could simply require 2FA and it would put a huge dent in the problem. That's on the banks.
Disappointed by accompanying graphic
Way better graphic for this story would have been https://images-na.ssl-images-amazon.com/images/I/410wlv-29JL._SL500_.jpg
NoScript FF add-on
It's a wonderful thing.
Is it just me or has someone set fire to the site and it's just a smoking pile of ruins?
OK, I bit and threw my privacy to the wind in order to read the 3 page report. I saw nothing of real concern here, unless you're heavy into IBM software or a PAN OS user.
Should be the basis for Dom Joly's mobile device when he next films an episode of Trigger Happy TV.
Any relationship to Check Point, the firewall security company?
Just more justification for ad blocking tool usage.
Re: Welcome to the future. It's not safe.
Last I knew, WordPress is free software, so this 'rich corporate bastards' take is probably not very hot.
Link for PoC is 404
The link for the PoC code is fubar'ed - the URL appears to have been doubled.
Re: Cops 178, Criminals 0
I hear ya: we need more drone strikes.
Unaccountable? Yes. Illegal? No. Let's see how fast either side moves to close that loophole once and for all. Hint: not fast.
For the 3 of us who haven't seen Goldeneye yet...
Thanks for the spoiler alert.
In a perfect world...
... there'd exist a video where a dude riding a hoverboard while using his Note 7 has both catch on fire at once. That needs to happen.
And... the FCC voted to delay the vote.
Loved the response from Pratik D in his thread: "why are you sending spam emails?" Lol - oh, the irony...
It's my understanding you have 2 points of failure in this issue: the handset manufacturers and the wireless carriers. Example: even if Samsung releases something for your phone, you're still beholden to Verizon Wireless to release their version of that patch.
Google sold their soul in order to try to catch and dampen Apple's momentum in the market, and now that eagerness is stifling the ability to secure an Android.
IT Suicide Bomber
Nothing better justifies the judgment of management in firing/sanctioning an employee than when said employee turns around and pulls a stunt like this in response.
Having done battle with patching in an enterprise environment for years, it's very understandable why this would have been missed. My security team is always ready to demand patching ASAP, but the admins and customer support are always on about "up time", "reliability & availability", "regression testing", and other non-sensical terms. Enough with the hand wringing... Just patch the damn stuff and let God sort it out, I tell them.
So... who are these freeloaders touting "patternless" next-gen AV vendors? Let's name names...
Ahh - I guess Reuters did: www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4
A ringing endorsement of the firm's professionalism. About the same for the researcher.
Remember the days when we believed Linux and open source were the paths to security? Oh, we were so full of hope back then...
This page is immune to complaints made to Facebook...
$5B? Pfftt... that's like 28 F-35 fighters.
USA wants in on this
In fact, I'm surprised we haven't already tried this. BTW - it's an open and shut case as Samsung is crap with regards to Android patching.
US Navy & Windows
Back in 2000 I had the chance to tour the USS Hue City when it was docked in Boston Harbor, as part of a special millenial Tall Ships weekend. We eventually headed down to the "war room" on the ship. This place was really impressive to me because of all the computer equipment. It was equally exciting to see Microsoft Windows NT logon screens on several monitors (I had read an article in Computerworld that the Navy was going to use NT on missile cruisers, and we had made several jokes about re-booting in the middle of a battle and dealing with blue screens when things were going hot and heavy). At the Vanguard Security Expo later that year, Bill Murray (of IBM & Deloitte & Touche fame, not the actor), a recognized national expert in secure computing issues, had stated during a presentation that he would leave the country if the military ever began to rely on Microsoft technology for anything of a strategic nature. I could hardly contain my excitement to point out I'd already seen it in use on a US Navy ship. "God help us..." is all he could mutter to the audience.
At least the clean up is simple
I've been helping a friend get some malware/adware off her Mac. The one positive I can add here is that clean up has been pretty easy compared to the Windows side of things.
Paying crims didn't solve the problem? Wow - who could have anticipated that?
Re: "who was arrested by US law enforcement partners"
As an American citizen, I'd be worried that Mother Russia will attempt to put a few American citizens under her skirt in retaliation.
I'd tend to believe the exec who was actually in the car rather than Delphi, who has something to lose if the story is true. Then again, if Brian WIlliams, formerly of NBC, was in either car, then I'm probably back to believing Delphi.
What an idiot
His "life" of enjoying his toy does not trump someone's right to hold onto their life rather than die because he can't keep his eyes focused on the road. I would like to see those convicted of texting while driving or other e-distractions be charged with attempted manslaughter, as that is what they are doing, they are knowingly putting others at great risk due to their inattention. At the very least, it should result in license suspensions of significant time.
Now how about Flash Player?
Hmm... that's a tough one. How would Google, the handler of VirusTotal, deal with Chrome, another Google product.
Would Google act in their own best interests? I'm stumped...
Re: What exactly
So MS sells them for $70, and the pirates sell for $30. MS then sells for $30, and the pirates drop to $10.
Not a winning strategy, but I agree that at some price point some portion of people are going to be willing to pay for the security of having a genuine MS product rather than a questionable purchase. The problem remains with the folks who are always going to want to pay as little as they can get away with.
Before California gets too high and mighty here, I just had a buddy purchase a Cisco ASA firewall on eBay cheap. He turns it on and finds it has a configuration already in place. Turns out it is from the California Department of Parks & Recreation. No wipe, and the thing was on their network as recently as October 2014. Shining example of security awareness right there.
Re: How much C4
There was a story of an American microbrewery that was using a drone to deliver 12 packs? of beer to ice fishermen in the Great Lakes region, but the plug was pulled on it once the FAA heard about it. http://abcnews.go.com/US/faa-slaps-drone-beer-delivery-service-ice-fishermen/story?id=22314625
How much C4 equals the weight of a 12 pack of beer?
I believe El Reg had an article on how the thought of shooting down a drone easily was a fallacy, at least with rifles/shotguns. It was a topic brought up in the hysteria cloud of Amazon's drone package delivery daydream.
Re: Browser clock?
I seed my PC with some random Mali family's photos and set the default Windows OS to Swedish to throw people off my trail.
"industry-standard security practice "
Really? TFA for servers is like a unicorn: I've heard of it, and seen some illustrations of it, but I've never come across it in real life.
Do I really work in a bubble?