A lot of Windows users woke up yesterday unable to work on their code because some projects would open and immediately crash. Their github is full of reports.
And really haven't looked into this at all, but it seems like there are traditionally two systems of law, criminal and civil, maybe it's time there become "corporate" laws, since a majority of criminal offenses seem to stem from corporate interests. I'd rather see corporate attorneys prosecute these laws then our government persecutors who should be focused on real crimes. I'm sure there are a ton of problems with a model like this, but could a real lawyer break down the pros and cons?
While they advertised their API removal, it was a giant mess as well. They removed almost all the functionality and rather than just remove the API functions from the admin console, they left them still there and made developers go manually switch off the ones they weren't allowed to use themselves. If anything was left on, your calls just wouldn't work.
Oh wait. It's called the CVSS. Only your system admins and security folks will know how vulnerabilities apply to your organization. Temporal and environmental factors and only be assessed by people in the know. Windows shops obviously don't care about Linux vulnerabilities and vice versa.
The base ratings are strictly focused on the vulnerability. Other factors you need to determine yourself... And there's already a system for that.
Since everyone had access to it... Seriously, this is why least access principles are so important. Encryption isn't a silver bullet, there is no silver bullet, it's a process, with many layers and technology. You need to do it all, or determined attackers will pick the weakest link.
I've always found mod or post system as a bit of a filter. If I understand the topic at hand I'll usually read through the comments before posting (and if time permits the article too). After reading the comments, if someone else already made the same or similar comments I would have made, I mod them up rather than sharing my opinion. Otherwise, if my points aren't, made I'll join the conversation. I think this system works better then hundreds of "I agree" type postings.
40 million customer credit cards exposed, 70 million customer records containing PII exposed. 10 million dollar settlement over a year later? This is a joke, and a good reason to not bother with security.
"Excuse me driver can you refrain from beating raping me for a moment while I reach for my phone, unlock it, navigate to the uber app, find the panic button and activate it?"
Even still, this is more than any cab service offers.
“Unlike BlackBerry, which allows iPhone users to download and use our BBM service, Apple does not allow BlackBerry or Android users to download Apple’s iMessage messaging service,” he wrote.
Sure it does now. Had BBM been on other devices 5+ years ago, I don't think Blackberry would be in the shape it is now. Around that time BBM was all the rage, unfortunately it was Blackberry only. Now no one uses BBM....
this entire story is nonsense, speaking as a qualified medical physicist in radiotherapy with decades of experience. First of all, for him to make a 3D model of a tumour, he is having to decide based on CT and/or MRI data what is or isnt the tumour, which by the way you might have noticed is the same information from the CT and/or MR scan that qualified radiologists and oncologists look at, and using treatment diagnosis and planning software (including auto segmentation techniques). So unless this guy suddenly read a book one night and became a fucking oncologist, he didnt pick out SHIT from a CT data set that a qualified oncologist "missed". Nor did he tell surgeons "how to get at" the tumour in a way that implies that was the holdup, like he figured it out while people who work with this for decades didnt get it.
ah now wait a minute, halfway down the article
"So although the first doctors told them to wait, Balzer and Scott sent the MRI results to a handful of neurologists around the country. Nearly all of them agreed that Scott needed surgery."
correct. OTHER QUALIFIED DOCTORS diagnosed the issue. Not some fucking clown with a 3D printer.
"The tumor had grown substantially, which indicated a far more grave condition than was initially diagnosed. But back at home, Balzer used Photoshop to layer the new DICOM files on top of the old images, and realized that the tumor hadn’t grown at all — the radiologist had just measured from a different point on the image."
this makes no sense at all and has either been misreported, or he went to a pretend hospital staffed by retards. NO INFORMATiON WHATSOEVER came to light from a 3D printed model of the SAME FUCKING DATA thats in the image. If someone measured wrong on a scan thats an error, just go back and review the images, or send them off again for a 2nd opinion rather than waste your time printing a fucking useless model
he sent a 3d model/image round when instead all he had to do was send the SOURCE DICOM files to these other doctors, which would have resulted in the exact same solution.
Fuck, every single time you see a story in your own field and realise its utter bullshit, you realise that ALL stories must be fucking bullshit, its just that you cant check up on stuff youre not involved with so easily
IANAD, and appreciate your analysis of the article, and generally agree with the points you make about the article. Articles are written by journalists that generally the reports end up coming out like a school yard game of telephone. But I think the 3d printed representation of the tumor may have been useful. I myself find physical objects and representations much easier to understand and comprehend than virtual equivalents.
If your information security department isn't investigating issues and possible incidents on the regular, they probably aren't doing any monitoring of any kind.
I'm pretty sure there is more of a case to be made in pointing the finger at the company that had the weak security controls which allowed this breach to happen. Just sayin...
Seriously, monthly hidden cell phone fees that "children" incur without permission probably vastly surpasses 19 million every month. Why hasn't the FTC done ANYTHING about that.
You shouldn't have to lock your data down. I can see GPL'd code and can use it and distribute it but I can't close source it and then resell it as a proprietary app and then say "hey if you didn't want me to use it you shouldn'thave made it available". That is the license we agree to. A clear license lines out acceptable use and it looks to me like they are trying to strike a balance between being solvent and user friendly. But freeloaders will ruin it for others.
I agree you shouldn't have to go to any extremes to lock down your own data. But when publishing an website online, there are certain standards you need to follow if you don't want people copying the data on your website. If they are allowing search engines to index their proprietary data, then they should have no expectation that others will not do the same.
Slashdot Mirror
Wasted my time.
A lot of Windows users woke up yesterday unable to work on their code because some projects would open and immediately crash. Their github is full of reports.
Changing your passwords every so often is important, most password breaches go undisclosed, not all 'crackers' are releasing their findings.
You're plugging it in wrong.
And really haven't looked into this at all, but it seems like there are traditionally two systems of law, criminal and civil, maybe it's time there become "corporate" laws, since a majority of criminal offenses seem to stem from corporate interests. I'd rather see corporate attorneys prosecute these laws then our government persecutors who should be focused on real crimes. I'm sure there are a ton of problems with a model like this, but could a real lawyer break down the pros and cons?
While they advertised their API removal, it was a giant mess as well. They removed almost all the functionality and rather than just remove the API functions from the admin console, they left them still there and made developers go manually switch off the ones they weren't allowed to use themselves. If anything was left on, your calls just wouldn't work.
Clearly it was on purpose.
Oh wait. It's called the CVSS. Only your system admins and security folks will know how vulnerabilities apply to your organization. Temporal and environmental factors and only be assessed by people in the know. Windows shops obviously don't care about Linux vulnerabilities and vice versa. The base ratings are strictly focused on the vulnerability. Other factors you need to determine yourself... And there's already a system for that.
I hope this takes over as the defacto standard for HTTPS. I'm tired of constantly seeing SSL and OpenSSL vulnerabilities.
Isn't that where all the taxes go?
Since everyone had access to it... Seriously, this is why least access principles are so important. Encryption isn't a silver bullet, there is no silver bullet, it's a process, with many layers and technology. You need to do it all, or determined attackers will pick the weakest link.
I've always found mod or post system as a bit of a filter. If I understand the topic at hand I'll usually read through the comments before posting (and if time permits the article too). After reading the comments, if someone else already made the same or similar comments I would have made, I mod them up rather than sharing my opinion. Otherwise, if my points aren't, made I'll join the conversation. I think this system works better then hundreds of "I agree" type postings.
To sell Allen keys at premium at refugee sites.
40 million customer credit cards exposed, 70 million customer records containing PII exposed. 10 million dollar settlement over a year later? This is a joke, and a good reason to not bother with security.
It means you get no women.
I think I really misunderstood the job posting that said "works with models" then.
And it doesn't say much of anything other than rambling off hardware specs. Is this what qualifies as a review these days?
"Excuse me driver can you refrain from beating raping me for a moment while I reach for my phone, unlock it, navigate to the uber app, find the panic button and activate it?"
Even still, this is more than any cab service offers.
This is the drone you're looking for.
“Unlike BlackBerry, which allows iPhone users to download and use our BBM service, Apple does not allow BlackBerry or Android users to download Apple’s iMessage messaging service,” he wrote.
Sure it does now. Had BBM been on other devices 5+ years ago, I don't think Blackberry would be in the shape it is now. Around that time BBM was all the rage, unfortunately it was Blackberry only. Now no one uses BBM....
this entire story is nonsense, speaking as a qualified medical physicist in radiotherapy with decades of experience. First of all, for him to make a 3D model of a tumour, he is having to decide based on CT and/or MRI data what is or isnt the tumour, which by the way you might have noticed is the same information from the CT and/or MR scan that qualified radiologists and oncologists look at, and using treatment diagnosis and planning software (including auto segmentation techniques). So unless this guy suddenly read a book one night and became a fucking oncologist, he didnt pick out SHIT from a CT data set that a qualified oncologist "missed". Nor did he tell surgeons "how to get at" the tumour in a way that implies that was the holdup, like he figured it out while people who work with this for decades didnt get it.
ah now wait a minute, halfway down the article
"So although the first doctors told them to wait, Balzer and Scott sent the MRI results to a handful of neurologists around the country. Nearly all of them agreed that Scott needed surgery."
correct. OTHER QUALIFIED DOCTORS diagnosed the issue. Not some fucking clown with a 3D printer.
"The tumor had grown substantially, which indicated a far more grave condition than was initially diagnosed. But back at home, Balzer used Photoshop to layer the new DICOM files on top of the old images, and realized that the tumor hadn’t grown at all — the radiologist had just measured from a different point on the image."
this makes no sense at all and has either been misreported, or he went to a pretend hospital staffed by retards. NO INFORMATiON WHATSOEVER came to light from a 3D printed model of the SAME FUCKING DATA thats in the image. If someone measured wrong on a scan thats an error, just go back and review the images, or send them off again for a 2nd opinion rather than waste your time printing a fucking useless model
he sent a 3d model /image round when instead all he had to do was send the SOURCE DICOM files to these other doctors, which would have resulted in the exact same solution.
Fuck, every single time you see a story in your own field and realise its utter bullshit, you realise that ALL stories must be fucking bullshit, its just that you cant check up on stuff youre not involved with so easily
IANAD, and appreciate your analysis of the article, and generally agree with the points you make about the article. Articles are written by journalists that generally the reports end up coming out like a school yard game of telephone. But I think the 3d printed representation of the tumor may have been useful. I myself find physical objects and representations much easier to understand and comprehend than virtual equivalents.
If your information security department isn't investigating issues and possible incidents on the regular, they probably aren't doing any monitoring of any kind.
It's still the shitty applications that don't enforce standard complexity requirements that play a role as well.
I'm pretty sure there is more of a case to be made in pointing the finger at the company that had the weak security controls which allowed this breach to happen. Just sayin...
Seriously, monthly hidden cell phone fees that "children" incur without permission probably vastly surpasses 19 million every month. Why hasn't the FTC done ANYTHING about that.
You shouldn't have to lock your data down. I can see GPL'd code and can use it and distribute it but I can't close source it and then resell it as a proprietary app and then say "hey if you didn't want me to use it you shouldn'thave made it available". That is the license we agree to. A clear license lines out acceptable use and it looks to me like they are trying to strike a balance between being solvent and user friendly. But freeloaders will ruin it for others.
I agree you shouldn't have to go to any extremes to lock down your own data. But when publishing an website online, there are certain standards you need to follow if you don't want people copying the data on your website. If they are allowing search engines to index their proprietary data, then they should have no expectation that others will not do the same.