Posts by Halfmad 821 posts • joined 16 Jan 2013
I was a CAD draughtsman back in the 90s on a DOS version of AutoCAD. I remember the costs back then were insane and I joked that one day they'd find a way to do away with the dongles and screw the company over some other way.
Later on I found out about the subscription models they were adopting, constant need for updates etc and realised they'd found that mechanism..
It won't, it'd just create more, smaller ones doing the same thing.
Monetary penalties which put the C-suite at risk personally would help.
UK public sector should be mandated to grade procurements with a weighting of cyber security at 20-30%, currently any procurement I've been involved in security is worth at most 5%, in many cases less. While cost will be 40-60% of the weighting.
All that does is mean we buy cheap insecure products over and over again and then people like me are given the impossible task of trying to manage risks around products we thought were horrendously insecure.
When companies fail to get business because they are insecure they will start to take it seriously.
Even if split along national lines it will be trivial to link up a PC to that national "internet" and remotely access it via satellite etc even if there is no physically connection to do so - which there would be anyway thanks to telephone lines.
Even if there's an entirely different networking technology underlying it there will always be a way around it
The EU safety regs didn't stop Grenfell, product safety tests done in the UK may not either.
Proper on site surveys of buildings, which used to be done years ago may do so - if the companies conducting them can be held liable should they miss something.
It's not just a case of checking products though, especially in construction and manufacturing but also how they are applied, what methods of treatment are used, what products are near, touching, heating/cooling, have current going through them etc.
It's a bit like welding box sections in bridge construction, it CAN be effective but if done incorrectly introduces stresses within the material which MAY affect performance depending on the type of bridge the box section is part of.
It needs a layered approach to safety.
This is the problem with Cyber/Info Sec, some products are easier to show ROI on than others and many it's very much a benefit which end users don't see or don't notice e.g. less down time.
I frequently use incidents like this, Wannacry etc to show what can happen and I'm a huge fan of risk assessments as a way to make senior management accountable for what is or is not done. Sadly that doesn't seem to be done in many companies though.
I'm all for MS bashing but this pre-dates W10 and is entirely on Dell. Doesn't look like they have any interest in updating other operating system drivers according to the article, either that or El'Reg hasn't dug into it any deeper.
Even in the 90s we'd always wipe vendor PCs before deploying, this might have snuck on though if it was part of a driver package and not identified as bloat (which some drivers were).
INFORMED consent, not just consent.
They also require that you are not penalised for not consenting, you know like made to jump through hoops to disable individual options, get a spinning "we're changing your settings" dial then a wait for the site to reload.
It should be accept all, accept only functional, reject all or edit. Not what we currently get.
I use to get called out to primary schools because slot loading imac had swallowed a CD etc. In reality the kids had managed to insert it between the drive and case in a tiny gap above the drive.
Oddly enough I'd normally find lollypop sticks in the drive itself, at £130 a pop.
Most of those GDPR cookie pop ups aren't compliant with GDPR anyway as they default to max tracking or make disabling any part of them challenging on desktop, nevermind on a mobile device. I was once asked to disable individually the companies I didn't want to track my usage, I think the list was around 110 companies long, each with an individual tick box - or I could accept.
You mean you DON'T want a folding phone which will be more bulky and cumbersome to use and mean slightly large images and less scrolling?
Me neither, in fact I think it's one of the most daft ideas they've come up with since the last re-try at 3D TVs. No doubt that'll come back around again.
This is my problem too, value.
Dropbox just can't seem to compete with alternatives and rather than realising it's the root cost that's the issue they think throwing useless fluff on top will tempt me. Not going to happen.
I just want the basics, so why can't I have somewhere to backup to cheaply on their service and pay for what I use, rather than what they want to sell me? That's fundamentally the issue - value for money, it's better elsewhere.
Also technically decimation in the Roman Legions meant the other 9 co-workers beating the 10th to death. It wasn't a simple execution. It was murdering someone who'd perhaps spent a decade living beside, it was collective punishment, not just for the person with the short stick..
89% of Dropbox's workforce will be largely untouched by these changes.. except IT who will obviously be expected to pick up "the slack" with fewer resources.
I agree, CVSS is generally one of several factors to be considered. I always take it as a starting point then look at how that particular vulnerability could/can impact the business.
I've seen some vulnerabilities scored in the low 6s which could have impacted us far higher than many of the routine types scoring 9+ due to how the business operated.
Anyone relying solely on the CVSS score needs to rethink their processes. It's purely a generalised indicator.
But the pointers were there if we'd looked I'd suggest.
A simple good search for "insert product here" and "anti virus exception" will generally give an idea of whether or not a product is taking security seriously or if performance is king, if performance is even a factor in whether an exception of this kind.
This is why retention periods for data is so important, less to pull back.
Amazon are a company, not a charity though - so they expect to make a profit and will do what they can to maximise it. I don't hold that against them but I will hold it against our government is it's excessive.
Most laws can be applied internationally, otherwise you wouldn't have international arrest warrants etc as they wouldn't be valid.
Where a crime was committed is key here, the crime technically was committed on US soil FROM the UK (allegedly) that allows for extradition.
There are victims here, can he give evidence from the UK? If found guilty he's extradited?
I'm not a fan of the rather one sided extradition treaty we have with the US but that's a lot of potential victims to deny justice due to a threat, which is all frankly it is at this point.
Unpopular opinion here and likely to get abuse from both sides but the problem isn't the police or policing of society in general.
It's the fact that police, particularly in the USA isn't by consent and holds itself separate from the society it was created to police. It adopted a "them and us" attitude which frankly has been reciprocated by mostly left leaning in that society.
The answer isn't bigger guns or more of them, it's both the police and society rebalancing, that's likely to happen after the USA election (whichever way it goes - that old man or the other one) I just hope it's without violence and BOTH sides accepting whatever the result is, because frankly neither is great.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2021
