Re: Walk in to a zoom meeting just like that?
It's been a very easy to stop thing since late April when the issue first got media attention. There's no excuse for the court not implementing the restrictions
43 posts • joined 17 Jan 2018
Well the problem is the entire system is underpinned by the principle that you vote for an individual to represent you at the national level. That individual may belong to a party, or they may be an independent and whoever can form the largest group of MPs is the government. The system isn't designed for the public to vote for a party or for the policies of a party. The disconnect is in how voters treat the system where they vote for a party rather than a person, or in recent years vote for the PM rather than the individual MP or party. Simply making manifesto pledges binding would not address the underlying issue and would itself be contradictory. Instead, you would need a system akin to proportional representation with binding pledges with an independent body to assess this which has it's own downsides.
Serif's Affinity suite is an affordable non-subscription alternative to Photoshop. It offers most of the functionality you get out of Photoshop but you then don't have the extensive range of add-ons Photoshop gives you access to and there are a few more niche features not in Affinity Photo
Anyone can have a bad day and click on something they shouldn't have especially if under pressure or a phishing email looks like something they were expecting. It also doesn't help that a lot of organisations have legitimate emails that really look like phishing and contain most of the traits you're told to keep an eye out for. One of our vendor partners sent me a meeting invite last week that I was convinced must be phishing but it was legitimate. Bad spelling, suspicious link, not from their usual domain, emotive language.
Some of the spreadsheets many of the PMO people I know have to use are insane and take forever to load because a network stored ridiculously sized spreadsheet has grown out of something once thrown together quickly to centrally store data from emails in. Some of them are also so complicated that no one knows how to fix them when they break because the person who made and hotfixed it has since moved on.
It's like talking to a brick wall because the key policy makers can often barely use technology let alone understand it. I'm sure most of us have had to deal with similar issues either at work or with family where they can't understand why the magic box can't just do everything they want it to!
That's because they bought the least of the 4G spectrum of any of the providers (there was a lot of controversy about the process and the merger of T-Mobile and Orange giving them a ridiculous amount of the spectrum) but they've bought more of the 5G spectrum than any operator so they'll have much better coverage once the 5G roll out speeds up (and you have a 5G enabled device)
When I did my XRY cert (one of the other less worrisome mobile forensic tools since you need the passcode for the device for it to work) it could do an extraction from an iPhone without changing any data (except what is changed by the device itself in the normal operation) but Android devices had to change data on the device to extract data from it.
The legal side of this is done with the documentation of the steps taken and the impact that has on the device. As long as you're following a good process, they'll accept the changing of the device data as a consequence. The way XRY and other tools work prevent investigators from being able to write anything to the device while it was plugged in to the XRY box. The rest of your assurance is from the process with exact time stamps of where the device was etc. The police guidelines are not fit for purpose but they're usable. XRY is also idiot proof whereas the other Mobile Forensic Tools are not. As long as you can follow very simple instructions, you can use XRY.
Google could refuse to allow Google Play Services to manufacturers that bundle this software with the phone in an unremovable way. The theory is that this would kill the market viability of these phones forcing them to change it and prevent other manufacturers doing the same thing in future. Just going after the manufacturer allows another one to start doing the same thing and then you're playing whackamole.
Those apps aren't actually installed. They're just links to install in your start menu and you can most definitely remove them. It's only when you actually click on them that they are installed on your device. You can even remove them using group policy so that the user never even sees them! I'd rather they were not there at all but it's something completely different than what is happening with Android devices
Having used both, these are significantly better than the HD4.50. The noise cancelling works better, the microphone is actually usable for calls (I have a fairly soft voice and the HD4.50 mic just didn't work for me for business calls), they are a lot more comfortable and one of the features I make use of is that when plugged in via USB, these headphones act as their own sound card which makes work calls a lot simpler
Yes. Some noise will still get through but they make things significantly quieter without needing to be connected to a source. There's a switch on the back of the cup that can be set to Off, Device Controlled or On for the noise cancelling. Device Controlled will set it to whatever you set the noise cancelling to in software the last time it was connected to a phone and On will just have the noise cancelling on full whenever the headphones are turned on
I do feel a bit bad for Ring here. It seems every few months a company is hurt by widespread media coverage due to credential stuffing that isn't really their fault. Spotify comes to mind as one who regularly gets reported as being "hacked" when really it's just reused leaked passwords. But because the media don't understand security, Ring gets a load of bad press in a period I'm sure they were relying on sales in because of end user error. Yes what these idiots have done is horrible but that doesn't mean Ring is to blame (for once)
100% this. If you haven't looked at the changes to Endpoint Protection over the past couple years, it's something I'd seriously recommend. The market has shifted (and is still shifting) quite significantly with the big players changing around and Microsoft ATP really shaking things up. Then you have newer players like Elastic (Previously Endgame) offering very different solutions both in pricing and offering that didn't even exist a couple years ago but have a real chance of knocking the long time players off the top spots in the market!
His job was not to analyse it. His job was to prepare it to send onward to the external auditors (KPMG). Their (KPMG mandated) process required the data to be put on a USB. Skelton copying the data to a USB wouldn't have raised alarm bells even if they had detected it because it was a component of his job
And would have been able to attempt to reclaim that money from Skelton along with the costs of retrieving the money from him. Legally, the case is really interesting on the second element more than the first. If someone commits a criminal act that has a significant relation to their job role but is clearly not a function of their job, can their employer be held vicariously liable for that act? Does that count as the one continuous act required for vicarious liability?
Morrisons were following the guidelines they were told they had to implement by KPMG. The ICO said the only other thing they could have done was have tools in place that would have alerted them that Skelton had copied the data on to an unencrypted USB which, because of the job he held, would not have raised alarm bells quick enough to prevent the leakage of the data. Skelton's entire job was handling sensitive data. They did not do anything worth being fined for under DPA or GDPR
Yep it was Skelton's job to send the financial data to KPMG. He had a business need to process that data. The process that KPMG told Morrisons to use involved putting that data on an encrypted USB. If they are held accountable for the actions of an employee breaking the law entirely out of a want to damage his employer for punishing him when he broke the rules, that has significant negative implications for all UK businesses and is giving Skelton exactly what he wants!
Also, no matter how well trained or intelligent someone is, they can have an off day where they slip up and click on something they shouldn't. Endpoint software is so much more than just an AV provision so that when someone does slip up, and they will, the right action can be taken and the company protected as well as they can be
It's the process when you go to a ticket office rather than at an underground top up point. They don't have direct access to the Oyster system as it's managed by TfL so their work around requires a password because they need to log in to the TfL account or create a new TfL account as a part of the process. All the guidance on how to apply the discount to your Oyster says to go to a person at an underground station which doesn't require the password.
Eh most business people know of Blackhat at least as a vague understanding. I doubt the idea was ever to sell it to anyone at Blackhat but to just be able to say they presented there to some purchasing managers who don't know better to get them to pay up. I doubt they expected the level of backlash hence the suit to try and reclaim the narrative. It's just a grift to pretend they have a cutting edge product to earn quick cash from companies who want to just buy a product rather than do any real work for security
There really needs to be a federal anti-SLAPP law at this point. You're getting more and more baseless defamation suits fighting to be heard in states without anti-SLAPP legislation like Depp. The fact they're trying this in California is incredibly laughable but you do see it still as a way to silence critics knowing that they can either eat the penalty or that the threat of a lengthy suit is more than most critics are willing to deal with
As already mentioned, anyone using an airport printer shouldn't be expecting any privacy of what they print. Surely this is just a classic example of how the system working and being accessible is more important than the system being secure. Even if you made the connection completely secure, what's to stop someone just grabbing it off the printer before you get there? Some printers allow you to reprint stuff stored in memory. You can't know the printer isn't capable of doing that. Anyone who prints sensitive stuff on these printers should be banned from printing things ever. Especially with how easy it is now to get machines with pens for annotating stuff as cheap as a couple hundred quid.
Hi James, you seem to be confusing the Data Protection Act 1998 (replaced by GDPR) with the Computer Misuse Act 1990 which is still in effect. GDPR regards the protection of personal data aimed at any organisation that processes personal data. Computer Misuse Act is the overarching "hacking" legislation of the UK
If you look at the website of the people who they bought the app from, you'll notice that passwords are an extra £399 for all but the top tier. I'm betting they either didn't purchase passwords or didn't enable them. The fact the app is available without passwords is utterly insane but not surprising.
They could use a defence along the lines of "it wasn't me someone else sent me the screen grabs" and unless they could prove beyond reasonable doubt that wasn't the case... But I agree with your interpretation of the CMA. Doesn't matter how you accessed it, if you didn't have permission or a reasonable belief of permission and changed data that's the third tier.
The "Let's mark it as done because it's the deadline and we don't get paid otherwise" is everywhere in the IT sphere at the moment and in my experience results in a massive headache further down the line after that person moves on and no one realises it hasn't been done until way too late. Then you get the confused senior managers going "But it's marked as done! Why are we spending money on it if it's done! No if it says it is done it must be done."
Playing buzzword bingo was the only thing that made corporate meetings bearable. There's only so many times you can say "That's not how it works" before you just give up and know they won't be able to work out you've done things differently. I still shudder whenever someone talks about the cloud or AI. I blame the salespeople.
Biting the hand that feeds IT © 1998–2020