When dealing with a telco, I just told them I wasn't going to pay anymore and this phone call constituted their notice. Then off I went. Of course, I didn't care about the fallout when they tried to pursue collections and did their credit reporting thing. I understand that not everyone is able or willing to take that hit. It didn't affect me at all.
It really depends on how it is done. If the rep says "You know with your usage this other plan would provide the same options and be $10 less" (I know, when would that really happen) or "I see you are close to the limit, for $10 more you would get the next biggest tier", I would agree that there is no problem. If they go overboard and start yammering about "get our phone service for just $50 more!" on a call about Internet service then I'll have a problem.
No, those rights are not available to other providers, that is part of the problem. Typically the local governments grant a monopoly to one provider and keeps out all others, in exchange for some consideration from the cable operators. This is one reason why Comcast and Time Warner don't directly compete in any areas.
Yes, the summary's idea that one could get a heart transplant with faked records is baloney. But there are a lot of simpler health care interactions which are easier to get with faked records, such as basic prescriptions. And it's not much harder to monetize, you do it the same way you do credit cards. Those marketplaces are well established for both CC info and health info, in many cases they are the same place.
I work the other side of this scenario, and while you are right for the most part (IDS technology sucks and should never be used) what you describe is an elaborate and costly setup that a minority of organizations could implement and even fewer could do effectively. It seems to me that a much more effective approach would be to limit the value (i.e. risk) of the information available to an attacker. Instead of taking extra measure to protect SSNs, ask if we even need to store them at all. I've seen a lot of incidents where I had to ask things like 'Why does this database have all this information in it when you only need three fields?' I'm not saying we should simply accept intrusion but vulnerability is infinite so moving to reduce the value of an intrusion to reduce the reward for attackers might be more effective than fruitlessly striving for perfect defense.
Given that the hospital's information is shared with all sorts of insurers, coding and transcription services, government agencies, services that comb the records looking for more insurance claims or more profitable claims, and so on, I have to say that these guys came really late to the party.
What does "for profit" have to do with cutting costs or other IT failures? Are you claiming that the "not for profit" or "non profit" hospitals are more diligent?
What mail reader in this day and age automatically activates malware? It's been a long time since outlook had any issues like this since Microsoft figured out that 'active content' was a very bad idea.
There is a lot of work being done now on behavioral analysis, with some products like Invincea and Cylance based on this idea. From the limited testing that I have done with them, they seem pretty effective. Of course, malware authors could just start changing their behaviors to avoid these tools, but if malware doesn't act like malware anymore, it stops being malware.
And of course you forgot reputation services like those already being implemented by browsers and OS vendors. These force malware users to keep moving their sites and C&C around, making it just that much harder. Which is a good thing.
Today, what we call "antivirus" is already using these two approaches to some extent.
I think the parent's point was that it might be unclear how to find an official taxi in a strange country (what do they look like, how to locate them, etc.), but finding an official Uber taxi is always the same process. I don't think he was knocking Bangkok's official taxis.
It is unclear (at least to me) how much the alteration of the original pathogen might affect it in other ways. Biology often involves trade-offs. The changes might make it less resistant to current antibiotics, or make it easier for humans to resist naturally. So you could take Ebola and make it airborne somehow, but that change would likely involve tradeoffs that would reduce the impact.
I got the impression from the article that a lot of miners do the same thing. Maybe this miscreant targeted miners that he knew or guessed were slack in that regard. Or maybe just got lucky.
Apparently he was able to spoof some control messages to the miners since their only validation was IP address. It is an interesting question: since they should have known about this BGP vulnerability which has been used before, why didn't their minerserver communication have stronger validation? The answer would be, I think, that they didn't bother since it happens so rarely. Probably from now on they will start using another layer of validation. Yet another example of how security happens in the real world: it doesn't get used until the pain gets bad enough.
I had the same thought. I suppose you could store the key encrypted, and then do all the encryption/decryption in the browser. So Yahoo would provide the browser the encrypted key and some Javascript would do the decryption. The article specifically mentions public keys though, which makes me think they must be working on providing a directory of public keys for Yahoo accounts as well. Another option would be using a browser extension. I guess we will find out in time.
The ESA overview uses the terms 'orbit' and 'orbiter' many times when describing this craft so I am a little confused. How could Rosetta follow the comet for 15 months, when they had to power it off for years just to get there, if it isn't orbiting the comet? Maybe it is simply sharing the comet's orbit around the sun? Maybe just a difference in what is meant by 'orbit'
Inflation is quite low right now relative to Weimar Germany, for example. Or the inflation experienced by Zimbabwe and Argentina at various points in the past.
Of course, the company which reveals this offers a $120/month breach notification service so they have a strong incentive to exaggerate. I'm not saying we should immediately discount these claims but let's make sure our grain of salt is in there.
In a way it is a difficult problem for Yelp. Almost all of those recent reviews were from people who had never stayed there and were just responding to the stories about the $500 fine. In other words, useless noise. So they very much should "suppress" them since hundreds of people posting variations of "I never stayed here but I am upset about this news story" adds no value for users of Yelp.
Slashdot Mirror
When dealing with a telco, I just told them I wasn't going to pay anymore and this phone call constituted their notice. Then off I went. Of course, I didn't care about the fallout when they tried to pursue collections and did their credit reporting thing. I understand that not everyone is able or willing to take that hit. It didn't affect me at all.
That is really interesting, thanks for this correction! I am inconvenienced by having to reassess my opinions, but I do not blame you for this. ;-)
It really depends on how it is done. If the rep says "You know with your usage this other plan would provide the same options and be $10 less" (I know, when would that really happen) or "I see you are close to the limit, for $10 more you would get the next biggest tier", I would agree that there is no problem. If they go overboard and start yammering about "get our phone service for just $50 more!" on a call about Internet service then I'll have a problem.
No, those rights are not available to other providers, that is part of the problem. Typically the local governments grant a monopoly to one provider and keeps out all others, in exchange for some consideration from the cable operators. This is one reason why Comcast and Time Warner don't directly compete in any areas.
Yes, the summary's idea that one could get a heart transplant with faked records is baloney. But there are a lot of simpler health care interactions which are easier to get with faked records, such as basic prescriptions. And it's not much harder to monetize, you do it the same way you do credit cards. Those marketplaces are well established for both CC info and health info, in many cases they are the same place.
I work the other side of this scenario, and while you are right for the most part (IDS technology sucks and should never be used) what you describe is an elaborate and costly setup that a minority of organizations could implement and even fewer could do effectively. It seems to me that a much more effective approach would be to limit the value (i.e. risk) of the information available to an attacker. Instead of taking extra measure to protect SSNs, ask if we even need to store them at all. I've seen a lot of incidents where I had to ask things like 'Why does this database have all this information in it when you only need three fields?' I'm not saying we should simply accept intrusion but vulnerability is infinite so moving to reduce the value of an intrusion to reduce the reward for attackers might be more effective than fruitlessly striving for perfect defense.
Given that the hospital's information is shared with all sorts of insurers, coding and transcription services, government agencies, services that comb the records looking for more insurance claims or more profitable claims, and so on, I have to say that these guys came really late to the party.
What does "for profit" have to do with cutting costs or other IT failures? Are you claiming that the "not for profit" or "non profit" hospitals are more diligent?
What mail reader in this day and age automatically activates malware? It's been a long time since outlook had any issues like this since Microsoft figured out that 'active content' was a very bad idea.
There is a lot of work being done now on behavioral analysis, with some products like Invincea and Cylance based on this idea. From the limited testing that I have done with them, they seem pretty effective. Of course, malware authors could just start changing their behaviors to avoid these tools, but if malware doesn't act like malware anymore, it stops being malware. And of course you forgot reputation services like those already being implemented by browsers and OS vendors. These force malware users to keep moving their sites and C&C around, making it just that much harder. Which is a good thing. Today, what we call "antivirus" is already using these two approaches to some extent.
I think the parent's point was that it might be unclear how to find an official taxi in a strange country (what do they look like, how to locate them, etc.), but finding an official Uber taxi is always the same process. I don't think he was knocking Bangkok's official taxis.
It is unclear (at least to me) how much the alteration of the original pathogen might affect it in other ways. Biology often involves trade-offs. The changes might make it less resistant to current antibiotics, or make it easier for humans to resist naturally. So you could take Ebola and make it airborne somehow, but that change would likely involve tradeoffs that would reduce the impact.
With a link to "Men Shouldn't Be Overlooked as Victims of Partner Violence" at the bottom, it seems easy enough to explain.
Anyone will, sooner or later, make a fool of themselves
FTFY
I got the impression from the article that a lot of miners do the same thing. Maybe this miscreant targeted miners that he knew or guessed were slack in that regard. Or maybe just got lucky.
Apparently he was able to spoof some control messages to the miners since their only validation was IP address. It is an interesting question: since they should have known about this BGP vulnerability which has been used before, why didn't their minerserver communication have stronger validation? The answer would be, I think, that they didn't bother since it happens so rarely. Probably from now on they will start using another layer of validation. Yet another example of how security happens in the real world: it doesn't get used until the pain gets bad enough.
I had the same thought. I suppose you could store the key encrypted, and then do all the encryption/decryption in the browser. So Yahoo would provide the browser the encrypted key and some Javascript would do the decryption. The article specifically mentions public keys though, which makes me think they must be working on providing a directory of public keys for Yahoo accounts as well. Another option would be using a browser extension. I guess we will find out in time.
I wondered why the text in the video said "no soda can"
I wonder if the pressure of sunlight or solar wind on the panels could add up to a significant factor with this low level of tolerance.
You are confusing this with 'probe the rosette' which is entirely different.
The ESA overview uses the terms 'orbit' and 'orbiter' many times when describing this craft so I am a little confused. How could Rosetta follow the comet for 15 months, when they had to power it off for years just to get there, if it isn't orbiting the comet? Maybe it is simply sharing the comet's orbit around the sun? Maybe just a difference in what is meant by 'orbit'
Inflation is quite low right now relative to Weimar Germany, for example. Or the inflation experienced by Zimbabwe and Argentina at various points in the past.
Of course, the company which reveals this offers a $120/month breach notification service so they have a strong incentive to exaggerate. I'm not saying we should immediately discount these claims but let's make sure our grain of salt is in there.
"Contract" covers a lot more under the law than a signed piece of paper
In a way it is a difficult problem for Yelp. Almost all of those recent reviews were from people who had never stayed there and were just responding to the stories about the $500 fine. In other words, useless noise. So they very much should "suppress" them since hundreds of people posting variations of "I never stayed here but I am upset about this news story" adds no value for users of Yelp.