Re: Thumbs up
From the comments: "Please be aware there is an active, time-sensitive contract negotiation linked to this matter."
That's not about a clear risk to customer data, that's about pandering to a big customer.
Posts by TimB
42 publicly visible posts • joined 29 Mar 2007
Senior GitLab exec resigns over plan to stop hiring engineers in China and Russia
Morrisons tells top court it's not liable for staffer who nicked payroll data of 100,000 employees
Monday 11th November 2019 12:35 GMT
Re: Depends if decent efforts at data security made by Morrisons
There's no legitimate reason for cloud storage or webmail providers to be accessible from the same system as the payroll data. USB locks are readily available and easy to install. Something like payroll data should be easily auditable for any access or printing.
You're right, it's almost impossible to actually stop somebody who is determined to get data out. That doesn't mean you don't bother putting in any precautions at all.
Monday 11th November 2019 12:29 GMT
Re: Depends if decent efforts at data security made by Morrisons
Morrisons provided him with credentials which gave him the privileges required to log in and access payroll data. Morrisons configured his PC so that he could just plug in a USB stick and copy whatever they wanted to it. Morrisons therefore allowed him, by the granting of privileges, to copy payroll data to a USB stick and walk out the door with it.
Monday 11th November 2019 12:19 GMT
Re: Depends if decent efforts at data security made by Morrisons
Seems to me that the granting of privileges is the line where they're acting on behalf of the company. Presumably, I couldn't simply walk into Morrisons head office with a USB stick and do what this guy did. He's used privileges granted to him by Morrisons specifically for the purpose of accessing that data. He is responsible for his behaviour while he has that acces, but Morrisons are ultimately responsible for the breach because they gave him the access.
Spies still super upset they can't get at your encrypted comms data
Tuesday 4th September 2018 08:32 GMT
They know exactly what they're doing
If they really believed it was as simple as "Look guys, just give us access so we can stop the terrorists", they wouldn't go to the trouble of issuing communique's with veiled threats of legislation for non-compliance - they'd just jump directly to legislation. They know exactly what they're doing and they don't want a backdoor. They want a culture shift so that encrypted messaging goes away completely, so that the very presence of encryption is a cause for interest.
All these stories about tech companies refusing to help isn't aimed at you - it's aimed at the man on the Clapham omnibus. They want him to ask why Whatsapp messages use end-to-end encryption in the first place - why this is a concern now when a couple of years ago he could just send an SMS and it worked exactly the same but didn't help the terrorists and pedophiles. They want broad consumer support in place before they legislate against the use of end-to-end encryption in consumer messaging products.
They know they'll never stop encryption - that's not the goal. They just want it so that nothing on the app stores use end to end encryption, so anybody left who does still use it becomes interesting again.
Elon Musk invents bus stop, waits for applause, internet LOLs
Morrisons launches bizarre Yorkshire Pudding pizza thing
Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors
Teen texted boyfriend to kill himself. It worked. Will the law change to deal with digital reality?
Friday 9th June 2017 10:17 GMT
Re: Is american law stupid?
While it might be illegal in every state to encourage suicide, presumably the punishment is considerably lower than the punishment for manslaughter/murder. Also, even if the encouragement was successful, there would usually be some difficulty in establishing the encouragement as a significant factor in the victims decision to take their own life. This case is rather unique in that her actions went a long way beyond encouragement - she bombarded him with texts demanding that he take the next step towards suicide and berating him when he failed to do so. It's also compounded by the fact that he expressed his own desire not to go through with it, and she did everything she could to persuade him to do so.
Machine vs. machine battle has begun to de-fraud the internet of lies
New plastic banknote plans now upsetting environmental campaigners
US cops seek Amazon Echo data for murder inquiry
Saturday 31st December 2016 14:36 GMT
Re: Interesting...
"More interesting would have been Amazon saying there was simply nothing to produce. Telling that they are using legal weasel words instead"
That doesn't really raise any red flags for me. I'd probably be more concerned if they did simply say there's nothing to provide - that would mean they at least got as far as looking. In a company the size of Amazon, there should be no reason for the legal guys to have access to Alexa data, and whether or not the data exists shouldn't have any bearing on their response. So at this time, it looks to me like they're doing the right thing.
The fun part will be if they get dragged through the courts, ordered to release the data anyway, and *then* turn round and say "Sorry...nothing there"
UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor
Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January
'I found the intern curled up on the data centre floor moaning'
Friday 12th August 2016 12:22 GMT
Re: similar to Laura
I've had a couple of call outs when I've either been the wrong team or not on call. I *always* make a point of getting it properly logged even if I'm not the right team. Occasionally, the helpdesk have realised I'm the wrong person and tried the apology followed by a quick hang up approach. That results in them getting called back to get the ticket reference.
I don't have a problem with them waking me up at 3am for something that isn't my problem, but I'll be damned if they're going to worm their way out of paying me for it.
Prominent Brit law firm instructed to block Brexit Article 50 trigger
Tuesday 5th July 2016 13:08 GMT
Re: What a horrible waste of time and money
Well of course you'd be happy with that. Because "accepting the status quo" is the entire position of Remain, so it wouldn't be a tie at all.
What you're actually saying is "50% isn't enough to oppose what I want to do, my vote should win unless at least 55% (60%? 75%? 99%?) agree with my point of view.
Careful - your helmet might get squashed by a Volvo
Monday 22nd December 2014 12:50 GMT
Re: Vitriol
The driver vs cyclist argument is always fun to read. The problem isn't that either one group is worse at their chosen mode of transport, it's that particular subsets of those groups (cyclist hating drivers and driver hating cyclists) are both so very vocal.
And then you get idiots like Wolf Simpson (youtube him) who have no road sense of which to speak, but prefer to abuse other road users rather than addressing their own shortcomings.
Monday 22nd December 2014 12:37 GMT
Re: What a stupid fucking idea....
> Sure, the cyclist should have lights on but even if he doesn't case law is clear that you are still at fault if you hit him.
And this attitude right here is the problem. It's not a question of right and wrong, it's a question of self preservation. "I had priority and it was totally the other guys fault!" makes for a shitty epitaph.
FACEPALM! HP cert used to sign malware
Intel's new TV box to point creepy spy camera at YOUR FACE
Thursday 14th February 2013 15:27 GMT
Nothing wrong with the idea
It's the implementation and marketing that's poor. You can't just introduce built-in facial recognition as a standard feature and not expect a backlash.
The right way to do it would have been to ship the standard box without the camera, and have an add-on camera available for an extra £10 or so. Target it at families with selling points such as "Get suggestions that *you* want to watch, not your whole family", "Automatically block your kids from seeing adult content." and "Save energy by automatically powering off when you fall asleep in front of the TV"
Before long, you'll have parents wanting you to implement features that stop the TV from working when Little Johnny covers the camera, and casual users loving the extra convenience. When it's mainstream, you can quietly get bought out by Google without anyone batting an eyelid.
YouTube's hilarious cat videos could soon cost you $5 a month
Wednesday 30th January 2013 10:57 GMT 
Sounds reasonable
I currently have subscriptions to Netflix, NowTV, and Sky Sports TV on iPad. The article suggests that only certain content providers will be chargable. If my subscription gets me all those providers for $5/month, that seems fair to me if it motivates the providers to add more content. If I have to pay $5 for Fox, another $5 for HBO etc, then it won't work.
APPLE: SCREW YOU, BRITS, everyone else says Samsung copied us
College sticks cloud into geothermal igloo data centre
Deleting 'innocent' DNA will cost £5m
Wednesday 6th April 2011 11:37 GMT
SQL is only half the story
Sure, deleting the data is probably fairly trivial and cheap. The vast majority of the cost is likely to be getting rid of the physical DNA samples. This is biological waste, you can't just leave it out for the binmen. Add to that the fact that the samples need to be securely destroyed to make sure they don't accidentally end up on some health insurance database somewhere, and this doesn't seem like such a huge figure. For government spending, at least.
Photo loss blogger to Flickr: You're f*cking kidding
Texter who fell in fountain threatens to sue
Friday 21st January 2011 14:21 GMT
this is actually more interesting than it looks
Had the uploaded footage been raw CCTV, the mall at least would probably be in serious trouble for not securing that data. However, the fact that we can hear the staff talking over it means that what got uploaded wasn't raw footage. Rather, I suspect someone filmed the playback on their phone, which they then uploaded.
The mall can very easily argue that their security staff need to be able to review footage, and there's no way they can reasonably stop someone from filming it on their phone. Sure, there's a good chance that the person who filmed it could be fired, but I don't see it going any further than that.
Crooks 'too lazy' for crypto
BOFH: Slab happy
T-Mobile coughs to data theft
Wednesday 18th November 2009 12:18 GMT 
So thats where they come from...
I started a new contract with T-Mobile about 2 months ago. Previously I'd been on O2, and in 5-6 years I'd never had a single cold call. Within a week of moving, I was getting cold calls from one particular number offering me an 'upgrade'.
At least now I know how they got my details.
Extortionist targets jailbroken iPhones
Tuesday 3rd November 2009 14:33 GMT
@Annihilator
I just upgraded my firmware, and I thought the same - "I don't use any of the jailbroken stuff, so why bother?" After the upgrade, I remembered.
I jailbreak my iPod Touch because of the French. More specifically, because of their silly law that means the iPod ships with the volume limit enforced at 70% in the EU. I like my music loud, and I'm not going to let a frenchman stop me having it that way.
The good book: How to bet better online
Proof of age system moves net ID a step closer
Friday 25th July 2008 10:52 GMT
Control?
"the government now needs to seriously consider whether filtering software has reached the point where some elements of internet policing may safely be placed back in the hands of parents"
When exactly was it taken out of the hands of parents? Or does the government just assume control regardless?
Devil dog laughs in the face of Taser
AVG fake traffic spares Google AdWords
Friday 20th June 2008 13:13 GMT 
Security Risk
When I tried it, I purposely attempted to visit an infected site to see what would happen. First, the bad sites were immediately flagged as bad in Google results - the good sites took a few seconds to be checked. This would indicate that the bad sites get added to a database and then ignored for a bit, while the good sites have to suffer continuous scans.
Then, when I clicked a link to a bad site, I saw an AVG page warning me that, if I attempted to visit the site without adequate security software, "Such as AVG", then I was leaving myself at risk of infection. Umm...hang on. Clearly I *have* adequate security software - that's what's warning me, after all. So where's the benefit of pre-scanning?
Since we all accept that visiting certain websites can be a security risk, how exactly is my security helped when the very software that's supposed to be protecting me is visiting all these sites on my behalf?
If a vulnerability in the scanning engine were discovered, a user wouldn't even need to visit an affected site to be infected. From their site: "AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time." - so it would be enough for someone to send you a link in email or IM for you to be attacked.
AVG scanner blasts internet with fake traffic
Thursday 19th June 2008 10:30 GMT
Not just search results...
From their blurb: AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time.
So it seems like it's more than just your search results that get scanned. You just only get told about it when it's search results.
Monday 16th June 2008 23:25 GMT
The bad guys seem to get a break...
Not wanting to criticise without trying, I've downloaded this and done a little checking. Sure enough, on a typical google search, you get a little AJAX-looking progress circle next to each link - these gradually turn to green ticks after a few seconds, and yes, this also happens on sponsored links.
However, do a search for the stuff that's likely to host malware - in my case, i chose the word "warez" - and only a few entries show the AJAX progress circle. All the bad ones immediately have a big red cross next to them. Combined with the fact that, during installation, AVG asks for permission to update Grisoft with information about the threat levels of sites you visit, and the logical conclusion is that Grisoft are maintaining a database of known bad sites, and is using its userbase to do the data mining for them.
Unfortunately, it seems that while they gave the bad guys a bandwidth break by blacklisting them for some unknown period of time, the good guys get scanned every time. Which seems to me like a very poor scenario indeed.
My approach to dealing with this is to cancel my Adwords account, and advise Google of my reasons for doing so. If enough advertisers hit Google in the pocket, I suspect they'll look at addressing this on behalf of *their* customers.
Games firm pursues 500 pinball 'pirates' through UK courts
Thursday 29th March 2007 09:57 GMT
My response to their 'letter'
"In relation to your claim that your computer was hacked into, we regret that the security of your computer is not our concern. It is your responsibility to ensure that your computer is protected at all times."
I appreciate that the security of my computer is not your concern. Irresponsible though it may be, it is not unlawful to have an (unpatched computer/open wifi network/insert excuse here). I am able to provide evidence to back up my situation, and I am confident that, on the balance of probabilities (the level of proof required for civil cases), I can show that the actions you suggest were not carried out by me, and that I have no liability to your client.
In answer to your request for compensation, I refer you to the case of Arkell v Pressdram.
Biting the hand that feeds IT
