|
Actual details would confuse the target audience
TTFN - Kent
|
|
|
|
|
US software maker Adobe on Monday released security updates for its Flash video player amid ongoing concerns about security holes that could let hackers in. In related news: Pope is Catholic, bears mess up the woods.
|
|
|
|
|
Edit: interesting coverage of this here on Quartz: [^]
Forbes.com, Dec. 28: "191 Million US Voter Registration Records Leaked In Mystery Database" [^].
A whitehat hacker has uncovered a database sitting on the Web containing various pieces of personal information related to 191 million American citizens registered to vote. On top of the concomitant problems of disclosing such a significant leak to that many people, no one knows who is actually responsible for the misconfiguration that left the data open to anyone.
Researcher Chris Vickery, who this month found myriad databases left open to all and sundry, told FORBES he has his hands on all 300GB of voter data, which includes names, home addresses, phone numbers, dates of birth, party affiliations, and logs of whether or not they had voted in primary or general elections. The data appears to date back to 2000. It does not contain financial data or social security numbers.
"Our society has never had to confront the idea of all these records, all in one place, being available to anyone in the entire world for any purpose instantly," Vickery added. "That’s a hard pill to swallow. It crosses the line." Spammers across the world rejoiced ?
«Tell me and I forget. Teach me and I remember. Involve me and I learn.» Benjamin Franklin
modified 29-Dec-15 13:46pm.
|
|
|
|
|
Quote: The FBI declined to provide comment to FORBES. It recommended contacting the Secret Service, which had not responded to requests.
Not responding to requests for information is pretty much the point of the secret service.
That aside - we are simply going to have to come up with some way of authenticating people other than some shared secret (address, date of birth etc.) because none of this information is secret any more.
|
|
|
|
|
Implant a chip in people's ears?
(Hey, it works for dogs!)
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
I think we need to change "Something you know" in multi-factor authentication with "Where you are" (using something independently verifiable proof)
That way you can only hack my bank account if you are in my house, or in a location consistent with my prior movements...
(Not sure how this can be done though)
|
|
|
|
|
It can be done by giving even more information to our lords and masters. The authentication system will have to receive regular updates from your phone, tracking your location. From that, a profile of your movements may be extracted.
The problem is, if you are on a once-in-a-lifetime trip to Nepal, and want to check your bank account, your proposed authentication system fails.
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
Daniel Pfeffer wrote: The problem is, if you are on a once-in-a-lifetime trip to Nepal, and want to check your bank account, your proposed authentication system fails.
Not if they have an unbroken audit track from your home to Nepal...which they probably will.
|
|
|
|
|
So what? Most of this is public record.
BTW, when I worked as a contractor briefly for a company, I had access to the entire RNC database without so much as a "please give me access." Granted, the data was slightly stale (from a couple years ago). But sure enough, I was in it, my voting history, my gf was in it, etc.
Marc
|
|
|
|
|
Posted yesterday[^]
On the next page.
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
When you begin to boil it down, there are a variety of hidden risks to consider when deciding to build an in-house solution. "The reward for work well done is the opportunity to do more"
|
|
|
|
|
In-house (when possible) will still be better than off-the-shelf.
|
|
|
|
|
When properly built and supported, agreed.
We've got six (that I know of) CMS tools currently in use at one customer that I would use as counter-examples, though.
TTFN - Kent
|
|
|
|
|
Better than three off-the-shelf ones I bet.
|
|
|
|
|
As we're talking CMSes, I'm afraid you're definitely right.
TTFN - Kent
|
|
|
|
|
In-house solutions do require careful selection and grooming of a scapegoat to be used after release.
«Tell me and I forget. Teach me and I remember. Involve me and I learn.» Benjamin Franklin
|
|
|
|
|
As are also numerous risks when buying COTS. The other alternative (contracting the work out), which I was a victim of on the "we're getting rid of our in-house development" and have benefited from on the other end "we just got a contract from company X to do ABC", is one alternative that management likes best because they can insentivize and threaten, depending on the mood of the day, the contractor.
Marc
|
|
|
|
|
This year has made clearer than ever before that this Internet of Things introduces all the vulnerabilities of the digital world into our real world. Who will protect our things?
|
|
|
|
|
You think?
Come ask me, I know what's stupid. IOT is one.
|
|
|
|
|
No one will protect anything, when all the beer is piss warm, all your lights blink on and off and every last speaker plays Rick Astley Captain Hindsight will be there to tell you that you shouldn't have chipped those beer bottles.
While I do like the idea of interconnectivity at home to help big data it will be harder to protect everything the more items you have.
I think the best way would be to have IoTs connected to a controller which is as secured as possibly. Separating items that are critical from the internet and only allowing updates/access manually. But that would take work and most people are against work, if it isn't plug and play it isn't worth buying...
|
|
|
|
|
Laura Jacques and Richard Remde received news of second dog’s birth on Monday morning after paying £67,000 to South Korean cloning firm "They were all beautiful little boys"
|
|
|
|
|
How did two people who seem to have so little sense manage to amass so much money in the first place?
(Before we get two sentimental - they cloned an animal that died of a genetically linked cause using a technique known to increase the risk of tumours... )
|
|
|
|
|
And to think, how that money could have been used to help an orphanage.
Marc
|
|
|
|
|
How can programmers benefit from the “the year of Neural Nets”? It looks like you're trying to write some code. Would you like me to distract you from that?
|
|
|
|
|
For many, messaging app-based chatbots will replace search engines and virtual assistants. And friends. "I can understand how the limited perspective of an unartificial mind might perceive it that way. You'll get used to it."
|
|
|
|