AGile, CLoud based, one more for Modern Software Bingo ....
Posts by EnviableOne
2001 publicly visible posts • joined 28 Jan 2016
Page:
Capita finally finds buyer for education software biz, private equity Montagu to pay £400m
World+dog share in collective panic attack as Google slides off the face of the internet
Japan pours millions into AI-powered dating to get its people making babies again
How'd they do that? It's classified: Microsoft's Azure cloud goes Top Secret
CentOS project changes focus, no more rebuild of Red Hat Enterprise Linux – you'll have to flow with the Stream
Trumpian politics continue as senators advance controversial Republican FCC commissioner nominee
Four or so things we found interesting about Qualcomm's Snapdragon 888, its latest 5G chip for high-end Androids
President Trump's rushed-through H-1B techie visa crackdown halted by federal judge
The system is broken, but....
the system may be broken, but it has been for a long time.
the Trump admin's case that this is an emergency, so they dont need to consult, is laughable, and the court got it right.
if theyd started this earlier in the administration rather than all the wall nonsense and muslim bans, they might have actually done some good.
if they had done their due consultation, this system might actually have worked, Higest paid or most needed proffesions prioritised requirement of sallary at 110-115% of market rate for the role, and wide industry acceptance and it would have sailed through.
rushing through with wildy unworkable limts and no consultation, its a joke.
Supreme Court mulls whether a cop looking up a license plate for cash is equivalent to watching Instagram at work
Re: They have far more important things to worry about here
exactly, the government defined the requirement of a "substantial meal," without defining the term
its up to the court to decide on the definition of substantial and meal should a case were somone is prosecuted under that statute appear before them and a hgiher court has yet to make that determination.
Cayman Islands investment fund left entire filestore viewable by world+dog in unsecured Azure blob
Cyberup campaign: 80% of infosec pros fear they might fall foul of UK's outdated Computer Misuse Act
Re: let's just make everything a crime
thats the problem with the current CMA, effectivley every action you take can be considered in one of the 5 offenses:
1.Unauthorised access to computer material.
2.Unauthorised access with intent to commit or facilitate commission of further offences.
3.Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
3za.Unauthorised acts causing, or creating risk of, serious damage
3a,Making, supplying or obtaining articles for use in offence under 1,3,3za
the definititions are to broad and the penalties too lenient.
basically its the worst of both worlds, we can charge you with CMA violations for everything, but all you get is a slap on the wrist, wheras fraud charges have a better scale, and considerably larger maximums
Compsci guru wants 'right to be forgotten' for old email, urges Google and friends to expire, reveal crypto-keys
Rotate Yes, Release No
Rotate your keys, retire old ones, but dont release them, its just a faf on.
I rotate keys about every 6 months, and have 1 active, and othe onld one in dns, so after a year, the keys just arent there anymore.
DKIM is a point in time solution to verify the email is comming from who it said it did, it is not an ongoing proof of this.
So on my domain, if the email hasnt arrived or been checked in 1 year, DKIM wont verify as the selector wont exist, or if it does, it will have a different key.
why release the keys, it makes no sense to, as DKIM has no use for the private key after the message is signed, and the public one is sitting there in DNS untill its no longer useful.
It's better to burn out than fade Huawei: UK rolls out schedule for rip-and-replace rules
£1.3bn National Cyber Security Strategy? Meh – we're looking at 2021, Cabinet Office shrugs
Britain is on the brink of a fundamental shift in how both public and private sectors approach the topic of cyber security. ®
FTFY
The publik and private sector will not change until they are made to, cyber security approach is categorised as an IT problem, untill it becomes a business problem (I.e. it happened to us) and then rapidly declines in intrest, untill we dont need to worry about that anymoreism comes back.
they put off using wanacry as a stick to beat people with, "becuase of other things" and they keep doing it. Untill someone actually makes them, as happened with health and saftey, cyber security will be seen as a lip service, cost centre and not go beyoond the obligatory conversation at a board meeting,
"Right, Cyber security. We've discussed that now, make sure the minutes reflect it...."
UK infoseccer launches petition asking government not to backdoor encryption
The price is right? Capita confirms Education Software back in talks with new bidder
Arriving in 2021, the UK's Digital Markets Unit 'could' start to do something about the power of online ad giants
Re: Good idea but will it have teeth?
this being the UK, there will be so many people with vested intrests and no-one with any specialist knowledge involved in drafting the legislation, that the chances of it having even baby teeth are near to zero, but starnger things have happened.
We can but live in hope .....
Off to find the hope ----------->
Re: Good idea but will it have teeth?
the UK may be worth some money to Google/FB et al, but there is doubt wether extra legislation is worth abiding by for a market of 67million (well more like 47 when you discount the, technophobes, incapables and incompetents)
wheras if the law is european based, then thats a market you can't afford just to pull out of
It's been an Honor serving with you but you're our 'competitors' now, Huawei tells its sawn-off mobile limb
Dont worry about Huawei
The chinese government actually have to convince them to do things
Worrry about ZTE, who power most of 3G and hold a lot of 4G patents, they are 48.5% owned buy two PRC government companies.
plus the only company and country proven to tamper with equipment for inteligence purposes, are the USA and Cisco.
Privacy campaigner flags concerns about Microsoft's creepy Productivity Score
China 'firmly opposes' India's new round of app bans, says it has violated trade laws
That other controversial Chinese telco: The FCC rejects ZTE's petition against its 'national security threat' designation
they may have a point with ZTE
ZTE are woeful, there corporate attitude sucks, their board imploded, their kit is cheap and kinda works.
They have been prosecuted successfully, before the Cheeto turned up, for breaking international sanctions, and have had some high profile holes.
ZTE are still actually part owned by the chinese state, unlike huawei, and can be directly controlled as through two state-owned corporations they own 48.5% of ZTE stock and can appoint 5 out 9 board members.
Ticketmaster: We're not liable for credit card badness because the hack straddled GDPR day
Northern Ireland announces £165m full-fibre rollout funded by 2017 DUP agreement with Theresa May's UK government
The ones who brought you Let's Encrypt, bring you: Tools for gathering anonymized app usage metrics from netizens
Re: deanonymising
if it can be de-annonymised, it hasn't been properly anonymised in the first place.
with some data sets, they are so small, or the number of indicators collected is so large, that you can identify an individual. like say a Specific Cancer type case statistics traced to Postcode level
There are legitamate uses for bulk telemetry data, and they will drive product improvement, however, currently this data can be easily traced back to you, with this technology, it can't.
Google yanks Apple Silicon Chrome port after browser is found to 'crash unexpectedly'
Hard to believe but Congress just approved an IoT security law and it doesn't totally suck
AMD performance plummets when relying on battery power, says Intel. Let's take a closer look at those stats
Telcos face £100k-a-day fines unless they obey new UK.gov rules on how to deploy Huawei 5G gear in their networks
Re: Security?
HCSEC has been run by GCHQ and paid for by Huawei since 2013, and they have basically said, while their kit is efficent and cheap, their coding practices are a mess and if any back doors were intentional, they would be hard to distinguish from the not so intentional ones.
The Chinese requirements on their companies are no more than the US have under various laws and definatley no more than RIPA and DEA allow in the UK, the enforcement regieme may be a little more thourough ....
Basically, Huawei have the best kit, which also happens to be cheaper and on better finance terms.
Its also expensive kit to replace and has been part of our networks for a long time.
So if the UK really wants to start its independent way in the world by distancing China along with the EU, and not really having the US in its corner anymore .....
Back to smoke signals
Ok so over 70 % of the VDSL fibre muxes in UK cabinets are Huawei (and aparently rising)
and about 30-50% of the DSLAMs in uk exchanges (for DSL max)
so its going to be time for Popcorn if the ministry of fun go all medieval on "high risk" vendors, and smoke signals.
BTW cisco who have anothe 40% of the DSLAMs are the only vendor to have been proven to be manipulated by security agencies, but somehow they are not "High Risk"
America's largest radio telescope close to collapse as engineers race to fix fraying cables
Not on your Zoom, not on Teams, not Google Meet, not BlueJeans. WebEx, Skype and Houseparty make us itch. No, not FaceTime, not even Twitch
Theres two completley different experiences
there is what people are calling video confrencing (ala WebEx, Zoom, etc.) which is auful and de humanising, but portable and accessable.
and then there is what used to be video confrencing, which is more akin to Telepresence, a fully immersive experince that cost $$$$$ and creates an experience as if everyone is in the same room, but you are actually miles apart. This needs light balancing, specific fabrics, carefully placed array mics and PTZ cameras, along with MTUs, QoS and possibly dedicated links. All the kit talks via SIP or H.323, so there is interoperability, but encoding is where it gets proprietary, and everyone has their own pet.....
Zoom etc have made it acessible, but at the expense of the experience.
Micropayments company Coil distributes new privacy policy with email that puts users' addresses in the ‘To:’ field
Somebody's Russian to meddle with UK coronavirus vaccine efforts, but GCHQ won't take it lying down
Zoom strong-armed by US watchdog to beef up security after boasting of end-to-end encryption that didn't exist
Apple cracks down on iOS terminal apps because they can download code
I have, this is the last in a long line of Apple arbitarilly changing the goalposts.
They are consuer devices and always have been, IMHO Android is just as bad, but not as pervasive, Apple's issues stretch across all their products, not just mobile
stuff on the corp network needs to be capable of doing the job, securely, reliably and efficently.
thats about a consistant ruleset and playing well with others, neither of which are apple's stong points
Let's Encrypt warns about a third of Android devices will from next year stumble over sites that use its certs
Re: No updates for 4 years...
Current version of android is 11, been out since october
version 7 was released in 2016, and is no longer supported by Google, can't blame OEMs here.
I wouldnt be running anything below 7.1.1 in a corporate environment anyway (where Android for work started)
TBF if it was an iThingy was still runing iOS 10, it'd as insecure as an insecure thing now too.
Even if you got it on the newest device, the iPhone 7 is on the chopping block on the next round anyway....
Ransomware crims read our bank balance and demanded the lot, reveals Scotland's Dundee and Angus College
Re: Cyber Essentials
Even CE+ which is externallly assessed wont protect you against someone targeting you speificially.
It will however put you in a good place to resist untargeted or random attacks, in the sense, that yyou will be harder to hit than some others.
CE is just that, its the basics, and if you are doing them right, you need to start working towards something more substantial, like 10 steps, CIS top 20, and on to ISO27000 and others....