I for one..... Ah, forget it.
22 posts • joined 8 Feb 2011
I don't expect anyone to advertise they have taken up the CREST response service. No-one wants to advertise "We got hacked but we used government approved people to investigate it"
To address your point about take-up of the service. It will work something like this:
1. All companies who process Government material MUST report any breaches to HMG.
2. To ensure confidentiality, those companies must use a CREST approved supplier to perform the investigation / cleanup.
3. CREST suppliers must pay CESG to have their personnel certified and renewed (As they currently do with CLAS and CHECK)
So, in short, I do not expect the scheme to flounder, I expect it to thrive. The additional costs that the company receiving the CREST service will no doubt incur will be passed on to the Government department for which they are subcontracted which, in turn, will come out of our tax pounds. It's just another way to feed our tax money into the OBN.
OK, subject says it all. I doubt these systems administrators are there to ensure confidentiality, they're there for the purposes of availability. Until the systems are reliable enough, scalable enough, etc. they will not be parsing 900 sysadmins.
@localzuk The accepted rate has always been 1 admin per 25 employees. Obviously there are some economies of scale to be achieved here but given the amount of data they're slurping, I would imaging a significant proportion of those admins are purely employed in adding storage and processing nodes.
One final point - the confidentiality that the NSA is referring t - that of the data it is collecting - is *NOT* the data leaked by Snowden, AFAIAA, he has only leaked methods and operational information, not subject information.
May I predict some 'experimental' musician introducing the words "OK Glass, take a picture" into the lyrics of their tracks? Or "OK Glass, signup for [bandname] newsletter" Perhaps "OK Glass, Install [malware/adware/spyware app]"
Or my favourite: "OK Glass, send all my information to [insert goverment agency] then delete my account"
Am I alone in preferring joe over vi? I know, the wordstar-like commands clearly demonstrate my age but I find it SO much easier than vi. It's also laziness, not wanting to learn a new set off key sequences!
Also, a tip of the hat to Slackware since they're mentioned above. Slackware user since 1993.
Paris as we're talking about something easy to use.
Given that it is an obvious lie that '...we have no interest in tracking people' I think it is pretty safe to assume any other utterings from this mouthpiece are also a lie.
It is probably safe to assume that FB, G and many, many others would want to track you and FB and G are the ones that have the best capability to do so.
According to the article, the code is loaded onto a ROM -READ ONLY memory. It is, in fact, an EEPROM, Electrically Eraseable Programmable Read Only Memory. If it was actually READ ONLY, how would the code write to it?
Since it's primarity attacking computers in China, will the three-letter agencies claim it is the Chinese Government attempting to monitor it's people or will China claim it is an attack by the US and it's allies?
Until the NHS get the physical side sorted out, they're never going to get the electronic side sorted out. In the grand scheme of things, a few errant faxes, delivered to other NHS bodies (in the main) are nothing compared to the risks posed by the general public. And heaven forbid they should actually be targetted - it would be far easier than taking candy from a baby.
Interestingly, I have not received any spam apart from the usual stuff from Travelodge, the last being on June 16th.
I guess GMail is doing a good job of blocking it.
Thankfully, I do not use the same password on any sites so that won't be an issue and any credit card associated with Travelodge will have long since expired. I used Travelodge once - never again. It was a hole.
Actually, password length is more important than password complexity.
given two, completely random passwords, one containing only lower case characters and the other containing characters from all the typeable characters, a 10-character lowercase password would be harder to crack than a 7-character complex password. The lowercase password would be considerably easier to remember, too. If you want to take it to extremes, a 14 digit number would be harder to crack than the 7-character complex password.
You try explaining that to a PCI or SOX auditor though!
It is clear that the majority of computer equipment is made in China.
In excess of 70% of retired computer equipment is shipped to China for recycling.
The cost of embedded hardware key logging is trivial.
With these three facts combined, it is not beyond the realms of possibility for the PRC to subvert the manufacturing process to ensure ALL keyboards (or keyboard controller ICs on motherboards) to be manufactured with logging capabilities. It is only a matter of time before the vast majority of keyboards are returned to the PRC for log dumps, providing highly concentrated information, straight text, passwords, etc, for analysis.
Elementary! Although a tin hat icon MIGHT be more appropriate.
Biting the hand that feeds IT © 1998–2020