Re: Companies won't take security seriously...
This will never happen, the rich pay too much
Happy weekend, everyone. Here's a roundup of computer security news beyond everything we've already reported this week. Last week a consortium of biz giants got together to set the bar on computer security because governments weren't getting their act together. Sadly, based on Uncle Sam's actions this week, it's clear such …
This post has been deleted by its author
Now that seems to be a name worthy of being put on my personal whitelist of people to pay attention to.
Encryption is a complicated affair and my own pathetic dabbling in that area has taught me that you need a solid mathematical mind to go about it properly - which I sorely lack. That's one good point for him, but an even better one is that he seems to have principles and is not afraid of standing up for them.
And for us at the same time.
Thanks for that, Moxie.
The one responsible for TextSecure, RedPhone, the Signal Protocol (that even WhatsApp uses for its belated E2EE), Signal Private Messenger - that Moxie Marlinspike?
Have I just got the wrong end of the stick here or do people really not know who he is?
We all move in our own little worlds and have a false sense of "everyone knows/does <something or other that actually only about five people know/do worldwide>" but I thought he was pretty famous thanks to SPM - Snowden and Schneier have both recommended OWS and SPM.
The Word's Online Video function instead opens an Internet Explorer window and plays the video that way.
The downside of this is that a canny adversary can use this window to run a coin miner. It's a bit limited, in that the user has to be actively watching the video for the coin miner to work, but it's a good example of how sneaky these digital thieves are getting.
If your staff are already opening Word documents from outside of the organisation and then following links then you’ve probably already got a bigger problem than someone mining coins.
Not unless the bell rings in the ultrasonic. Though it should be noted that mice can hear, and sing, in the ultrasonic so the mice may well be thinking of using such a bell.
I'm trying to think of any flying mice who prey on terrestrial mice but I cannot think of any so why the mice are thinking of belling the bat is beyond me. Maybe they are simply creeped out by them or they are jealous about the flying thing.
BTW I have the sound files of mice singing, slowed from the ultrasonic. They sing like canaries. The males sing to the females. Ultrasound noise is also known to interfere with romantic entanglements of mice. They stop having nooky so the singing would seem to be necessary or maybe they all have headaches from the noise.
Bounder: So, you're interested in one of our adventure holidays, are you?
Tourist: Yes I'm sorry I can't say the letter 'B'
Tourist: Yes that's right. It's all due to a trauma I suffered when I was a sboolboy. I was attacked by a bat.
Bounder: A cat?
Tourist: No a bat.
Bounder: Can you say the letter 'K'?
Tourist: Oh yes, Khaki, kind, kettle, Kipling, kipper, Kuwait, Keble Bollege Oxford.
Bounder: Why don't you say the letter 'K' instead of the letter 'C'?
Tourist: What you mean.....spell bolour with a K?
Tourist: Kolour. Oh thank you, I never thought of that. What a silly bunt.
"The executive summary is: companies should advise investors of risks, and use law enforcement investigations as an excuse to keep quiet."
What it actually says:
"We also recognize that it may be necessary to cooperate with law enforcement and that ongoing investigation of a cybersecurity incident may affect the scope of disclosure regarding the incident. However, an ongoing internal or external investigation – which often can be lengthy – would not on its own provide a basis for avoiding disclosures of a material cybersecurity incident."
Note the use of the word "not" in there.
"It also virtually identical to the advisory the SEC released in 2011, and the threat landscape, for want of a better buzzword, has changed considerably since then."
What it actually says:
"In addition, we address two topics not developed in the staff’s 2011 guidance, namely the importance of cybersecurity policies and procedures and the application of insider trading prohibitions in the cybersecurity context. "
And a nod to removing generic language:
"We expect companies to provide disclosure that is tailored to their particular cybersecurity risks and incidents. As the Commission has previously stated, we “emphasize a company-by-company approach [to disclosure] that allows relevant and material information to be disseminated to investors without boilerplate language or static requirements while preserving completeness and comparability of information across companies.”Companies should avoid generic cybersecurity-related disclosure and provide specific information that is useful to investors."
Some previous wiggle room got removed:
"For example, if a company previously experienced a material cybersecurity incident involving denial-of-service, it likely would not be sufficient for the company to disclose that there is a risk that a denial-of-service incident may occur."
And a smackdown to Equifax:
"Additionally, directors, officers, and other corporate insiders must not trade a public company’s securities while in possession of material nonpublic information, which may include knowledge regarding a significant cybersecurity incident experienced by the company."
Note the use of the word "must" in there, a term rarely used in government guidance?
Perhaps a vulture needs new glasses or read the 2011 guidance by mistake. :-)
"I feel like this article is not quite up to the Reg's usual bar of quality, what with the copious spelling and grammatical errors and misinformation."
Argh, ok, we'll go back over it. It was a Friday afternoon piece - but that's no excuse.
Only 20%-25% of the furry community actually "fursuit" or cosplay. So that "people who dress up" line is an old, tired, inaccurate statement. (Yeah, I sent the correction in)
More info from Anthrocon: https://www.anthrocon.org/what-is-furry/
To go on a bit of a digression, even in the furry community fursuits are often viewed as niche or even creepy. Doing it at a convention or other public event is no different than cosplaying and is usually done for similar reasons; you will find many fursuiters that don't believe they are anything but human, and do it for the fun and the community. There certainly are those that dress up to try and let out their "true selves" but these people are much less outspoken now and harder to find among the masses of those that aren't like them. Furthermore, the ratio of people that "yiff" in their suits to those that don't has drastically widened since the culture has become more mainstream.
In modern parlance, "furries" generally defines a community and subculture of people that appreciate and enjoy anthropomorphic arts. Some are just in it for the art and community, or as a vector to finding an identity; others believe they're "otherkin" and either identify as another species, think they're in the wrong body, or were another species in a past life; some enjoy putting on fursuits, either for fun, to show off at cons, or because they feel it helps them connect with their inner self, spirit animal, etc; and of course, a percent enjoys the more dirty side of things, as is true with any fandom or subculture... But even then, most people stick to drawings.