From past history...
If broadcom have taken over VMWare will be irrelevant within 18 months.
163 publicly visible posts • joined 10 Feb 2010
I'm seeing a lot of confusion here. Equipment generating a self signed certificate doesn't make it a root or even a trusted certificate, tahts why you get browser warnings when you attempt to load the page. Most chromium browsers on windows at least use the default windows certificate store, I think its mostly just firefox thats the hold out and still using its own store. Whatever else happens you are trusting the OS or browser vendor only to only install root certificates that should be trusted. You are then trusting the certificate authorities.
You've always been able to create your own root CA, most large enterprises have a PKI infrastructure of their own, windows domains create certificates that are loaded into your windows certificate store. Most security software now requires the install of a root cert on your machine to peruse and block encrypted bad content. I think its a stretch calling this hidden, you just have to trawl through the certificate store in use.
It is fixable we already know how to fix it, however nobody is keen to actually do what's required. There are no simple easy fixes, we just have to all individually cut down the amount of CO2 and other greenhouses we are responsible for producing. For example suggest to people that they eat less(not no meat at all) and people make out like its a massive inconvenience. We could limit the production of new cars and vans which kick out more CO2 than is required, but I dont see many people signing up to get rid of there gas guzzlers even though nobody really needs a 3 litre V8. We have tech titans like Bill Gates telling the rest of us this is important whilst sat on his yacht with a small group of people pumping out CO2 thats the equivalent of a small town, Or billionaires many who were already in Rome taking their private jets individually to Scotland for COP26. Most people agree we need to do something but its everyone else that should cut consumption not them.
So an attacker would have to get physical access to your environment, locate the actual cable(and I'm guessing isolate it enough from other cables so there wouldn't be too much interference) then slow your traffic to a crawl, and force you to use unencrypted UDP traffic. Given that pretty much everyone secures there locations these days anyway and if they hadn't you could easily slip in a network tap, and if you had physical access there is a whole load of other things you could do that would be far more efficient and effective I wont lose much sleep over this one. Its kinda cool and its very novel but I can't see it overtaking ransomware as the top threat for CIOs and being added to the CISSP/CISM course material anytime soon.
Oh and realistically how much traffic these days actually flows over a network unencrypted anyway? Even browsing static web pages has moved over to TLS secured now for the most part.
I'm not saying I agree with it but legally for them to have a monopoly they'd have to have a monopoly on hardware supply which they do not, they don't even have a dominant market position as android outsells them substantially. People do have the choice not to be tied down. I've switched back to Android as previously I took the point of view that I'd rather have regular OS updates rather than a carrier or manufacturer taking there time releasing them. Now even before pegasus I'd changed my mind given a lot of information about memory resident malware in ios devices, at least with android you can have 3rd party security solutions such as bit defender. From a security perspective you really are piling all your eggs and trust in one basket with ios devices you have to trust that apple wont let anything slip onto the app store and in practice I dont see how they can realistically keep all malware out, and thats not even considering memory resident malware or transient stuff downloaded via the web or 0day exploits via whatsapp etc. I just feel the security model on apple ios devices is currently flawed, I dont think android is perfect but I think android plus some additional security software and keeping it all updated is probably safer than apple now.
Regardless of what epic has or hasn't done with other people, I actually think they have a point here what is the justification for apple or google's 30% cut on everything sold via the play store and then microtransactions for digital content. Appreciate they are processing payments for the developers, appreciate they are hosting an infrastructure as well to download and keep upto date the apps and content. However 30% seems a little high for what is being provided especially given the lack of any real competition. For micropayments for digital content it has even less basis as its not like they hosting or providing updates for books purchased via kindle, or providing anything other than payment processing for game microtransactions
On the other hand for business they have a plethora of options most of which bundle in other capabilities into neat little package ie google apps or microsoft 365. Whilst there are some that might just want a cloud drive and the ability to share files most organisations seem to want more than that and currently the big drive in organisations is for convergence of services instead of having 100 different providers and having to manage multiple contracts and having to somehow integrate hundreds of apps they can goto a handful of vendors.
I think you also have to be able to demonstrate where that cost is derived. If you want someone to repay an external training course where you have directly paid out for example 3k to a CISCO partner for the ICND courses is easy to justify. Where you've told someone who is unpaid here are a few online seminars with one of our people who has limited experience thats far harder to justify. Where do you get that cost from? When breaking a contract generally you have to be able to account for direct losses you are trying to recoup. An internal trainer shared across numerous people is unlikely to amount to that much.
Well I can see the attraction for device manufacturers of apple's model with ARM in consumer products stick everything including RAM on the SOC, that way you have to replace the whole device just to add some RAM... As for the server chips again we've known for years ARM is far more energy efficient if that saving is passed onto the customer if you are a large customer scaling to hundreds or thousands of machines thats a lot of saving!
No ALG is a service that runs on various firewalls and proxies that allows devices sitting behind a hide NAT to work with the SIP protocol which requires an inbound connection for VOIP calls. It sits and brokers the connection by listening into the packet stream on the initiation of a SIP session and dynamically opens up inbound service ports as required similar to uPNP. You don't need it for skype, or a lot of the consumer application based voice services. In many cases assuming your router isnt horribly hobbled you can probably turn it off, although some people might have corporate VOIP systems and some people even have home VOIP systems. I know when I've seen it in corporate environments before normally the actual server is behind a corporate firewall and requires users to VPN in, meaning the ALG would probably not be needed.
Well I'd guess this can't be a very common problem otherwise it would probably happen far more frequently and every engineer would be trained to look for this first. In every diagnostic field you always get that problem that crops up once every 10 years do you test for it every time, or do you attempt the fixes that work the other 9,999 times out of 10,000 ?
True I suspect this will cause a problem with forescout and pulse NAC. Also maybe other network discovery tools which base the results on MAC addresses, as upto now its been about the only static fingerprint for networked devices. Oh and thinking of it, it will potentially cause problems with DHCP if for some reason you are assigning static IP addresses to iOS and Android devices, not commonly done but maybe for VIPs in large organisations. Assigning static IP addresses and allowing URL filtering rules and firewall rules based on an IP is easier than going down the whole rule of user authentication on devices or full blown NAC functionality.
I think google and apple have the same policies if its purchased via the app it has to go through there store. However you have always been able to pay direct through a browser. For example with kindle and the amazon app you can't buy ebooks, however if you open chrome or safari on your mobile or tablet you can still purchase direct from amazon.
This is nothing more than an attempt by apple to enforce there 30% revenue stream from app developers. I mean basically they provide the hardware and OS. Charge users a premium then enforce any purchases through apps on the platform gives them 30% great business model if you can keep it going...
I've used logitech mice and keyboards for years. Currently using a G910 which also has nice old school feel with noisy keys which hark back to the old IBM keyboards. You really can't go wrong with logitech in my experience. Some linux software for the lighting functionality would be nice though I have to admit although appreciate it will probably never happen.
As most Post Offices are franchise type businesses not entirely sure health and safety laws and a duty of care would apply in most cases ? What might apply is if the people in the relevant positions in Fujitsu and the post offices were aware of the problems and actively covered things up "Attempting to pervert the course of justice" or potentially for post office position holders as they were technically at the time a public body "Misconduct in a public office"? Maybe even perjury although for that they would have had to given evidence in the first place and lied in court.
Given the time that has elapsed, in all probability given the turnover of directors and senior managers in corporate Britain those responsible will have either retired or moved onto pastures new at least 10 years ago. When is the last time you saw someone at director level or above stay in post for more than 5 years in big business Britain ? They've already moved on to mess things up somewhere else...
Not a snowballs chance in hell I'm installing this government sanctioned spyware. I dont trust central government databases just look at the misuse of the police PNC. Look at the misuse of personal data from projects connected to vote leave and Cummings and I believe him and his cohorts have some fingers in this pie as well. You can only trust the security of your data if you trust the people that have access to it. I dont therefore I wont be going anywhere near this.
Which is fine if you don't want customers who have ipads and iphones to access your content. Even people with macs would have to download an alternate browser or be continually pestered about insecure web pages. Not a great look for your company. Granted its good practice to regularly replace your certs but its a bit more of a pain if you are intercepting TLS on a load balancer/firewall/IPS or similar as they don't all support automatic certificate re-enrolment. Even if they do, you don't necessarily want to hand over your CA credentials to another organisation that is running your network/security devices if you aren't running them in house.
They probably do have other work but if it's not UK government it can probably be done offshore. Why pay someone in the UK when you can pay someone in Asia or even Eastern Europe a tenth of what it costs to employ someone in the UK? Not my personal rationale as my experience is it often costs more in customer satisfaction, or more direct losses when you hastily have to pay onshore rates because the offshore teams just don't perform to the same standard, but well it looks good on the figures for this financial year so we'll just worry about the numbers for next year, well in 3 months time...
That sound old bloke Nige down the pub was drinking a pint of London's finest, smoking a faaag telling us all how it was all project fear mark 2. Mark his words everything will be fine and suddenly UK trade will go through the roof. Dont worry about little things like data protection regulations, boats to move stuff around etc, this old bloke obviously knew what he was talking about as he used to sell shit on the commodities market and has just spent the last 20 years talking about stuff he has no actual experience of!
The difference is ios only has a small overall market share. The reason microsoft get a kicking is because they have a monopoly on the desktop OS market. If you have a dominant or monopoly position on one product you cannot use that to attempt to get a monopoly in another market.
Will senior management accept that there is a finite amount of resource so if the amount of change exhausts the amount of resource then no more work can be done? No it will be business as usual pushing for more and more work to be done quickly so it can be billed. Those same senior management will then blame the overworked stressed workers that make a mistake due to having to much work and too little time.
I'd guess in practice you'd need some sort of marking system to decide how critical a patch was and something thats easy for a customer to understand ie 1-10 with anything above 5 being installed within a suitable window. ie give people a week or a month grace before it invalidates there insurance.