Emailing is a very limited way of doing collaboration, it spreads more copies of the same data around in multiple different versions. People can't work on the same specific document at the same time, if you edit it and I edit it then we have to manually recombine our changes. How do you then make sure everyone else is looking at the most recent version, email it again? Manual version control? All technically possible to achieve, but not in a way that's particularly efficient.
Ideally you want one version of the truth which has shared access to anyone who needs it, where updates are visible to all other users immediately and it's clear what the latest version of that truth is. Then add in other features like the ability to audit who accessed that document and when, simple backup, one-click DR, ability to revoke access to certain users, if you really want then ability to constraint printing/emailing of documents (within limits).
Possibly but many organisations have two options: 1) Use on-premise gear which is often out-of-support, has limited patching/updating due to risk of things breaking and high cost of testing properly, probably not monitored all that well, often not configured particularly securely, managed on a cheapest outsource arrangement. 2) Use a cloud service from a company who only does that one specific thing, their entire business model hinges on them doing it well and securely. Who wrote the software so can monitor and manage it as they completely understand it. Where it's patched and kept up-to-date.
The eggs-in-one-basket approach isn't necessarily the worst option.
Brexit isn't going to change GDPR, it'll come in place before Brexit happens and such regulations will be applied in UK law. The UK was heavily involved in developing GDPR so isn't going to be looking to dodge it. Plus it's the easiest way to be considered "adequate" to keep doing business with the rest of Europe and not need some custom arrangement for data transfers.
Not sure what relevance the OP has anyway, using cloud services doesn't mean you're not compliant with GDPR or any other regulation.
Modern firewalls are better thought of as a server with dozens of different application proxies and Linux/iptables sat underneath it. They can intercept most protocols and in Palo's case pull files out of the streams and run virus checks or sandbox tests on them, for example SMB connections. That complexity will increase the attack surface, but that can be managed by keeping on top of updates and using layered security so the firewall isn't the only control. The benefits are huge especially in complex organisations where you have a lot of legacy tech to protect.
There are some great OSS ones like pfsense around if all you want to do is basic NAT and block/permit based on TCP port, but firewall tech has moved on a long way from there and that really is a completely different beast.
Not necessarily, blockchains can use zero knowledge proof to anonymize transactions (aka zk-SNARK)
Most don't at the moment and your statement is accurate for Bitcoin, zCash has it and Ethereum is implementing this soon (possibly just for certain contracts rather than all transactions but I'm not sure on the detail)
I don't know why you got modded as flamebait because this is spot on. There are other mitigations to reduce the USB risk which are appropriate in most cases as it's not usually feasible to block the ports but some risk remains. Ultimately most environments need USB keyboards & mice so if your badUSB device emulates an HP or IBM keyboard then it's likely to get through any USB device control in place.
There are lots of environments where the biggest threat comes from the people who have physical access.
Doesn't sound like you've got the same kind of card units we have in Europe, here they're integrated handset-sized boxes which do all the card interactions and are either wireless or cabled into the POS. They can usually be picked up for use or are mounted high up, some do have swipe slots but I've no idea why as I've not had a card that could be swiped for over a decade.
I don't remember the powered off bit so maybe I'm thinking of something else but the attacks against SIMs would seem to still be possible, e.g. the srlabs work. The IOS security guide (PDF link) states that it'll only load cryptographically signed baseband. However that only makes any difference at boot, once loaded then I'd guess it's still fair game if it can be exploited.
IMO the FBI could get into this phone if they wanted without Apple's help, there have been a few possible options published like de-soldering certain chips and copying them. They've just picked this particular case to kick off their argument against encryption on consumer devices, quite possibly as they think they can get the most public support in this instance.
I've used it for a while and only ever seen Lastpass ask for login details when the browser is first opened, not in the middle of a browsing session, so the timing of it would give away that it's a fake.
It's still a good attack, easy enough to have a quick brain fart and type creds into such a window.
There is an idle logout setting, if you need that enabled then would be more vulnerable to this as you would have login windows popping up during normal browsing.
We're not talking about a bubble suddenly bursting here and dumping 15million people onto the job market, this is a slow change that would come over decades. You can't assume the next 50 years will be the same as the last few when the country was in recession following the banking crash.
X would go and claim Job Seekers Allowance while looking for other work and possibly retraining.
The 700ms is probably talking about the network RTT seen when you ping a host as the data is travelling up to the geostationary satellite and back twice, once as it goes from you to the end host and then once again on the return trip.
However most network traffic doesn't behave like that, TCP doesn't acknowledge every packet in a connection, so not everything would suffer that kind of delay.
Thirded, another T440s user here and very happy with it. I did faff about with it a bit to get some gestures working with the synaptics touch pad, two fingers scrolling etc.
OpenBSD also works on it, FreeBSD not yet as the wifi driver isn't working but it's nearly there.
Agree with this, I do network designs and have never found anything to replace Visio and it means I always need a Windows VM on my laptop.
Inkscape came closest but just wasn't as slick and took far longer, especially with complex layouts, I ought to try it again really as it's been a few years.
The satellite receivers usually do some form of WAN acceleration for TCP traffic to avoid those kind of latency related issues, frig the window sizes or even proxy the traffic and convert it to something else (e.g. UDP) for transit over the laggy bits.
Problem is they also need to be very careful about any files with scripts, like office docs, PDFs, etc. Then anything that uses built in OS libraries, such as image files, SSL connections, etc.
That gets hard, anti-virus is severely limited unless it does proper heuristics which seems to be rare, there are whiteboxing technologies but they are expensive and not foolproof. At some point you need to either isolate those legacy systems from the rest of the world or upgrade them.
And then get harassed to produce numbers to prove your point and more numbers to show how your suggestions will help reduce the risk and then even more numbers to show what the ROI to securing their IT is....
If you can't show how your suggestions will reduce risk then why would you expect a business to spend time and money implementing them.
Slashdot Mirror
Emailing is a very limited way of doing collaboration, it spreads more copies of the same data around in multiple different versions. People can't work on the same specific document at the same time, if you edit it and I edit it then we have to manually recombine our changes. How do you then make sure everyone else is looking at the most recent version, email it again? Manual version control? All technically possible to achieve, but not in a way that's particularly efficient.
Ideally you want one version of the truth which has shared access to anyone who needs it, where updates are visible to all other users immediately and it's clear what the latest version of that truth is. Then add in other features like the ability to audit who accessed that document and when, simple backup, one-click DR, ability to revoke access to certain users, if you really want then ability to constraint printing/emailing of documents (within limits).
Possibly but many organisations have two options:
1) Use on-premise gear which is often out-of-support, has limited patching/updating due to risk of things breaking and high cost of testing properly, probably not monitored all that well, often not configured particularly securely, managed on a cheapest outsource arrangement.
2) Use a cloud service from a company who only does that one specific thing, their entire business model hinges on them doing it well and securely. Who wrote the software so can monitor and manage it as they completely understand it. Where it's patched and kept up-to-date.
The eggs-in-one-basket approach isn't necessarily the worst option.
Brexit isn't going to change GDPR, it'll come in place before Brexit happens and such regulations will be applied in UK law. The UK was heavily involved in developing GDPR so isn't going to be looking to dodge it. Plus it's the easiest way to be considered "adequate" to keep doing business with the rest of Europe and not need some custom arrangement for data transfers.
Not sure what relevance the OP has anyway, using cloud services doesn't mean you're not compliant with GDPR or any other regulation.
Modern firewalls are better thought of as a server with dozens of different application proxies and Linux/iptables sat underneath it. They can intercept most protocols and in Palo's case pull files out of the streams and run virus checks or sandbox tests on them, for example SMB connections. That complexity will increase the attack surface, but that can be managed by keeping on top of updates and using layered security so the firewall isn't the only control. The benefits are huge especially in complex organisations where you have a lot of legacy tech to protect.
There are some great OSS ones like pfsense around if all you want to do is basic NAT and block/permit based on TCP port, but firewall tech has moved on a long way from there and that really is a completely different beast.
It's got a $140billion market cap, if it was going to be plundered then it would have happened a long time ago because that's quite some booty!
Does AXA using it to automate payout of flight cancellation insurance count as a major institute implementing it on scale?
https://fizzy.axa/
Not necessarily, blockchains can use zero knowledge proof to anonymize transactions (aka zk-SNARK)
Most don't at the moment and your statement is accurate for Bitcoin, zCash has it and Ethereum is implementing this soon (possibly just for certain contracts rather than all transactions but I'm not sure on the detail)
I don't know why you got modded as flamebait because this is spot on. There are other mitigations to reduce the USB risk which are appropriate in most cases as it's not usually feasible to block the ports but some risk remains. Ultimately most environments need USB keyboards & mice so if your badUSB device emulates an HP or IBM keyboard then it's likely to get through any USB device control in place.
There are lots of environments where the biggest threat comes from the people who have physical access.
Plus you probably have fairly meaty connections to the electricity grid that were previously used by the power plant.
Doesn't sound like you've got the same kind of card units we have in Europe, here they're integrated handset-sized boxes which do all the card interactions and are either wireless or cabled into the POS. They can usually be picked up for use or are mounted high up, some do have swipe slots but I've no idea why as I've not had a card that could be swiped for over a decade.
Do the tapes still work?
Same for me, started coding on an Acorn Electron at home and BBC in school. In between playing chuckie egg....
I don't remember the powered off bit so maybe I'm thinking of something else but the attacks against SIMs would seem to still be possible, e.g. the srlabs work. The IOS security guide (PDF link) states that it'll only load cryptographically signed baseband. However that only makes any difference at boot, once loaded then I'd guess it's still fair game if it can be exploited.
IMO the FBI could get into this phone if they wanted without Apple's help, there have been a few possible options published like de-soldering certain chips and copying them. They've just picked this particular case to kick off their argument against encryption on consumer devices, quite possibly as they think they can get the most public support in this instance.
I've used it for a while and only ever seen Lastpass ask for login details when the browser is first opened, not in the middle of a browsing session, so the timing of it would give away that it's a fake.
It's still a good attack, easy enough to have a quick brain fart and type creds into such a window.
There is an idle logout setting, if you need that enabled then would be more vulnerable to this as you would have login windows popping up during normal browsing.
We're not talking about a bubble suddenly bursting here and dumping 15million people onto the job market, this is a slow change that would come over decades. You can't assume the next 50 years will be the same as the last few when the country was in recession following the banking crash.
X would go and claim Job Seekers Allowance while looking for other work and possibly retraining.
Far from it, I just don't believe that our only option is to become a nation of luddites.
Go and get themselves a useful skill.
The same thing they should have done in the first place rather than dropping out of school and expecting life to owe them a living.
It is a bit harsh and probably not workable in absolute, but I agree with Avarist this is a real sign of how disfunctional society has become.
The 700ms is probably talking about the network RTT seen when you ping a host as the data is travelling up to the geostationary satellite and back twice, once as it goes from you to the end host and then once again on the return trip.
However most network traffic doesn't behave like that, TCP doesn't acknowledge every packet in a connection, so not everything would suffer that kind of delay.
Thirded, another T440s user here and very happy with it. I did faff about with it a bit to get some gestures working with the synaptics touch pad, two fingers scrolling etc.
OpenBSD also works on it, FreeBSD not yet as the wifi driver isn't working but it's nearly there.
Agree with this, I do network designs and have never found anything to replace Visio and it means I always need a Windows VM on my laptop.
Inkscape came closest but just wasn't as slick and took far longer, especially with complex layouts, I ought to try it again really as it's been a few years.
The satellite receivers usually do some form of WAN acceleration for TCP traffic to avoid those kind of latency related issues, frig the window sizes or even proxy the traffic and convert it to something else (e.g. UDP) for transit over the laggy bits.
Problem is they also need to be very careful about any files with scripts, like office docs, PDFs, etc. Then anything that uses built in OS libraries, such as image files, SSL connections, etc.
That gets hard, anti-virus is severely limited unless it does proper heuristics which seems to be rare, there are whiteboxing technologies but they are expensive and not foolproof. At some point you need to either isolate those legacy systems from the rest of the world or upgrade them.
It does yes, there is a live CD running it in knoppix on an ethernet bridge: WANbridge.
Used it a few times, stick it on a dual-NIC PC in the middle of a link and it's great for simulating WAN links with minimal effort required.
And then get harassed to produce numbers to prove your point and more numbers to show how your suggestions will help reduce the risk and then even more numbers to show what the ROI to securing their IT is....
If you can't show how your suggestions will reduce risk then why would you expect a business to spend time and money implementing them.
I'm not sure what is stranger, the material or the Daily Mail publishing something that appears to be factual and informative....
Look at Raynet in the UK.
Cell towers require power and connectivity, can't rely on those being there in an emergency.