Accurate
The article seems accurate as I always miss weddings due to "having to work" but somehow I always make it to the open bar receptions.
61 publicly visible posts • joined 16 Dec 2013
"Time for the EU to have a polite word with MS? The more I hear about Windows 10 the more glad I am that I'll be waiting to install it."
This is what is wrong with so many people in IT nowadays - believing everything they read on the internet about technology without ever trying it! Sure, you have to rely on reviews for big purchases, but believing a competitor's comments or a journalist's review for something in Windows 10?
A review is like one side of a breakup, it is not the actual truth, and requires a large intake of salt while reading it. The author will leave out facts and use opinions to spin their story on whatever features or concerns they come up with.
As many people pointed out above, if you use the custom installation then you can keep all default settings. Not a big issue.
Note: I am not a fanboi of any OS, browser, hardware/software, etc, I use use what works best for the situation.
It is very naive to think that you can solve every security need. If it was that easy then big companies wouldn't be getting hacked. They would pay big $$$ for the black box to secure themselves.
The reason you can never be fully secure are the meatbags who write the code, they're not perfect and have faulty code. The meatbags who work for you, they're not perfect (and like to click on stuff), most places get hacked due to social engineering.
Remove the meatbags, do a full audit on all code (ALL OS's - servers, desktops, phones, routers, switches, etc), using an AI since those pesky meatbags had to be removed, to verify you have no new vulnerability whenever a new technology comes out and you might stand a chance of being "better secured".
"Does a household insurance company require me to have my locks and alarms audited every year?"
Does that mean all I need for network security is a firewall? It might be improperly configured but hey, I meet the security specification! Locks and alarms are physical items which are easy to tell if they are configured correctly.
Digital security is a bit harder to know if things are secure and require regular audits of not only network security but also server security. As every vulnerability has taught us, what we thought was secure yesterday is not secure today.
Personally I hate audits but, if done by a true expert, they can point out some weaknesses/vulnerabilities that you might not have known were there and best practices going forward.
Did the insurance company require an audit of the insured network? If they didn't then I say they should pay up. The insurance company should require an IT audit once a year to make sure the insured are kept up to spec. Its a win/win for the insurance company as they do not have to pay for the audit, for fixing the issues, and for paying up if a hacker got in through a known hole.
Maybe the admin thought they were completely secured and following every word of the insurance contract, but as it turns out, they were insecure. With the rapidly changing world of IT, how can someone know they are completely secure without either being licensed for every technology in your network (not gonna happen), or by requiring network audits by an external party.
BB - You are comparing a data sharing request with a hit request? You're talking apples and oranges here.
I think a better comparison is if you made a data request to get all the data files on your neighbors and a few business leaders throughout the city from the local police department and they just gave it to you. Is it illegal to make the request? No. Is the police wrong for doing it? I think they are.
"And that's without even knowing if any pressure was put on BND to do it."
It could have been a simple request and no pressure added. Besides, who knows what the BDN requests from the NSA.
How is this the Yanks fault? The Yanks made requests and the Germans decided the requests were valid (even if they didn't look at each individual request). The Germans should have evaluated every request and dismissed those they thought were illegal or do the Germans just approve of every request from every intelligence agency on the planet?
The "they told me to do it" excuse doesn't work for adults as well as it does for children. I'm sure the politicians, on both sides, will do the regular "I'm shocked, SHOCKED I say!" routine but business will continue as usual amongst the intelligence community.
The man is a true genius. Starting a project that will cause the most talented engineers, new and old, to volunteer their time and talents on his project (who doesn't want to build and race a pod racer!). Once the right pods are designed and the tubes are tweaked --> PROFIT all around.
I'm crossing my fingers that his next project will be either flying cars or teleporters
BAH!!!! Do away with the NSA and use their very ginormous budget for humanitarian use.
You would need to remove all spy agencies from the world not just the US, otherwise a foreign spy agency will step in to fill the void as Big Brother.
The world would be a much better place & America might get a little more respect from the rest of the world.
I think most Americans don't care about respect from the rest of the world, they just want the same as everyone else - a health family, a roof over their heads, food on the table, and a vacation once in a while.
Do you, as an individual, care about respect from Americans or other countries? I thought not. Only politicians fake caring about respect from other countries as long as it helps them reach their goal.
The NSA was established on 4th of November, 1952 (Yes I know that the NSA was formed out of the SSA which was created during WWII). What major event came before the creation of the NSA... WWII and I, for one, do not wish to return to that "nicer" time period.
"The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure."
"They blamed the Microsoft's discontinuation of official support for Windows XP..."
"The real reasons why TrueCrypt.org pulled the plug remain unclear. In the absence of any convincing explanation, conspiracy theorists have suggested TrueCrypt was shut down, Lavabit-style, in response to pressure from the feds or spy chiefs, or possibly due to an internal power struggle. Perhaps we'll never know."
You start the article by stating reasons as to why TrueCrypt shutdown, passing them off as facts, then you end the article contradicting yourself by saying you do not know the reasons.
So which is it; did the maintainers shutdown TrueCrypt due to Microsoft ending support for XP and/or did the maintainers feel like they couldn't keep the software secure any longer, or do you not know and can only speculate?
Yeah, that's a fair statement. So who was it - assuming it's a hack? Patriot Hackers? Seems like a slightly odd target.
It could be:
*State sponsored hacking (pick your nation of choice)
*Criminal sponsored hacking
*A lone hacker
*A dev received a secret court order and is doing what (s)he can to announce it, as someone below suggested
*A dev found a security hole being exploited and yanked that version off the site
*Dev infighting causing one dev to get his/her revenge
*Ballmer and Gates playing a prank on the OS community
Without more information it is hard to say who did what and the reasons behind it but I'm sure Occam's razor is involved somewhere.
> There is no case for the US pretending it can extradite in this matter.
The US doesn't think it can extradite those responsible. Every time the US would point the finger at the Chinese for hacking US companies the Chinese government would say "prove it". So the US publicly provided the facts to see what the Chinese leadership would do, as well as tying juicy steaks (to attract blood thirsty journalists) around the necks of five, now famous, people. Its all just a small move in the big game of politics.
@Mike Smith
The Russians haven't done anything to directly provoke Europe or threaten the sovereignty of any NATO or EU country.
WHY should Europe get involved with the affairs of two countries outside its borders?
but Europe doesn't see it as its sacred duty to run around the world throwing its weight around any more.
Same goes for Bosnia. Same goes for Libya. And Syria. And Nigeria. Britain gave Nigeria its independence over half a century ago. It's no longer our problem.
There are a few more references to isolationism in your post but you identified one major difference between the US and Europe. Europe sees injustices and all you do is shrug your shoulders and look the other way. What would happen if the US did that in any war; starting in WW1 - today? Hitler (and now Putin) is a great example of what "It's not my problem" attitude gets you.
The US gets a bad rap because, for one, it is the world police and sticks its nose into other peoples business but it only does that because we saw what doing nothing leads to.
I'm sure none of this was the expected outcome of the US meddling, but looking at it all you can understand why Russians are so good at chess, and Americans have to settle for the basketball trophies.
You're joking right? The Russian economy is taking big hits as foreigners pull their money out of Russia, the Rouble has been downgraded to BBB- (which is one step above "junk" status), and most of all, Putin has effectively made the US look like the good guys again. These are not the moves of a brilliant chess player...
100% of IT Depts they tested were probably Cisco customers using Cisco VOIP phones that seemingly require a server to be connected to the network, but not managed, patched, firewalled or otherwise managed by IT
Each business chooses who will manage their VOIP systems, and IT has always managed VOIP in every place of business that I have worked for. So your complaint is invalid.
Also, Cisco has a very good VOIP system that is easy to patch, manage, and is rock solid.
> So should:
The USA, UK, Rusia, China, France...
Your point?
USA, UK, Russia, China, France are not signing this agreement, that is the point. It is a nice gesture, one that I wish could be enforced, but it is akin to signing a policy that politicians will not lie and bankers will not steal.
All of these have viable and valid claims to it. Ukraine is not on the list. A birthday present by a dictator is not really a valid claim to ownership.
Only recent history has any meaning and that recent history is that Russia gave Crimea to Ukraine. End of story. It doesn't matter who conquered Crimea hundreds of years ago, or who had control of it up to it was gifted. It was LEGALLY gifted away by the then current "owners".
Crimeans have every right to separate from Ukraine and join whomever they want, but you cannot do it by use of force like the Russians did without consequences.
2 - segregate data from the US (and other questionable jurisdictions) in non-US data centres.
That way, a US subsidiary can only provide what it has access to and cannot be used as a backdoor. If you have your HQ in the US, it means your decision power resides there which can give rise to abuse.
Every government will, if they are not already, tap into the data lines going through it's borders so it all boils down to which government you don't mind sharing your data\phone calls with.
“It was quite enlightening to hear about her experience and her struggle. But it's not convenient for me to talk about such issues," English student Mary Yan told The Guardian.
I hope this student used a fake name, otherwise she'll get invited to have tea at the local police station very soon!
Taken at face value, this would hint that a Brit is behind the sale. However, this is more likely to be a deliberate piece of subterfuge than a genuine opsec howler...
The way to find out is if the comments are very well written. Plus look for words and phrases like "bloody hell", "cheerio", and "tea".
RWB have a "do as I say not as I do" attitude as most reporters stalk, hack, and dig dig dig until they find something/anything they can use for a story on you. Just ask the alleged creator of bitcoin
It's hard to convince people to follow your rules when your own house doesn't even follow your rules.
However, from a functional point of view, the only difference is that I no longer get emails about my inbox being over its size limit, and I no longer have to go back through my email history and work out what I can safely delete (and then delete it from 'Deleted items', of course, and then delete it from 'Recover Deleted Items', and so on... until I finally get some inbox space back).
You should have sent your Exchange admin to training.
I am lucky to have worked with good admins that setup policies to automatically delete emails in your deleted items folder and ordered beefy enough servers to handle many years worth of emails per inbox. Granted I don't receive, or send for that matter, any mass joke/picture emails and thanks to the tireless user education efforts of all IT staff, this company does not use email as a file store.
Software is only as good as the admin in charge of it.
Do you suggest that intelligent programmers maybe using software tools are incapable of finding a backdoor. ?
I do not suggest such a thing but are they looking for a backdoor? Can the few experts searching for bugs keep up with every update that is released? Just because a person is an intelligent programmer doesn't mean they can spot every bug/backdoor. They might want to smack the original coder around a bit for poor coding but even the best programmer doesn't know everything. Besides, people come up with new ways to hack into things everyday that the experts haven't even thought about.
That forensic malware experts are incapable of detecting untoward traffic ?
Malware experts can detect untoward traffic coming or going from any OS.
Sure, it's possible, but between closed-source binary and open-source I know what I'd take and in fact I do take
Since they have never looked at any of the code, to 99.9999% of Linux users out there, open source is the same as closed source - Unknown.
I do not care about one OS over another, each has it's pros and cons. What gets me is that people claim there is a backdoor in Windows due to it being closed source but they have never found one and they refuse to believe there is a backdoor in Linux because it is open source and "could" be reviewed by experts.
Are you or anyone else going to audit the code and all future code that the BSI and their shadow companies have submitted for free? No? I thought not.
If a group of independent experts cannot audit source code BEFORE it is deployed then how do you know if it has a backdoor? I do not think the BSI would put in a backdoor right away due to the mistrust caused by the NSA/GCHQ, but I think they will add one in the future when things have settled down. After all, security agencies are all after the same thing - the collection of as much information as possible.
Open Source != bug/virus/backdoor free
Kolab, from Swiss company Kolab Systems, was developed by the German Federal Office for Information Security (BSI).
It looks like Germany is putting in their own backdoor and people are happy to do it because it is not Microsoft... well played Germany, well played indeed.
What pisses me off is when a consultant will suggest some new hardware/software that he/she has never touched. Then they want to learn the system while implementing it. I have no issue educating an employee who might stick around for a few years but I will not pay to educate a consultant. You are being hired because you say you know the system you submitted a bid for! Most small time consultants = setup wizard clicker.
If you are going to spend the money on a new system, pay a little extra and hire someone who knows what they are doing.