It may surprise you to know that tons of people successfully ignore Facebook all the time.
I have all my browsers set to explicitly not trust facebook at all.. I don't allow their shit to set cookies, run scripts, or track me across the internet. Nada. Zip.
Actively blocking and not using facebook is an entirely viable strategy.
i had a more hollywood version of events in mind. using linkedin to map out government employees that can be used to identify weaknesses that are then used for blackmail.
Honestly, by the time you're talking about a nation state doing espionage... that level of investment could be plausible.
Maybe not so much with the blackmail, but if you could then move on to some social engineering or spear phishing that's probably the point. LinkedIn likely gives you a way to identify your targets.
A bunch of hackers may not reach that level of sophistication. A nation state employing some hackers to achieve a goal has the means to do a LOT more.
anyone care to outline the anatomy of such an attack?
I won't claim to know the specifics, and I wouldn't tell you if I did...
But, like all social engineering, the intent is to trick someone into believing you're someone you're not. To do this you try to give yourself some bona fides which someone will interpret as a level of trust. You then exploit that to weasel your way into gaining access or information.
Social networks designed to link you to people you don't remember or never knew just provide a mechanism whereby someone goes "oh, he knows Larry, OK, this seems fine". It causes you to let your guard down, and hopefully you play along and they get what they want.
So, if you want to gather intel on someone, posing as a recruiter means you might just hand it over to them.
Short version: trust, but verify; and if you can't verify, don't trust.
They really should teach adults about "stranger danger". It seems like people become adults, and then become naive idiots all over again. (And in fairness, social engineering can be really sophisticated and doesn't require a naive idiot.)
Yes, they do... and if you ever give a website your email address and the password for that email address you should consider yourself a fucking moron.
But, I think I've seen Facebook do it, I think I may have seen Google do it... for some reason I will never understand people will do this. They think "oh, awesome, how convenient".
Why the hell anybody would let an entity like LinkedIn access to their email account is utterly mind boggling to me. Imagine walking into a store and someone just saying "hey, can I look through the contacts in your phone to sign up your friends for our rewards program?"
Why the hell people think that isn't utterly idiotic on the internet is beyond me. It's like the internet makes people stupid or something.
And letting some website have direct password level access to your stuff is mind-bendingly stupid.
If someone says "I'm a recruiter", then you can choose to add them or not. Me, I don't have any interest in unsolicited recruiters trying to pester me... I consider them like door to door salesmen or spam; I'm just not interested.
But, yes, some people do choose to link in recruiters. I personally won't do it.
This fake that I saw the other week... it was really hard for me to identify what the heck it was. It was written in such a way as to insinuate he'd worked at a place I knew, but fell just short of stating it.. the more I read it the more I became convinced there was something quite slippery about it. In the end after some pretty careful reading I concluded the profile wasn't what it claimed to be.
I find it highly unlikely nefarious super hackers are personally targeting me, but if it was a recruiter it seemed like a pretty well crafted way to lie your way into someone's network... and any recruiter trying that hard to mislead you about who they are isn't someone you should be trusting. At all. Ever.
So, either it was what I'd consider a really shady recruiter, or some other shady entity.
Either way, people in general need to have a little more "street smarts", both on the intertubes and in real life. Because, there's an awful lot of humans who are complete bastards and need to be distrusted. Not nearly enough people stop to think "just who the hell is this person and what are their motives?"
Which is precisely why social engineering and other con artists are so successful.
Some people think being wary and distrustful is a bad way to live.. me, I have seen enough of crap like this to know that it's better than being someone's mark and realizing you've been ripped off.
I've seen a fair bit of evidence of shady players (most of whom seem to be recruiters) on LinkedIn.
I recently got an invite from someone who had crafted their profile to strongly suggest they had worked at a previous employer, and you had to look pretty closely to realize they didn't. Either he was a shady recruiter, or an even shadier player -- definitely a profile which took me several minutes to look at against who I thought it could me.
I have a fairly firm policy that if I don't know you, I'm not adding you. So all those recruiters who are obviously recruiters get ignored.
But the ones who have carefully crafted a profile to mislead you into thinking it could be someone you know, those are much more worrying. I even saw that one of those misleading ones had been added by someone I did formerly work with, because it was a good enough fake that people would fall for it.
This has always been a problem with social networks in my opinion: if the goal is to collect as many links as possible without actually stopping to think of "just who the hell is this person again?", then people are going to be suckered into linking to people they don't know at all.
So you pretty much have a platform in which people are trying to expand their network, and don't seem to think critically enough about just who those people are and if you really want a random recruiter or someone you don't know in your network. Me, I've pretty much decided that I won't link to people I don't actually know.
So, am I surprised to see stuff like this? Not hardly, because in a lot of ways LinkedIn is as much of a pest on the internet as Facebook and Twitter. And if fooling people into adding you into their network gives you a way to fool more people, it's all the more reason to look at those invites and ask "who the fuck is this and why the hell do I care?".
No, the point (made many times already, try googling for once)
Oh go fuck yourself.
VW lied about how they achieved these numbers, and are claiming a couple of software engineers are the culprits.
So, yes, actual mechanical parts they never implemented and then lied about, and now they're looking for a scapegoat.
The people responsible for the engine design pretty much had to know this. Blaming it on software engineers is an outright lie.
They lied about how they did this, they lied about how they faked it, and they're lying about who is at fault. The only "clever design" was systematic fraud.
Really? You mean I can tell the officer I was doing 80 in a 50 zone because I was passing someone?
I'm pretty sure I've never heard of passing as an exemption to speed limits. I'm pretty sure they don't write traffic laws which says "you can't go faster than X ever, unless you're passing, then it's OK".
Are you sure it's actually "legal"? Or just something you heard once?
Unfortunately, in the modern context "mentally infirm" is pretty much a design feature, and people feel they're entitled to believe any old irrational shit and that should be OK.
There's a tremendous amount of people who seem to wear their own self-created ignorance as some kind of badge of honor.
"Complete idiots" now probably covers a good portion of society these days... and we seem to accept this as a fairly normal thing.
I've been saying for quite a while that self-driving cars can't just go into a failure mode which says "OK, meat sock, you do it I'm confused" and expect humans to be able to respond or take liability.
It's completely unrealistic to expect humans to transition from not actively driving to being required to take over in the event of an emergency.
Why would I pay insurance on a self-driving car? That would be idiotic, and basically means everyone else is footing the bill for the adoption of unfinished technology.
If the passengers aren't the source of the risk, they sure as hell shouldn't be the ones pay for the insurance.
I'm sorry, but who is pushing a new iPhone "through the throats of customers"??
You are completely free to not fucking buy one.
Did you know that car makers push out a new version, only slightly different, annually? Companies who make golf clubs, also push out new versions at least annually. And companies who make TVs, they also do this.
If customers buy a new expensive phone every year or two, don't blame the vendor. Free will doesn't stop just because you've bought a product.
I was at a company once, and they'd grown by acquisitions. I'm sure everybody has by now.
Invariably, the VP of R&D of the last major acquisition became the VP of R&D for the entire company. And, also invariably, that VP of R&D would develop a massive case of Not Invented Here, and attempt to kill off any products outside of his own core knowledge.
This usually led to idiotic decisions which were inconsistent with why that company was bought in the first place -- precisely because they stupidly wanted to kill off the products they'd been intended to augment and improve, not wipe out and destroy.
At the employee level, it just became a pathetic running joke... oh,. look, another acquisition, we should throw away our core business for whatever widget these idiots do.
And then there's all the examples where the company being bought had cooked the books to the point that what they actually were worth had nothing to do with what got paid for them... like HP and Autonomy.
Acquisition MIGHT be something which can be made to work. Far too often it just ends up destroying the thing which had enough value to have bought in the first place.
I know the scientific method is how you investigate stuff... I also know economics is pretty much 50% ideology, which means it's wrapping itself up in the claims of being a science while not really being one.
Yes, economics affects our lives... and in terms of telling us what has historically happened, it has some uses... and then it falls to shit in terms of being either predictive of what will happen, or being successful in telling us what we should do to achieve an outcome.
But as far as being an objective science, it's sure as hell not that.
How you interpret what happened, and how you define what should happen is entirely driven by your ideology... at which point you might as well call it what it is, a fucking belief system someone is trying to quantify with bad math while claiming it's science.
You know, from what I've been able to see, the M+A culture in tech for the last 20+ years has consistently made the same stupid mistakes... companies buy other companies who aren't really good matches, screw up the product, lay off a bunch of people, and consolidate into an ever smaller amount of companies.
And those large entities become worse and worse at even knowing what they have, and making use of them.
Often to the point that the reasons they spent huge sums of money on the acquisition in the first place get lost, and then they stop selling the product entirely.
I would argue that acquisitions is more destructive than constructive. All it really does is gut smaller companies, give those executives huge payouts while laying off their staff, and then leaving the new company to ignore/neglect/screw up the product offerings of the company which got bought.
I'm betting hundreds of companies with good products have essentially been destroyed in the process, largely so some half-wit of a CEO could add another buzzword or two to his portfolio of lies and bullshit.
I don't care what anybody says, economics isn't a science, and can't be a science... because far too much about how you interpret and use economics is determined by how you ideologically believe it should work.
Economics in large part is bad math, with unfounded assumptions, making hand-waving conclusions about something which happened (or you believe should happen) to explain it according how you need it to be explained to match your world view.
Economics is not and never can be an objective science.
They may not have moved forward with making them a full Olympic sport, but I don't think they've rescinded the designation.
In fact, it looks like there's still legal wrangling on the topic, and it sounds as if it's not entirely out of the Olympics:
Before Tuesday's hearing, a spokesman for law firm Irwin Mitchell, which is representing the EBU, said::Chess has already been recognised as a sport by the International Olympic Committee and was demonstrated at the Sydney Olympics in 2000. It was also included in the 2006 and 2010 Asian Games and is being considered for the Pan-American Games.
"Organisers of the 2020 Olympics in Tokyo have invited both chess and bridge to apply for inclusion in the games, which, if accepted, will be the first time players have competed in the Olympics."
I read this more as, yes, it's still a sport, no, it isn't yet an Olympic event.
Suddenly I'm picturing Olympic teams of a bunch of grannies in track suits and walkers. And it's freakin' hilarious.
I've honestly lost track, and have no stake in what is the definition of "sport". The link I provided says chess and bridge still are.
I just remember at the time having discussions about how a table full of old people with walkers could end up being an Olympic sport, and how that completely defined what most people understood "sport" to mean.
I'm just pointing out that train has already sailed.
Look, let's be clear hear... I'm not championing the cause of "e-Sports", or saying I necessarily give a damn... because I don't.
What I am saying is there are already precedents in which bridge and chess, for example, have been defined as sports... at the Olympic level no less.
It's too damned late for us to quibble over the definition of sport, as far more authoritative bodies than a bunch of nerds on Slashdot have already weighed in.
When I first heard this particular definition of sport I was saying "What the fsck is this crap?" But then eventually you have to realize that it's too late for us to get a vote.
So, I'll just reiterate: if the damned IOC recognizes bridge and chess as sports, why the hell not video games? And if you don't like it, you can take it up with the IOC, because I'm not the one who made those definitions.
And apparently it has nothing at all to do with athletic ability.
Honestly, if bridge and chess are considered sports, why not video games?
It defies what most of us think of as 'sport', but apparently it's a more nuanced thing, and there are already precedents for this.
Essentially once you have a league and rules, you have a sport... now, don't expect the nerd-force to be treated with the same respect as the football players.. the cheerleaders will still not care.;-)
Slashdot Mirror
It may surprise you to know that tons of people successfully ignore Facebook all the time.
I have all my browsers set to explicitly not trust facebook at all .. I don't allow their shit to set cookies, run scripts, or track me across the internet. Nada. Zip.
Actively blocking and not using facebook is an entirely viable strategy.
If you can't ignore FB, that's your problem.
Honestly, by the time you're talking about a nation state doing espionage ... that level of investment could be plausible.
Maybe not so much with the blackmail, but if you could then move on to some social engineering or spear phishing that's probably the point. LinkedIn likely gives you a way to identify your targets.
A bunch of hackers may not reach that level of sophistication. A nation state employing some hackers to achieve a goal has the means to do a LOT more.
I won't claim to know the specifics, and I wouldn't tell you if I did ...
But, like all social engineering, the intent is to trick someone into believing you're someone you're not. To do this you try to give yourself some bona fides which someone will interpret as a level of trust. You then exploit that to weasel your way into gaining access or information.
Social networks designed to link you to people you don't remember or never knew just provide a mechanism whereby someone goes "oh, he knows Larry, OK, this seems fine". It causes you to let your guard down, and hopefully you play along and they get what they want.
So, if you want to gather intel on someone, posing as a recruiter means you might just hand it over to them.
Short version: trust, but verify; and if you can't verify, don't trust.
They really should teach adults about "stranger danger". It seems like people become adults, and then become naive idiots all over again. (And in fairness, social engineering can be really sophisticated and doesn't require a naive idiot.)
Yes, they do ... and if you ever give a website your email address and the password for that email address you should consider yourself a fucking moron.
But, I think I've seen Facebook do it, I think I may have seen Google do it ... for some reason I will never understand people will do this. They think "oh, awesome, how convenient".
Why the hell anybody would let an entity like LinkedIn access to their email account is utterly mind boggling to me. Imagine walking into a store and someone just saying "hey, can I look through the contacts in your phone to sign up your friends for our rewards program?"
Why the hell people think that isn't utterly idiotic on the internet is beyond me. It's like the internet makes people stupid or something.
And letting some website have direct password level access to your stuff is mind-bendingly stupid.
If someone says "I'm a recruiter", then you can choose to add them or not. Me, I don't have any interest in unsolicited recruiters trying to pester me ... I consider them like door to door salesmen or spam; I'm just not interested.
But, yes, some people do choose to link in recruiters. I personally won't do it.
This fake that I saw the other week ... it was really hard for me to identify what the heck it was. It was written in such a way as to insinuate he'd worked at a place I knew, but fell just short of stating it .. the more I read it the more I became convinced there was something quite slippery about it. In the end after some pretty careful reading I concluded the profile wasn't what it claimed to be.
I find it highly unlikely nefarious super hackers are personally targeting me, but if it was a recruiter it seemed like a pretty well crafted way to lie your way into someone's network ... and any recruiter trying that hard to mislead you about who they are isn't someone you should be trusting. At all. Ever.
So, either it was what I'd consider a really shady recruiter, or some other shady entity.
Either way, people in general need to have a little more "street smarts", both on the intertubes and in real life. Because, there's an awful lot of humans who are complete bastards and need to be distrusted. Not nearly enough people stop to think "just who the hell is this person and what are their motives?"
Which is precisely why social engineering and other con artists are so successful.
Some people think being wary and distrustful is a bad way to live .. me, I have seen enough of crap like this to know that it's better than being someone's mark and realizing you've been ripped off.
I've seen a fair bit of evidence of shady players (most of whom seem to be recruiters) on LinkedIn.
I recently got an invite from someone who had crafted their profile to strongly suggest they had worked at a previous employer, and you had to look pretty closely to realize they didn't. Either he was a shady recruiter, or an even shadier player -- definitely a profile which took me several minutes to look at against who I thought it could me.
I have a fairly firm policy that if I don't know you, I'm not adding you. So all those recruiters who are obviously recruiters get ignored.
But the ones who have carefully crafted a profile to mislead you into thinking it could be someone you know, those are much more worrying. I even saw that one of those misleading ones had been added by someone I did formerly work with, because it was a good enough fake that people would fall for it.
This has always been a problem with social networks in my opinion: if the goal is to collect as many links as possible without actually stopping to think of "just who the hell is this person again?", then people are going to be suckered into linking to people they don't know at all.
So you pretty much have a platform in which people are trying to expand their network, and don't seem to think critically enough about just who those people are and if you really want a random recruiter or someone you don't know in your network. Me, I've pretty much decided that I won't link to people I don't actually know.
So, am I surprised to see stuff like this? Not hardly, because in a lot of ways LinkedIn is as much of a pest on the internet as Facebook and Twitter. And if fooling people into adding you into their network gives you a way to fool more people, it's all the more reason to look at those invites and ask "who the fuck is this and why the hell do I care?".
That's very metaphysical.
Oh go fuck yourself.
VW lied about how they achieved these numbers, and are claiming a couple of software engineers are the culprits.
So, yes, actual mechanical parts they never implemented and then lied about, and now they're looking for a scapegoat.
The people responsible for the engine design pretty much had to know this. Blaming it on software engineers is an outright lie.
They lied about how they did this, they lied about how they faked it, and they're lying about who is at fault. The only "clever design" was systematic fraud.
Which means there is no defensible way that you can say this was purely a software kludge designed to hide some information.
I'm pretty sure there were a lot of people who simply HAD to be actively involved in this decision.
This is a straight up lie, and the people making it know it is.
Aren't there actual mechanical parts of the engine which simply weren't even implemented and then this kludge was done in software?
You can't design this way of cheating without people who know the details of the engine signing off on it.
This is so much bullshit it isn't funny.
A software engineer could not have made the decision to leave off the components which were supposed to make clean diesel.
This is purely about finding a scapegoat.
And, really, if that was his attitude, he gets no sympathy.
In terms of the definition of "computer fraud and abuse", that's pretty much it.
Of course, the problem is you could do a LOT of non-digital crimes and do a LOT less time, which makes me ask if these prison sentences are even sane.
Hell, you could probably intentionally run down someone with your car and do less prison time.
Bah ... MOOCs are for cows, you're all cows ... MOOC cow ... MOOC ... cower before me and stuff.
Yay cows ... or whatever that cow thing is supposed to say. It's cows all the way down.
MOOC may be used a lot, but so are all other bullshit buzzwords ... Massively Online Ocelots and Cows or something.
It may surprise you that a lot of us don't give a crap about these buzzwords, and don't keep track.
Now moove along.
Really? You mean I can tell the officer I was doing 80 in a 50 zone because I was passing someone?
I'm pretty sure I've never heard of passing as an exemption to speed limits. I'm pretty sure they don't write traffic laws which says "you can't go faster than X ever, unless you're passing, then it's OK".
Are you sure it's actually "legal"? Or just something you heard once?
Unfortunately, in the modern context "mentally infirm" is pretty much a design feature, and people feel they're entitled to believe any old irrational shit and that should be OK.
There's a tremendous amount of people who seem to wear their own self-created ignorance as some kind of badge of honor.
"Complete idiots" now probably covers a good portion of society these days ... and we seem to accept this as a fairly normal thing.
Sit in the back seat. Or don't buy one.
Honestly, until they get the issues of liability sorted out, the self driving car is a complete non-starter .. precisely because of crap like this.
But it will have to be made to mean something.
I've been saying for quite a while that self-driving cars can't just go into a failure mode which says "OK, meat sock, you do it I'm confused" and expect humans to be able to respond or take liability.
It's completely unrealistic to expect humans to transition from not actively driving to being required to take over in the event of an emergency.
Why would I pay insurance on a self-driving car? That would be idiotic, and basically means everyone else is footing the bill for the adoption of unfinished technology.
If the passengers aren't the source of the risk, they sure as hell shouldn't be the ones pay for the insurance.
I'm sorry, but who is pushing a new iPhone "through the throats of customers"??
You are completely free to not fucking buy one.
Did you know that car makers push out a new version, only slightly different, annually? Companies who make golf clubs, also push out new versions at least annually. And companies who make TVs, they also do this.
If customers buy a new expensive phone every year or two, don't blame the vendor. Free will doesn't stop just because you've bought a product.
I was at a company once, and they'd grown by acquisitions. I'm sure everybody has by now.
Invariably, the VP of R&D of the last major acquisition became the VP of R&D for the entire company. And, also invariably, that VP of R&D would develop a massive case of Not Invented Here, and attempt to kill off any products outside of his own core knowledge.
This usually led to idiotic decisions which were inconsistent with why that company was bought in the first place -- precisely because they stupidly wanted to kill off the products they'd been intended to augment and improve, not wipe out and destroy.
At the employee level, it just became a pathetic running joke ... oh,. look, another acquisition, we should throw away our core business for whatever widget these idiots do.
And then there's all the examples where the company being bought had cooked the books to the point that what they actually were worth had nothing to do with what got paid for them ... like HP and Autonomy.
Acquisition MIGHT be something which can be made to work. Far too often it just ends up destroying the thing which had enough value to have bought in the first place.
I know the scientific method is how you investigate stuff ... I also know economics is pretty much 50% ideology, which means it's wrapping itself up in the claims of being a science while not really being one.
Yes, economics affects our lives ... and in terms of telling us what has historically happened, it has some uses ... and then it falls to shit in terms of being either predictive of what will happen, or being successful in telling us what we should do to achieve an outcome.
But as far as being an objective science, it's sure as hell not that.
How you interpret what happened, and how you define what should happen is entirely driven by your ideology ... at which point you might as well call it what it is, a fucking belief system someone is trying to quantify with bad math while claiming it's science.
And that aint science. That's sophistry.
You know, from what I've been able to see, the M+A culture in tech for the last 20+ years has consistently made the same stupid mistakes ... companies buy other companies who aren't really good matches, screw up the product, lay off a bunch of people, and consolidate into an ever smaller amount of companies.
And those large entities become worse and worse at even knowing what they have, and making use of them.
Often to the point that the reasons they spent huge sums of money on the acquisition in the first place get lost, and then they stop selling the product entirely.
I would argue that acquisitions is more destructive than constructive. All it really does is gut smaller companies, give those executives huge payouts while laying off their staff, and then leaving the new company to ignore/neglect/screw up the product offerings of the company which got bought.
I'm betting hundreds of companies with good products have essentially been destroyed in the process, largely so some half-wit of a CEO could add another buzzword or two to his portfolio of lies and bullshit.
I don't care what anybody says, economics isn't a science, and can't be a science ... because far too much about how you interpret and use economics is determined by how you ideologically believe it should work.
Economics in large part is bad math, with unfounded assumptions, making hand-waving conclusions about something which happened (or you believe should happen) to explain it according how you need it to be explained to match your world view.
Economics is not and never can be an objective science.
They may not have moved forward with making them a full Olympic sport, but I don't think they've rescinded the designation.
In fact, it looks like there's still legal wrangling on the topic, and it sounds as if it's not entirely out of the Olympics:
I read this more as, yes, it's still a sport, no, it isn't yet an Olympic event.
Suddenly I'm picturing Olympic teams of a bunch of grannies in track suits and walkers. And it's freakin' hilarious.
LOL, did they really?
I've honestly lost track, and have no stake in what is the definition of "sport". The link I provided says chess and bridge still are.
I just remember at the time having discussions about how a table full of old people with walkers could end up being an Olympic sport, and how that completely defined what most people understood "sport" to mean.
I'm just pointing out that train has already sailed.
Look, let's be clear hear ... I'm not championing the cause of "e-Sports", or saying I necessarily give a damn ... because I don't.
What I am saying is there are already precedents in which bridge and chess, for example, have been defined as sports ... at the Olympic level no less.
It's too damned late for us to quibble over the definition of sport, as far more authoritative bodies than a bunch of nerds on Slashdot have already weighed in.
When I first heard this particular definition of sport I was saying "What the fsck is this crap?" But then eventually you have to realize that it's too late for us to get a vote.
So, I'll just reiterate: if the damned IOC recognizes bridge and chess as sports, why the hell not video games? And if you don't like it, you can take it up with the IOC, because I'm not the one who made those definitions.
And apparently it has nothing at all to do with athletic ability.
Honestly, if bridge and chess are considered sports, why not video games?
It defies what most of us think of as 'sport', but apparently it's a more nuanced thing, and there are already precedents for this.
Essentially once you have a league and rules, you have a sport ... now, don't expect the nerd-force to be treated with the same respect as the football players .. the cheerleaders will still not care. ;-)