Posts by EnviableOne

Re: Ursula said it

As such, multitudes of EU legislation are held up by small groups like the Flemish farmers in Belgium.

The trilogue meetings, defined as 'informal tripartite meetings on legislative proposals between representatives of the Parliament, the Council and the Commission', are where business gets done.

Then the decisions in trilogue are ratified by the parliament, the council and the commission.

So representation is maintained in all three bodies, the people directly elect the parliament, the council are made up of the elected representatives of each member state, and the commission is appointed by the other two.

I admit the EU has exceeded its original mandate, but as one the largest free trade blocks in the world with low to no tarrif agreements with most of the planet, a respect for privacy and human rights, and institutions defined to defend them, it is far greater than the federal united states at both getting things done, and doing so effectivley.

math(ematic)s

Re: Big Trouble

Amazon are the only corp you have a chance of taking down with GDPR fines. due to being hamstrung by the former bookshop, they are only making about 2.5-3% profit on turnover so a max GDPR fine of 4% of turnover can wipe out their annual profit.

Meta, Alphabet, Apple, Microsoft are making nearer 30% on turnover, so 4% fine is a drop in the ocean

DNSSEC only authenticates that you are speaking to the DNS server you think you are, not whether the response is poisoned.

If the legitimate server is hijacked it wont save you

MS Excel

the tool thats just good enough (i.e. not impossible) at everything to mean Manglement wont pay for the propper tools.

the UAE have enough money, they should be able to survive an Oracle defamation sue-ball

Re: 'appropriate kickbacks' rule the nest.

Tie that to the A woman can't run the country brigade and you have all the answers

thats another issue, Apple dont let you run it on a mac

Re: Why TF? ! ...

this is why I love the data minimisation clause in GDPR.

This way, if you don't need it, you don't need to collect it. (the potential fines are too big of a risk)

Re: Do try not to exclude neurodiverse candidates

TBF it works both ways,

I heard tale of a recruiting manager who insisted the SSH worked over UDP...

The neurodiversity is very much a thing, and not all of us are completely useless with real people.

If you're neurodiverse, you are generally quite good at working things out and working out how to simplify complex things, that work for you, in terms others can understand.

The benefits of neurodiversity is that they tend to have a hyperfocus mode, so get deeply knowledgable in one specific area, this makes them great SMEs

forgetting Hanlons razor

"never attribute to malice that which is adequately explained by stupidity"

who goes bankrupt running a casino?

Re: Duh, and in other news, water is wet

Come on, Palo and Forti have had issues, but not as bad or often as Ivanti, and if I was going to have a do not use list Forti would also be on it.

At least Palo are normally quick with patches.

Other candidates are F5 where the Big IP is constantly full of holes.

The other big vendors have plenty bugs, but they are dealt with quickly and and in a professional manner.

Broadcom are gonna drive VMware into the ground, and D-Link are another consumer networking problem, along with TPLink and others more worried about cost than security.

The real issue is software is not being made secure, and people are not patching... one is in the control of vendors and the other the Gen Pub. and both can be mandated by legislation.

We need to make vendors responsible for their software security and people accountable for doing basic maintenance.

Re: Remote data destruction

if you need the data, the Center for Memory and Recording Research at UC San Diego did it all.

They proved unless you can move the heads of the centre of the track, multiple overwrites make no difference.

They also developed an OS tool to trigger the secure erase unit command

Re: > My 4G service (EE) is abysmal

I check my phone and note with dismay that while outside in the rain I had 4G, now that I’ve sat down, my connection is rapidly dropping through 3G to 2G, then to Edge, then to fax modem, then to Morse code over telegraph, and finally settling on smoke signals. Weak ones.

-Alistair Dabbs

Re: Bin it.

Their USB to serial chips make all the old-fashioned console connections work

Re: Time to leave

Thoma Bravo are different. they make their companies materially better

at one point or another they have owned part or all of:

Barracuda, Bluecoat, BeyondTrust, Connectwise, Darktrace, Delinea, Entrust, Exabeam, Imperva, Impravata, Landesk, Logrythm, McAfee, Proofpoint, Sonicwall, Sophos, Tripwire and Veracode.

and a couple of others

Re: Except these are products that people *buy*

Every FOSS licence confers no warranty that the code is fit for the purpose you use it for.

If you use someone else's code you have to provide that warranty if you are going to sell it.

1Password is a previous sponsor of HIBP, and is not a reseller.

they do (or did) use the data in their watchtower feature, but it does not form the complete solution and has no effect on their relationship with HIBP

Re: Which is exactly....

Trump and minions already do see the PATRIOT act.

They also have rights to all of the rest of our data stored with US companies (like Apple) thanks to the CLOUD act.

But all of these Acts are against the International treaty of the Universal Declaration of Human Rights, which is a fundamental treaty of the UN, that all countries had to sign up to:

Article 12 is a doozie:

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

so not only are they not allowed to do it, they even have to prevent it from being done in law

Re: Yes what we had was corrupt, and it was mostly OK

to quote Winston Churchill.

It has been said that democracy is the worst form of Government except for all those other forms that have been tried from time to time.…’

Winston S Churchill, 11 November 1947

Re: Isn't it time

yeah, the RAF was supposed to replace the NAS and AAC, but they wouldn't relinquish control, so you will probably end up with the Royal Cyber Force, and still have one for each service.

Re: So long, & thanks for the fish.

Unfortunately, he won the popular vote this time round, so MOST Americans who expressed a preference can be tarred with that brush.

the real reason he got into power though, is not his supporters, it's the misogynistic Old World US that would rather have the Chetto in Chief back or any man than have a woman president.

The US is a relic of its origins, the people that moved across the ocean rather than evolve with the reformation of the church.

if you look at the majority of Western democracies that are thriving they are run by women under 35, and neither of those criteria has ever been US president, in fact, Obama was the youngest president ever when he took office, and the average age of the candidates last time round was twice that

Re: A public sector only ban wouldn't work

It's not hard to stop the script kiddies, just apply the Cyber Essentials principals

Secure configuration, deploy UAC, deploy EDR, Patch and Firewall.

that stops you from being the low-hanging fruit.

After that, it's about your threat level and if people are specifically targeting you, if they are determined enough or resourced enough they will get in.

You need to deploy the advanced controls on top to detect and respond in a timely manner.

Thats the art of the Cybers in a nutshell

Re: Going Dutch?

Not Just AWS, MS too, and others, the Netherlands are a tax efficient place to stash things.

doesn't hurt that they have ASML who's tech is just about essential to produce AI chips

Re: Sounds like they were violating FERPA

It is also violating COPPA too, bearing in mind we are talking K-12 personal info at least half of it is Under 13s

Re: Haribo

Haribo GmbH & Co. KG, doing business as Haribo is a German confectionery company founded by Hans Riegel Sr. It began in Kessenich, Bonn, Germany. The name "Haribo" is a syllabic abbreviation formed from Hans Riegel Bonn. The current headquarters are in Grafschaft, Germany.

Germans are good, well at least now, and trump likes candy, so I don't see there being any restrictions placed their

Re: Unlicensed

the point is, until now it hasn't, MS has been giving away the cat pics for nothing and the bits for free.

someone with VP in their title worked out how much that storage space was costing MS in lost revenue, and decided that it was a chance to pad those bonus $$$$

Re: Blue Origin has named the date for the first launch of its New Glenn rocket – January 10

SpaceX isn't the only player in the game,

it's just they knock the existing suppliers (Lockheed Martin Space and Boeing Defense, Space & Security) out of the pork barrel,

They only need 1/10 the pork to get the thing off the ground

They also have the first-mover advantage in recyclable launch systems and proven records of getting to space.

BO have a lot of catching up to do, to get 1/10th of spaceX experience, and proof of reliability.

they managed 3 launches last year to Rocket Labs' 14, CASC's 49 and SpaceX's 134

Re: Chinese backdoors bad

OpenRAN is comming,

OpenTel should be next

Re: It won't

even though all their kit, including the custom ASICs are made in china (Shenzen I think)

Time to move to octopus

Re: Firewall or AI

Next up: learning about IPv6, but that will definitely be for next year...

like it was last year, and the year before and so on...

Chances are this is just a marshalling area, but it's bad OpSec to leave everything in the cache after you extract it.

Re: Motion?? Specifics??

Considering ACD started as Mailcheck (DMARC, and TLS email the easy way) and Webcheck (learn how to do HTTPS and CSPs the easy way)

then branched out to PDNS (DNS Filtering) then added NEWS (NEWS Early Warning System - yes someone has a sense of humour, but was made to grow up) (working with threat intelegence to tell you you have been compromised) then added Exercise in the Box (how to excercise your IR plan the easy way) then added Logging Made Easy (a prebuilt ELK stack with easy to use defaults to centralise logging) oh and this little thing called Cyber Essentials (what to do to get the basics right) and the not bad generic cyber training available for free

I think there has been a considerable impact, especially for local councils, NHS and Emergency services, who have a treasure trove of data on you and next to no cash to afford the expertise to protect it.

NCSC have done a great job to keep the crown jewels safe.

At this point outages are priced into the MSFT shares.

Its diversified enough and has a dominant market position that allows it to not be affected.

whether the dominant market position is deserved or not is down to your interpretation.