Re: We encourage all customers not to use the same password for multiple sites
I always put myself down as Michael Mouse, email address firstname.lastname@example.org.
If that doesn't work, then Michael Souris, email@example.com.
17 posts • joined 30 Oct 2016
One particularly irksome colleague in a job far far away played golf on his work PC on a regular basis.
Someone (who, me?) added a "golf.bat" and changed precedence so it ran before the golf.com or gold.exe, whichever it was.
The golf.bat said something like "you're playing games in work time, your hard disk will be deleted", then paused for a moment and ran chkdsk /f in silent mode.
Time from starting playing golf to punching the power button - about 2 seconds, perhaps less.
"Just a continuation of the inexorable raising of the level of the presented interfaces in all hardware and software systems over time"
Yep, while underneath the complexities are very real. How many folks can use a browser to buy something over the Internet, compared with how many understand the interactions end to end which achieve that result? And the skills to understand that are few and far between.
It's what caught RBS out some years ago - no-one understood the whole picture in detail so each bit worked but the whole didn't.
Blocking an external management interface from direct access from the internet is an absolute must. If you have to, VPN access to the box and do it that way. If nothing else the logs on the box fill up with denied SSH requests and the filesystem gets to 100% and the box does funny things up to and including becoming unresponsive...
There are tools available commercially *now* which can protect endpoints of all sorts (laptops, servers, workstations, IoT, SCADA, ....) but a lot of customers are in the "I've got A/V, I'm sorted". No good if the A/V doesn't have a signature for the malware being used against them.
"You haven't had the right to silence since 1994. You don't have to speak, but you'll be considered guilty if you don't."
Not quite. You still have the right to remain silent. But if you go "no comment" in an interview then drag something up in court which you knew but didn't mention during or after the interview, the court can infer adverse things from it.
You will be considered innocent, in the court's eyes, unless there is evidence beyond reasonable doubt that you are guilty. And it's the police service's job to find that evidence, not yours to provide evidence of innocence.
That said, I do think in the case referred to in the article that it's stretching things to suspect the gent involved of terrorism when apparently all he's done is to interview someone with potential evidence of US involvement in torture, in a similar manner to David Miranda's detention some years ago at Heathrow.
One chap in my office used to come back after lunch and play a golf game on his MS-DOS (that's how far back it was) computer.
As it was launched from the command line I renamed GOLF.EXE to something silly, and made a "GOLF.BAT" which 1) displayed a message saying company policy precluded playing of games, 2) displayed a message saying the hard disk would be wiped, 3) ran "CHKDSK /F" silently, to make the hard disk sound like it was working really hard.
Cue the amusement when he came back from lunch, sat down, and inside about 15 seconds swore loudly and turned the computer off at the mains. He was the sort of individual who didn't react positively to having the piss taken.
Biting the hand that feeds IT © 1998–2019