Re: Thumbs up
From the comments: "Please be aware there is an active, time-sensitive contract negotiation linked to this matter."
That's not about a clear risk to customer data, that's about pandering to a big customer.
42 posts • joined 29 Mar 2007
There's no legitimate reason for cloud storage or webmail providers to be accessible from the same system as the payroll data. USB locks are readily available and easy to install. Something like payroll data should be easily auditable for any access or printing.
You're right, it's almost impossible to actually stop somebody who is determined to get data out. That doesn't mean you don't bother putting in any precautions at all.
Morrisons provided him with credentials which gave him the privileges required to log in and access payroll data. Morrisons configured his PC so that he could just plug in a USB stick and copy whatever they wanted to it. Morrisons therefore allowed him, by the granting of privileges, to copy payroll data to a USB stick and walk out the door with it.
Seems to me that the granting of privileges is the line where they're acting on behalf of the company. Presumably, I couldn't simply walk into Morrisons head office with a USB stick and do what this guy did. He's used privileges granted to him by Morrisons specifically for the purpose of accessing that data. He is responsible for his behaviour while he has that acces, but Morrisons are ultimately responsible for the breach because they gave him the access.
If they really believed it was as simple as "Look guys, just give us access so we can stop the terrorists", they wouldn't go to the trouble of issuing communique's with veiled threats of legislation for non-compliance - they'd just jump directly to legislation. They know exactly what they're doing and they don't want a backdoor. They want a culture shift so that encrypted messaging goes away completely, so that the very presence of encryption is a cause for interest.
All these stories about tech companies refusing to help isn't aimed at you - it's aimed at the man on the Clapham omnibus. They want him to ask why Whatsapp messages use end-to-end encryption in the first place - why this is a concern now when a couple of years ago he could just send an SMS and it worked exactly the same but didn't help the terrorists and pedophiles. They want broad consumer support in place before they legislate against the use of end-to-end encryption in consumer messaging products.
They know they'll never stop encryption - that's not the goal. They just want it so that nothing on the app stores use end to end encryption, so anybody left who does still use it becomes interesting again.
While it might be illegal in every state to encourage suicide, presumably the punishment is considerably lower than the punishment for manslaughter/murder. Also, even if the encouragement was successful, there would usually be some difficulty in establishing the encouragement as a significant factor in the victims decision to take their own life. This case is rather unique in that her actions went a long way beyond encouragement - she bombarded him with texts demanding that he take the next step towards suicide and berating him when he failed to do so. It's also compounded by the fact that he expressed his own desire not to go through with it, and she did everything she could to persuade him to do so.
"More interesting would have been Amazon saying there was simply nothing to produce. Telling that they are using legal weasel words instead"
That doesn't really raise any red flags for me. I'd probably be more concerned if they did simply say there's nothing to provide - that would mean they at least got as far as looking. In a company the size of Amazon, there should be no reason for the legal guys to have access to Alexa data, and whether or not the data exists shouldn't have any bearing on their response. So at this time, it looks to me like they're doing the right thing.
The fun part will be if they get dragged through the courts, ordered to release the data anyway, and *then* turn round and say "Sorry...nothing there"
I've had a couple of call outs when I've either been the wrong team or not on call. I *always* make a point of getting it properly logged even if I'm not the right team. Occasionally, the helpdesk have realised I'm the wrong person and tried the apology followed by a quick hang up approach. That results in them getting called back to get the ticket reference.
I don't have a problem with them waking me up at 3am for something that isn't my problem, but I'll be damned if they're going to worm their way out of paying me for it.
Well of course you'd be happy with that. Because "accepting the status quo" is the entire position of Remain, so it wouldn't be a tie at all.
What you're actually saying is "50% isn't enough to oppose what I want to do, my vote should win unless at least 55% (60%? 75%? 99%?) agree with my point of view.
The driver vs cyclist argument is always fun to read. The problem isn't that either one group is worse at their chosen mode of transport, it's that particular subsets of those groups (cyclist hating drivers and driver hating cyclists) are both so very vocal.
And then you get idiots like Wolf Simpson (youtube him) who have no road sense of which to speak, but prefer to abuse other road users rather than addressing their own shortcomings.
> Sure, the cyclist should have lights on but even if he doesn't case law is clear that you are still at fault if you hit him.
And this attitude right here is the problem. It's not a question of right and wrong, it's a question of self preservation. "I had priority and it was totally the other guys fault!" makes for a shitty epitaph.
It's the implementation and marketing that's poor. You can't just introduce built-in facial recognition as a standard feature and not expect a backlash.
The right way to do it would have been to ship the standard box without the camera, and have an add-on camera available for an extra £10 or so. Target it at families with selling points such as "Get suggestions that *you* want to watch, not your whole family", "Automatically block your kids from seeing adult content." and "Save energy by automatically powering off when you fall asleep in front of the TV"
Before long, you'll have parents wanting you to implement features that stop the TV from working when Little Johnny covers the camera, and casual users loving the extra convenience. When it's mainstream, you can quietly get bought out by Google without anyone batting an eyelid.
I currently have subscriptions to Netflix, NowTV, and Sky Sports TV on iPad. The article suggests that only certain content providers will be chargable. If my subscription gets me all those providers for $5/month, that seems fair to me if it motivates the providers to add more content. If I have to pay $5 for Fox, another $5 for HBO etc, then it won't work.
Sure, deleting the data is probably fairly trivial and cheap. The vast majority of the cost is likely to be getting rid of the physical DNA samples. This is biological waste, you can't just leave it out for the binmen. Add to that the fact that the samples need to be securely destroyed to make sure they don't accidentally end up on some health insurance database somewhere, and this doesn't seem like such a huge figure. For government spending, at least.
Had the uploaded footage been raw CCTV, the mall at least would probably be in serious trouble for not securing that data. However, the fact that we can hear the staff talking over it means that what got uploaded wasn't raw footage. Rather, I suspect someone filmed the playback on their phone, which they then uploaded.
The mall can very easily argue that their security staff need to be able to review footage, and there's no way they can reasonably stop someone from filming it on their phone. Sure, there's a good chance that the person who filmed it could be fired, but I don't see it going any further than that.
I started a new contract with T-Mobile about 2 months ago. Previously I'd been on O2, and in 5-6 years I'd never had a single cold call. Within a week of moving, I was getting cold calls from one particular number offering me an 'upgrade'.
At least now I know how they got my details.
I just upgraded my firmware, and I thought the same - "I don't use any of the jailbroken stuff, so why bother?" After the upgrade, I remembered.
I jailbreak my iPod Touch because of the French. More specifically, because of their silly law that means the iPod ships with the volume limit enforced at 70% in the EU. I like my music loud, and I'm not going to let a frenchman stop me having it that way.
"the government now needs to seriously consider whether filtering software has reached the point where some elements of internet policing may safely be placed back in the hands of parents"
When exactly was it taken out of the hands of parents? Or does the government just assume control regardless?
When I tried it, I purposely attempted to visit an infected site to see what would happen. First, the bad sites were immediately flagged as bad in Google results - the good sites took a few seconds to be checked. This would indicate that the bad sites get added to a database and then ignored for a bit, while the good sites have to suffer continuous scans.
Then, when I clicked a link to a bad site, I saw an AVG page warning me that, if I attempted to visit the site without adequate security software, "Such as AVG", then I was leaving myself at risk of infection. Umm...hang on. Clearly I *have* adequate security software - that's what's warning me, after all. So where's the benefit of pre-scanning?
Since we all accept that visiting certain websites can be a security risk, how exactly is my security helped when the very software that's supposed to be protecting me is visiting all these sites on my behalf?
If a vulnerability in the scanning engine were discovered, a user wouldn't even need to visit an affected site to be infected. From their site: "AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time." - so it would be enough for someone to send you a link in email or IM for you to be attacked.
From their blurb: AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time.
So it seems like it's more than just your search results that get scanned. You just only get told about it when it's search results.
Not wanting to criticise without trying, I've downloaded this and done a little checking. Sure enough, on a typical google search, you get a little AJAX-looking progress circle next to each link - these gradually turn to green ticks after a few seconds, and yes, this also happens on sponsored links.
However, do a search for the stuff that's likely to host malware - in my case, i chose the word "warez" - and only a few entries show the AJAX progress circle. All the bad ones immediately have a big red cross next to them. Combined with the fact that, during installation, AVG asks for permission to update Grisoft with information about the threat levels of sites you visit, and the logical conclusion is that Grisoft are maintaining a database of known bad sites, and is using its userbase to do the data mining for them.
Unfortunately, it seems that while they gave the bad guys a bandwidth break by blacklisting them for some unknown period of time, the good guys get scanned every time. Which seems to me like a very poor scenario indeed.
My approach to dealing with this is to cancel my Adwords account, and advise Google of my reasons for doing so. If enough advertisers hit Google in the pocket, I suspect they'll look at addressing this on behalf of *their* customers.
"In relation to your claim that your computer was hacked into, we regret that the security of your computer is not our concern. It is your responsibility to ensure that your computer is protected at all times."
I appreciate that the security of my computer is not your concern. Irresponsible though it may be, it is not unlawful to have an (unpatched computer/open wifi network/insert excuse here). I am able to provide evidence to back up my situation, and I am confident that, on the balance of probabilities (the level of proof required for civil cases), I can show that the actions you suggest were not carried out by me, and that I have no liability to your client.
In answer to your request for compensation, I refer you to the case of Arkell v Pressdram.
Biting the hand that feeds IT © 1998–2020