Re: TLS Certificates? -- In Depth
Defense in depth: guard the registry, guard the private keys, do vulnerability management, do pen. tests, and all of this in concert with TLS, etc. How is this new?
704 publicly visible posts • joined 1 Feb 2015
In case anyone is unfamiliar with the meme, there is a saying among marketers: "consumers are like cockroaches: they grow immunity and adapt." I find this to be a little more than unsettling, and it makes me despise those who try to ram abusive advertising down people's throats even more. They've got all that marketing data and they still don't know how to treat consumers like human beings. Just what kind of disease has infected the minds of marketers and advertisers?
Careful; if you re-flood it, you'll just have a big mosquito problem that would spread diseases. What we need to do is contain the diseases--the divisive political ones in particular, so that they'll stop infecting peoples minds. The duocracy is a false dichotomy.
When I go to buy products, I will be a responsible consumer and make sure that I am both getting products produced by responsible manufacturers and that I am getting that product from a seller that will insure that that I am getting the genuine product unmolested. So, I'm going to also seek out some means of ascertaining the reputation of both. That may be by way of a consumer advocate publication or by way of some manner of certification. So, both Consumer Reports and the Underwriters Laboratories are key resources.
However, things get weird with advertising services, as the consumer doesn't get to scrutinize them directly. Web sites are entering into a business deal with ad services, who in turn are entering into a deal with sellers who want to advertise their products. And, in this brave new world of the Internet, they have to do so in extreme bulk. That has a distinct affect on the lack of motivation to look out for the consumer, so the consumer is left to look out for themselves.
At some point, there will have to arise in the market some manner for dealing with the reputation of these delivery mechanisms. Will it be something that arises naturally, by consumer outrage, by regulation, or some combination thereof? But, I can't believe that anyone involved will be able to reasonably claim they have absolutely no responsibility in this. After all, it's a chain of business agreements and all participants are creating market forces that are a part of the cause of the problem.
Isn't it still true that advertisement services still take no responsibility for the content they allow through their service? Aren't lawmakers considering addressing issues of this sort in other arenas, like social networking, search engines and such--some of which may be going to far (EU copyright law), others not far enough (social media data gathering)? Would I be shocking anybody if I made a prediction that this hacker will not be the first of this kind, that ad services will again be the vehicle for other major exploits, and eventually that there will then be regulation--putting some responsibility on the ad services--for not being so callously irresponsible towards consumers--that they actually do something to screen or filter ad content--to reduce the chance that they'll be used to spread malware?
I don't know how many picked up on it, but the article hinted at the fact that Albany is the cliche question for knowledge of state capitals, and I was taking a poke at what counts as a meaningful education. I'm a technical person, and those trivia quizzes that check if anybody remembers things requiring wrote memorization from elementary school are not really my thing. So, I to am one of those that only knows a few state capitals, though I do know that large cities are not necessarily state capitals. However, for the sake of keeping up with the news, I did find a nice web site for making a game of knowing where states and countries are, so I'm doing pretty good with those. I don't know if I'll ever bother doing the same for state capitals. If anything, nations' capitals would be next, though I know a few of those as well. In a technical field, trivia is just for conversation and doesn't get the job done.
Agreed, but insert here the discussion about how email programs could have better highlighting and prompts to warn when an email might be going to the wrong people. Of course, that won't get it 100%, and training and policy enforcement are necessary, but email programs need improvements too.
Of course, if your email program comes from a monopoly (at lease in the business software market where software needs to fully support policy compliance), then you may find it hard to sack the software. Why else have the oh so obvious improvements come so slowly?
If the Chinese were to get a hold of the technology Monsanto uses to infect non-GMO farms (allegedly?)--so they can use patent law to, ahem, acquire those farms in the courts, will the Chinese act less ethically than Monsanto in the use of the Franken-seeds?
And, could this be what the Chinese were after? Yes, I'm spinning a dark fantasy, but it's just so much dark fun that I couldn't resist. Anyway, I was very curious to find out exactly what the Bayer/Monsanto targets were. And, could it be that Bayer will end up regretting it's acquisition of Monsanto?
I tend not to trust products with the word "smart" in it the product name. Or at least, my first question will be "what makes it 'smart'". See today's article on the Huawei router with the UPnP flaw.
"Smart" usually means that the device automates things in a way that inherently creates vulnerabilities--and way too many of them.
The tragedy of things like UPnP is that its purpose is defeated if it's off by default. And, that means that then only people who won't be vulnerable will be those who are smart enough to disable it (and other things like it, such as weak WiFi settings). And, although the intent was to make things easier for untrained consumers, the unintentional (one would hope) effect is to create a massive swath of vulnerable back doors just waiting to be harvested. Still, one is tempted to entertain the thought of conspiracy theories. After all, there were those who warned that this kind of problem was inevitable, and we expect that the only reason that this ended up being created anyway was just a matter of the way the market works--being the enabler rather than the responsible guardian--again, one would hope.
Oh yeah, an online grammar checker? As if I would actually run my writing through a thing like that. Seriously, if I'm using a search engine like Duck Duck Go, I'm sure as hell not going to run an entire corpus of my writing through an online grammar checker.
And yet, YouTube keeps throwing the Grammarly ads at me, no matter how many privacy-related videos I watch--or how many times I click that "skip ad" button. They just never seem to learn. But, that's how marketers think. I suppose I could install an ad blocker for YouTube, but I'm actually amused to see how stupid marketers are.
Oh, and those ads that say my video will play in so many seconds, you know, the ones that don't give you a chance to click "skip ad", I just close those windows as quickly as I can--regardless of whether it's for a product that interests me. I won't put up with advertising that I can't down vote. Those are products that I make a point of not buying--again, even if it's a product category that interests me. Use abusive advertising, and I will hate your product to the end of time. Marketers that think they actually gain something by shoving abusive content down down people's throat, which only infuriates people, need a smack up side the head.
With Office 365 forcing it's way into many organizations by way of Microsoft's monopoly machine, will other end-point security tools be forced out of business?
Also, does this mean that Microsoft's vulnerabilities will get fixed or will they remain to validate the existence of the end-point product?
If it's anything like O365, they'll expect you to pipe all that data over the Internet directly without the protection of a web proxy.
And, don't forget, Microsoft sales reps are the like the Priors of Ori; they'll pressure your organization into signing the contract before any feasibility or security studies can be done. Remember, they don't care if you want to define your security policies or perform risk analysis yourself; all your policies become what they dictate. Microsoft is Origin.
Note that it's possible to have nonsense phrases that are grammatically valid, which might help with memory, as in: "Colorless green ideas sleep furiously." But, don't use that one, as it's a quote of a certain famous linguist. (And no, I wouldn't include the spaces either.)
The issue is a matter of pervs who shop the dark web for kiddie pics who will eventually create a market for hackers to sell certain kinds of services. And, don't forget nanny cams have already been hacked and exploited by pervs, so there's no reason to think these products are immune. Finally, anyone who thinks that pervs always work alone is a fool. Think ahead product makers; you are contributing to the creation of a whole new kind of dark and sick market.
Futhure headline: Mumsnet reports a sudden and staggering growth of new members. Critics ask how they know whether all those new members are all actually real parents... {Fill in usual disastrous results prediction here.}
Why do I so badly want to see people who fail to protect children raked over the coals, broken glass, and other such materials?
"It would be as if a mechanic walked up to your car to do an inspection..."
O.K. but, it's by regulation that inspections and emissions tests are mandated (under various circumstances).
And, when (or if) we get self-driving cars, are their going to inspection requirements to make sure the code is appropriately patched to insure that other cars and passengers on the road are not endangered.
The more that we come to depend upon software, the more there will come to be a mandate for safe software that does not endanger others. It will be interesting to see what happens to the bug-hunting market then.
Yes, as Eddy Ito says, we are aware that many see us as the "World police", and there are a whole lot of us that are very unhappy about that pejorative view. Yet, we understand where it comes from. Insert concepts like Military Industrial Complex here.
Generally a combination of techniques to make it so that you can't delete a cookie. But, what that really means is if you delete the cookie, some other mechanism will bring it back, so they might also be called zombie cookies. This includes the use of Flash cookies. Yes, Adobe decided that Flash needed it's own cookies. Wasn't that nice of them :( Sesame Street's Cookie Monster surely does not like these.
Yeah, this is where it starts. They'll chip kids in the their writing hand so that all they have to do is wave it over a device. Sorry, this and AI will cause a new evolution in which we plain old humans will go the way of the neanderthals, whether you believe in the Apocalypse or not. Frankly, I'm a skeptic, but I don't need a supernatural explanation for the Apocalypse to know that we will surely either cease to be human or simply cease.
Beware, they've got some kind of secret strategy to get buyers to sign up for their crap--without security reviews, feasibility studies, or risk assessment. And, it seriously sucks when that happens because then you're forced to implement things that you know are just plain wrong.
It's too damn difficult to enable Citrix services over the Internet through a web proxy--without mucking up security, and no one ever seems to have Citrix support to address that garbage--so I'm always having to reverse engineer that crap. No wonder that was part of the problem. Yeah, I'm a proxy admin, and Citrix is a serious thorn in my side, and I wish policy out-and-out forbade it. Time to grow up and get your sh*t in order Citrix.