Re: Real life example
There is a great deal of difference between what auditors should know and do and what they do know and do.
78 posts • joined 25 Oct 2011
This reminds me of the long fight between WWF (Animals) and WWF (Wrasslin') over WWF.com.
Obviously someone high up at WWF (Animals) had decided they should have it, come what may.
The arguments made by WWF (Animals) were long and, at times, convincing. It was all politics though.
The WWF.com domain has never been used to point to the animals site.
The same here. I don't think Brazil or any of the countries actually have any plans to use the domain.
it is just silly politics.
"What's unclear? Many, maybe most, of the vulnerable devices won't be fixed -- ever."
Yeah, but it is also clear most handsets wont also be pwned, and most users wont care or know either way.
I know us lot like to think that everyone should be super security savvy and fully alert about their data, but most people just don't care - unless it has an explicit and noticeable effect upon them.
Certainly, I don't think your solution is the right one. Shutting yourself off from the world is not the answer, and neither is overplaying the threat.
Are the risks of someone getting some/all of your data proportional to your actions?
I don't think so personally. But hey, each to their own.
They specialise in the cloud though.
Securing clouds is HARD and there are groups that take advantage of that. Some of those groups are state backed, some are - essentially - private enterprise.
In the early days of 'the cloud' I remember seeing a great example of lateral thinking for a 'hack'
The provider was pretty good with the security on the live servers.
If you hired a box in the same data centre as your target though, and then purchased backup services you could, given the right skills, follow that route to a backup box shared with your target...
The security on that box was not as good as live.
LEGO sets will usually have a few extra bits, almost always the smallest parts.
It is due to the way they pack the sets and that they decide a while ago it was better (and cheaper) to have extra bits in then have people upset they are missing a bit. (As happened during the dark days of LEGO when the company was struggling)
Over time they add up to a lot of pieces.
I know I have a bag full of 'extra bits' that is scarily large!
Given their history with buying companies and running them in to the ground HP should have to pay a premium if buying a business.
If I were a shareholder I would want 4x what it is worth from HP to compensate me for future losses.
So if a company is worth around $3billion I would demand HP offered $12billion.
Hang on, have we discovered how the Autonomy valuation was arrived at?
"Whitman fell back on saying she trusted her team at HP, particularly including then-CFO Cathie Lesjak"
Maybe HP should have trusted her before the acquisition, when she was recommending against it?
For the judge though, surely this just reinforces that HP decided a value for Autonomy without proper care and attention.
They then decided Lynch and Hussain were fraudulent, again without proper care and attention.
In both cases they leapt before they had full finished looking.
I see no one to blame here except for HP.
"Just for good measure, HPE also claims that as time went on, Lynch became “less and less focused and grounded in reality,"
Sounds like he was nearly perfect material for a HP Chief Exec, except he must have remained a bit too grounded in reality for their liking.
Is it just me though or does most of the evidence HP have brought work against them?
This is a most odd case.
I'm sure there are people without bank accounts, but doubt they would be filing a tax return at all, let alone online.
Allowing the refunds to be paid on to pre-paid debit cards is bonkers.
Part of my brain screams 'inside help' but then the other, larger, part just says 'stupidity'.
What I heard at the time was this:
Autonomy: We are for sale for $6billion
HP: We'll give you $11billion
Autonomy: Errrrrrr. OK! :D
If you put your car up for sale for £600 and someone tries to buy it, but for £1100 and forces the cash in to your hand, are you really liable for overcharging them?
Autonomy didn't think they were worth that.
HP finance people didn't think they were.
But Leo and his adviser decided $11bill was a snip as they could make it worth $17bill!
In reality they made it worth about $3.5 bill.
Autonomy should point out prior behaviour to the court too.
They are far, far, far, from the only company HP have bought and messed up.
However, this policy ... did not say who the third parties were, or what type of marketing they might receive."
I can't think of ANY policy I have read that lists the 3rd party companies or the type of marketing. They all just refer to 'partners, 3rd party companies may send you stuff we think is good' (paraphrasing obviously)
If they used that criteria 99.9% of firms would be guilty.
Combined with receiving no customer complaints this does indeed look rather unfair.
My 3 year old Nephew knows the passcodes of all the iPads in his house.
Why my sister has pass codes when all her kids know them I don't know. If I am there and I want to use one I just ask my nephew for the code.
The problem with school IT is usually more with the teachers than the students, especially in infant and primary school.
My wife is an early years teacher. She has a passion for it. She does not have a passion for IT security, and neither has she been taught how to deal with it. And neither have her bosses.
As such they bumble along finding practical ways to get things done. If, and it always does, this involves unencrypted pen drives rather then secure storage they will use it.
Can we really blame them when they haven't been taught why this might be wrong?
The only way Chequered Flag ever loaded for me was if I stopped the tape half way through the loading, rewound it a bit, then hit play again.
I don't know how I discovered this, but I do find it amusing to this day that I didn't find it odd at all.
That's just how it was having a Speccy. You learned to be creative to get things working.
(Like my level skip cheat for Operation Wolf. It involved rubbing my socked feet across the keyboard until it gave the message it was skipping to the next level).
Imagine the comments if they had a 50ft tree covered with loads of decorations.
It would be all "Why are you spending on a tree instead of children's / adult / other council services"
Council's can't win. Damned it they do, damned if they don't in this world where everyone is a critic and we seem to compete with each other over who can spot any semblance of fault first.
"But I couldn't find guidance for infosec (looking under several relevant terms) on the NICE website. If it's there, it's not obvious. Does it need a disaster first?"
The NHS is, sadly, anything but proactive.
It requires a Wannacry that doesn't suddenly stop, but instead spreads more and destroys/costs more.
Sense wont get change, only public outcry after a disaster.
it's bloody sad it like that, but that's how it is.
I wonder if their HR database was accessed via Active Directory automated login?
A lot of places authenticate internal systems like this now.
Yes, it saves you typing more passwords but it also means once an attacker is in they are in.
Of course, since most users would just use the same password for both previously anyway.......
Clinton Win = Good democracy.
Trump Win = Must have been fraud - from RUSSIA!
Remain Win = Good Democracy
Leave Win = Must have been fraud - from RUSSIA!
And so on.
It runs the risk of people judging that 'fake news' is simply anything the cognoscenti of the current zeitgeist dislike or disagree with.
Also, I've never voted a certain way due to fake news. And neither has anyone I have discussed it with.
Ask a room full of people and they will tell you the same.
Ask a stadium full and again they will all say they haven't.
Yet look at the news and you'd be forgiven for thinking the winner of the election was merely at Russia's whim. I think the power of 'fake news' is massively overstated and being used for political purposes be people we should be very afraid of this.
Any censorship that comes from this is a massive step back, not forward.
OK. I'll bite.
"Due to the very nature of Social Media, even 30 million can cause a lot of damage.
Here how it works. Hit the 30 million with targeted ads. Say 10 million take the bait and like or share it with all their friends. Some of those do the same. After a while it becomes a meme on Social Media and untraceable back to the original source.
To be honest 1 is to many"
1. How much do you think it would cost to send ads to 30m? Go find out. It is not cheap!
2. 10m out of 30m to like or share?!?! LOL!
(For comparison) Direct Marketing has a standard return rate of around 0.01. To even imaging 10m out of 30mil would respond is bonkers.
I think so many people are overstating the effects of this.
You have been served ads.
Are you all as fickle as to be directed by these ads? No. You are not.
So why do you all think everyone else is?
Finally, social media is a business with 2 products. The platform and us.
The platform is the product we buy, and we pay for it by being served ads (targeted via our data).
We are the product the advertisers buy. They buy it with money that funds the service/company.
I thought most people understood this? I do.
I expect my data to be used to target ads because they tell me they will do this.
A lot of this complaining is like my nan moaning about ads on ITV. . .
I have been with Cable for over 20 years.
I've now cancelled and given up.
Sick of being lied to.
Last time I moved they said they would transfer my deal (£30 a month, no tie in).
Instead I got that for 6 months then it went up.
Had to pay to cancel the contract too. FFS.
They lie. Their sales staff are incentivised I presume? So like Vodafone will say ANYTHING on the phone to you, then surprise you with the bill later.
No benefit for loyal customers either. As usual you get treated worse for having paid a bill each month for 20 years then a new customer who may hop every year.
I used to take their crap, because I needed the better internet. But now there are genuine other options for fast broadband I don't have to.
So they have had the last of my money.
If they treat the rest of their customers the same I predict a hard next ten years for them. The one advantage they had is their fibre broadband, but that is wilting away.
If they have to rely on their customer service to retain customers they are in serious trouble.
"However, there is no indication that any specific data, including any personal information, has been taken or used"
Time after time companies are forced to admit intrusions, and then try to pass it off by making out that perhaps those who hacked into the database then would decide not to copy any of the information from it.
Every time a communications or marketing person issues such a statement they should be slapped with a wet fish and made to paint their usernames, passwords and banking details on the front of their houses. If they are so sure these things are not likely to be used.
They stopped trying to 'detect' years ago.
Nowadays they use a big database of addresses and cross reference it with which addresses have a license.
Those that don't get letters and visits.
The only problem is their letters are very badly written and their visiting staff seem to be vetted to ensure they are twats. (Probably send them to traffic warden school)
I have a license as I think it is great value. Hell, I'd pay it for I'm Sorry I haven't a Clue alone.
They phoned me up a couple of months ago to tell me they had overcharged me and they were reducing my bill from £17 a month to £16 a month.
Having been with them since 1999, and experienced the horrendous drop into the mire of their customer services in recent years I was not surprised to find they were now charging me £22 a month.
Or that it took over an hour to correct on the phone with them.
57 minutes with the call centre idiot, then about 5 with the resolutions team when I finally managed to get them to put me through to someone who had the authority to fix it.
I know I should leave, but I’m lazy. More fool me I guess (and really, are the others better? Recommendations happily accepted).
"...HP anxiously looks forward to the day Lynch and Hussain will be forced to answer for their actions in court."
I bet they are anxious.
I'd be very surprised if this ever actually got to court.
Did HP pay far too much? Yes.
Is that Autonomy's fault? Probably not, even HP people at the time were saying it but they still chose to buy it.
Regardless of the price did HP use its legendary ability to fuck up an acquisition to destroy most of the value of Autonomy?
"That includes removing apps that it determines "do not offer unique content, creative value or utility." So long, flashlight apps"
When I bought my new Windows phone the first thing I downloaded was a torch app. It is dead handy when looking behind machines and under desks etc.
I don't see why anyone would consider nuking them.
*I must be, I bought a Windows phone.
"At this stage, we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details."
Is it just me or is this BA saying "They hacked access to payment details but as far as we know they haven't bothered to look at them".
"the 12 year old suggested replacing it with an iPhone app. He and his team were hurt when we laughed"
LMAO. Digital Dan by any chance?
The sad thing is that group of shysters actually believe that their solutions will/can/do work. They seem to be hard wired into thinking everyone they talk to is just over complicating things and a shitty iPhone ap with a catchy name and a picture taking up all the real estate on the screen is what people want.
What Whitehall needs is a trap door system so that whenever someone says "Agile" the floor opens and they are deposited to some pit, where the only way to exit is via an iPhone ap that doesn't have the exit button yet as that is tricky and has been put off to a sprint that will never actually happen.
The large 24 hour ASDA near me has 16 self service tills.
They leave them unlocked. If you push the handle with the lock on, it clicks and the screen of the machine lifts up, revealing the PC (yes, these are XP based too) and 4 usb slots.
The usb slots are enabled as this is how they reimage them if something goes wrong.
Sadly getting physical acces is nothing like as hard as it should be.
I was discussing this with a friend who fixes cash machines, and he reminded me that almost all the threats he deals with are physical.
"> Some idiot with a JCB (backhoe) digs up your business critical network link and it is down for several days?
You would face a similar problem with on premise storage"
No, we wouldn't.
My organisation is going the full cloud.
At the moment we have our own onsite data centre. If the internet line to the building goes down than the only effect is a notable upswing in actual work being done.
In a year or so's time, once we have gone fully Desktop as a Service (I can't wait...) the effect of the internet line to the building going down will be that no work can be done.
And yes, we do have a backup. In fact we have 3 internet lines coming in to the building. Primary and 2 back ups.
Being Local Governemnt though the 3 lines are all Virgin cable and, most likely, anything to take out 1 would also take out the other 2.
>>The "S.S. 2e2" may not sail again, but she won't leave those who depend on her high and dry.<<
Out of interest which part of the 2 people who we relied upon not being paid, being laid off, and us being told we are going to get f'all from 2e2 is not being left high and dry?
We will be ok, but only because we promised to pay the staff ourselves if they rock up and complete their work from here.
I had £550 of Ryan Air flights go out of my account.
The bank told me as it was chip and pin they would not refund it.
I phoned them up and offered to send them instructions of how to commit fraud on a chip and pin card (I was just going to send links to 3 ro 4 Reg articles) and they instantly backed down and refunded me, without me even having to send the links.
The sad thing is they know they are liable, and tat in many/most cases the customer is not as fault but they will still try it on and although us geeks will know to not accept it I fear many other people will just accept it and end up paying for it themselves.
The banks should be forced to be more fair, and not just be allowed to take advantage of peoples ignorance in these matters.
Live subtitles are typed on a special type of keyboard which is phonetic.
This is why subtitles of live events will often have the correct word phonetically, but the incorrect spelling - like your Poll and Pole example.
In a live broadcast there is no time to double check these as they go.
"So HP actually paid $5M a head for a professional services firm. Very hard to scale"
Funny thing. I remember reading that, on these very comment pages, before the deal was concluded.
I find it hard to believe HP on this when a majority of articles and comments I read on the deal seemed to be saying "They are massively overpaying and won't be able to scale the business".
"“As soon as we get the consumer to buy one piece of software, then that entire transaction becomes profit positive,” Reggie Fils-Aime, president of Nintendo America, told the San Jose Mercury News"
That's great for Nintendo if it is true, but the quote is conspicuous by it's absense from the interview you linked to.
Biting the hand that feeds IT © 1998–2020