* Posts by WmK

9 publicly visible posts • joined 3 May 2018

Ransomware-hit law firm gets court order asking crooks not to publish the data they stole


Re: Not as foolish as you think…

I used to work for a law firm, and yes it's exactly this.

Audacity fork maintainer quits after alleged harassment by 4chan losers who took issue with 'Tenacity' name


Re: Seriously?

Well, as the article says, 'a search of the forum shows no evidence of cookiengineer's address details being shared nor calls for physical violence'. Not sure how that tallies with the claim, but I guess the police will sort it out.

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past


Are they going to try and maintain this when weed is eventually legal everywhere? Surely on some level some of the senior folks there must realise how pointless this is.

Jeff Bezos feels a tap on the shoulder. Ahem, Mr Amazon, care to explain how Capital One's AWS S3 buckets got hacked?


Re: Whose Fault

'a demand for Amazon to deliver a list in 6 days of "all other companies that in the last 2 years have had their data pillaged while stored on AWS using both known and unknown vulnerabilities as well as misconfiguration".'

Never mind being an enormous task, it's also an impossible one. Why would AWS know about all client screwups that led to client data losses?

DXC Security exec: Yes, I'd have thought we'd spend more on certs and laptop kit for staff, too


Re: Certifications? Wha'?

It's different when you're in-house, but if you're a consultancy or service provider I'd expect the employer to be funding certs because that helps them sell the staff, especially for things like 27001.

Also, I don't think I've worked anywhere in the last 15 years that wasn't willing to fund at least one cert a year, but I'm in the UK working for UK companies.


Why would anyone in cyber security stick with an employer that hasn't given them a raise in three years? Do they not know what the market looks like? Also, I'd be straight out the door if someone told me to pay for my own 27001 lead auditor cert.

Remember kids - you owe your employers about as much loyalty as they're going to give you. So you know, basically none.

Don't have a heart attack but your implanted defibrillator can be hacked over the air (by someone who really wants you dead)


Yeah that was Barnaby Jack, and an OD. RIP. :(

Kaspersky Lab's move from Russia to Switzerland fails to save it from Dutch oven


Re: FUD...

Agreed - I really don't see why anyone would feel better about this software simply because the geographic location of the tin it's being compiled on has changed. As far as the software audit goes, I suppose the jury is out, but honestly, are they going to validate it on a daily basis such that they can authoritatively say that distributed binaries truly contain only the code validated? Honestly, Kaspersky are in a bit of a bind here, and I'm really not sure if there's a clear way out.

Blighty: If EU won't let us play at Galileo, we're going home and taking encryption tech with us


Re: Fucking Brexit

"I'd like to see more citations"

Alas, people don't write down everything they say. If you've really reached the point where you feel you can't trust new that appears in places like the FT and The Register without references then perhaps you should give up on news? (Apart from what you read on the sides of buses, clearly.)