Posts by Security nerd #21

Provider resource quality

I wouldn't say that Infosys are any better or worse than any other provider utilising offshore personnel. In fact I've seen both excellent quality resources, along with graduates with absolutely no skills whatsoever being put into roles of responsibility

The normal practice is for the good resources to be brought in during bid stage, and then the quality and experience of the staff goes down over time, reaching all time lows at the end of the contract.

In my current gig, Infosys bucked the trend bringing in the worst resources possible from the get go - quite how many steak dinners were involved in the bidding stage is anyone's guess

Re: Passing the cost to customers

"I have a hard time believing that bigger enterprises will have 20% of their computers connected to the internet without even a firewall in between."

You'd be surprised unfortunately. Many companies don't even know what kit they are running - let alone the challenges with misconfigured cloud services, and shadow IT introduced by the business teams.

Re: Any sanctions?

Your browser will download what it is told to from the web server you are connecting to - and that will be independent of any other browser tabs and the versions of javascript modules loaded on those pages.

The NPM updates would be on to the web server and then distributed to the clients on page load.

Whether your browser tab will do stuff outside of its sandbox is subject to the browser version, desktop security, and user stupidity (e.g "Click here to win lots of money"). This is regardless of platform - Windows / Linux or Mac

As other people have noted, doing NPM updates from the web blindly is not good practice - but unfortunately some web developers don't see it that way.

Re: Rather close together

Cheltenham's not that far away from Swindon either, so perhaps some dark fibre between the sites ? ...

Re: Serious question from MS users

Windows Defender + OpenDNS / CleanBrowsing seems to have prevented my extended family machines getting malware for a few years now.

Good enough I think - and the only callout I've had was for a Windows scam (the relation was highly embarrassed)

Re: I did the same by accident...

Name me one Linux admin who hasn't done "rm -rf * " in the wrong directory.

It is a right of passage, and you only do it once - followed by the swearing and then fixing it whilst hiding your tracks ...

Re: Idea for Firefox

Due to the proliferation of bots on the net these days, a lot of outfits use their CDN services as a security defence layer as well (as the CDNs have the scale to see the troublesome blighters and leverage this in their products). These means the origin addresses are locked down, and you can't go directly.

This doesn't explain the case above routing through lots of different CDN services - that just looks like rubbish network design, or maybe the ISP is taking advantage of other peoples transit ...

Re: I'm in the wrong job......

The US has one of the laxest banking environments in the world.

In some quarters viewed as the #1 global tax haven due to the simplicity of opening accounts without proof, and the glorious state of Delaware with its corporate tax regime.

If Akamai went down, it would probably affect everybody (well non China anyway).

The Internet is held together with gaffer tape, and at some point it will break. Although of course its meant to be resilient, but if all the traffic ends up being routed under some road in Africa / India / Basingstoke (delete as appropriate) ....

Advertising companies just make things worse - I'll be glad when 3rd party cookies are fully banned, although not via Google's intended method please.

Re: Proxying

If It's Apple doing the MITM - they own the browser and the device. They can put whatever certificates they like in to the system, suppress warnings on their "special" certificates, and the average user wouldn't notice.

Thats the truly scary bit. But hey - it's shiny

If a public VPN provider is MITMing the connection, it's the same scenario as the user has just installed the VPN app, and probably ignored the permissions required (which will include the certs etc). Apart from tin foil hat scenarios, the only real reason to use these is to bypass regional restrictions - laudible in a few situations, but only a few ...