“The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached."
In this day-and-age why wasn't such date held in an encrypted form?
@grasshoppa: "If these pages really did influence the election, maybe we're just not ready for democracy ( democratically elected republic...whatever )."
Yea, we're asked to believe a few Facebook posts influenced the US Presidential election. As against the entire US media promoting Hillary Clinton and yet the electorate voted in Trump. Maybe the US electorate aren't the credulous sheeple Faux and friends take them for.
"including SpamIt.com, alleged to be a major hub in a Russian digital criminal organization that was responsible for an estimated fifth of the world's spam"
It's bullshit statements like the above that only tend to discredit slashdot. The primary source of spam on the planet is all those compromised Microsoft Windows out there being co-opted into DDOD attacks and spewing email spam to the Internet.
Goods and services need to get from A to B. Given the cost on the environment, moving people from A to B is something we're going to look on as a a luxury.
'The governments of 30 countries around the globe are using armies of so called opinion shapers to meddle in elections, advance anti-democratic agendas and repress their citizens'..
... and water is wet..
"It’s only a matter of time before the new behavioural economics and so-called science of nudging decision-making is applied to influencing the population’s voting behaviour as well." ref
"About 15 percent of U.S. federal agencies have reported some trace of Moscow-based Kaspersky Lab software on their systems"
How can they tell they're not detecting forged CIA digital certs. I figure Kaspersky is the only security company that hasn't been compromised by the US security apparatus.
Due to a 'bug' in the code, you can access the AMT with a zero length password. The ME cannot be completely removed, but due to a request from the NSA, it can be disabled with a secret kill switch.
"Within a few hours of launch, temperature controls failed, killing the female dog named Laika"
No, the dog was electrocuted in orbit as the Soviets had yet to master controlled re-entry and the dog would have fried and/or been killed on impact. Even Gagarin had to bail out at twenty thousand feet and parachute to earth.
"as well as a cybersecurity specialty called penetration testing"
Long term readers of slashdot would already know what 'penetration testing' is and please don't use cyber-anything in relation to technology, if you want to be taken seriously.
@Anonymous Cowards: "Intel created a backdoor in the ME web console by using strncmp() to compare password, anyone sending an empty string as password (length 0) can get into the system, with no access log on both Intel ME and the OS: The hijacking flaw that lurked in Intel chips is worse than anyone thought [arstechnica.com] The bug was in the code to compare the two passwords"
I suspect the 'flaw' was intentional as the NSA ordered Intel to implement a kill switch into the design and the 'flaw' allowed the NSA access any IME enabled computer on the planet. The same mechanism that Purism is using to disable the IME.
@Anonymous Coward: "A security clearance means that you are (relatively) law-abiding, that you follow rules and procedures, and that you can be trusted not to reveal confidential info."
“I don't want to live in a world where everything I say, everything I do, everyone I talk to, every expression of creativity and love or friendship is recorded.”
Have the ever considered not connecting their critical infrastructure devices directly to the Internet and instead use VPNs running on embedded hardware.
@Anonymous Coward: "Without sandboxing, the attacker's code can read, delete or modify your documents and downloads and it doesn't need access to other processes to do so".
Why do you persist in willfully sowing confusion here. Isolating process memory means exactly that, therefore the browser don't need sandboxing and cannot access external data. At least if the browser wasn't running under Windows. Where presumably EDGE is so welded to the OS that a bug can lead to total compromise of the System. A bug in the browser that can lead to System compromise is a defect in the Operating System. And don't presume to lecture the moderators on what is acceptable here on slashdot.
@Anonymous Coward: "So you are ok with an attacker reading or writing anywhere you can on the system once he finds an exploitable bug in the rendering- or javascript engine of a browser? I'm not."
How did you manage to read that into what I actually wrote. If the Operating System did this one thing: isolate process memory from each other then we wouldn't need SANDBOXING, OSR, RCE, CFG, ACG, LPAC or WDAG. What just occurred to me is when and if Microsoft disclosed such mitigations to the Chrome developers or did they keep it to themselves to give EDGE an edge up on their competitors.
Anonymous Coward: 'Was demonstrated once more by the Equifax mega breach.'
The Equifax mega breach demonstrated what happens when a company with an annual turnover of US$ 3.1 billion, uses software on an Internet facing machine without testing it for security vulnerabilities. In fact they didn't even have a patch strategy in place or even know who was responsible for implementing such patches.
Slashdot Mirror
“The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached."
In this day-and-age why wasn't such date held in an encrypted form?
Uber Hackers may also have been shape shifting albino reptilian humanoids from a planet in the Draco constellation. ref :]
@grasshoppa: "If these pages really did influence the election, maybe we're just not ready for democracy ( democratically elected republic...whatever )."
Yea, we're asked to believe a few Facebook posts influenced the US Presidential election. As against the entire US media promoting Hillary Clinton and yet the electorate voted in Trump. Maybe the US electorate aren't the credulous sheeple Faux and friends take them for.
Fox News - Home | Facebook
"including SpamIt.com, alleged to be a major hub in a Russian digital criminal organization that was responsible for an estimated fifth of the world's spam"
It's bullshit statements like the above that only tend to discredit slashdot. The primary source of spam on the planet is all those compromised Microsoft Windows out there being co-opted into DDOD attacks and spewing email spam to the Internet.
@orlanz: "People need to get from point A to B."
Goods and services need to get from A to B. Given the cost on the environment, moving people from A to B is something we're going to look on as a a luxury.
'The governments of 30 countries around the globe are using armies of so called opinion shapers to meddle in elections, advance anti-democratic agendas and repress their citizens' ..
... and water is wet ..
"It’s only a matter of time before the new behavioural economics and so-called science of nudging decision-making is applied to influencing the population’s voting behaviour as well." ref
If Yelp can be forced to reveal the review, then it ain't really anonymous ..
'Real parties in interest, Gregory M. Montagna and Montagna & Associates, INC.'
"About 15 percent of U.S. federal agencies have reported some trace of Moscow-based Kaspersky Lab software on their systems"
How can they tell they're not detecting forged CIA digital certs. I figure Kaspersky is the only security company that hasn't been compromised by the US security apparatus.
Due to a 'bug' in the code, you can access the AMT with a zero length password. The ME cannot be completely removed, but due to a request from the NSA, it can be disabled with a secret kill switch.
"Within a few hours of launch, temperature controls failed, killing the female dog named Laika"
No, the dog was electrocuted in orbit as the Soviets had yet to master controlled re-entry and the dog would have fried and/or been killed on impact. Even Gagarin had to bail out at twenty thousand feet and parachute to earth.
Can it run Linux or SteamOS ..
Would you please take that neocon waffle and shove it where the sun don't shine
"as well as a cybersecurity specialty called penetration testing"
Long term readers of slashdot would already know what 'penetration testing' is and please don't use cyber-anything in relation to technology, if you want to be taken seriously.
@Anonymous Cowards: "Intel created a backdoor in the ME web console by using strncmp() to compare password, anyone sending an empty string as password (length 0) can get into the system, with no access log on both Intel ME and the OS: The hijacking flaw that lurked in Intel chips is worse than anyone thought [arstechnica.com] The bug was in the code to compare the two passwords"
I suspect the 'flaw' was intentional as the NSA ordered Intel to implement a kill switch into the design and the 'flaw' allowed the NSA access any IME enabled computer on the planet. The same mechanism that Purism is using to disable the IME.
Equifax Breach: Setting the Record Straight
"Katie Van Fleet of Seattle says she's spent months trying to regain her stolen identity, and says it has been stolen more than a dozen times."
Mitchell and Webb Identity Theft
Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide
@Anonymous Coward: "Who thinks this is an accident, show of hands?"
..
Going on the down vote, there's at least one
@Anonymous Coward: "A security clearance means that you are (relatively) law-abiding, that you follow rules and procedures, and that you can be trusted not to reveal confidential info."
You mean like Edward Snowden
“I don't want to live in a world where everything I say, everything I do, everyone I talk to, every expression of creativity and love or friendship is recorded.”
Under the pretext of protecting us from the hackers the NSA-CIA are going to embed spies into tech companies such as Facebook and Twitter ...
Have the ever considered not connecting their critical infrastructure devices directly to the Internet and instead use VPNs running on embedded hardware.
@Anonymous Coward: "Without sandboxing, the attacker's code can read, delete or modify your documents and downloads and it doesn't need access to other processes to do so".
Why do you persist in willfully sowing confusion here. Isolating process memory means exactly that, therefore the browser don't need sandboxing and cannot access external data. At least if the browser wasn't running under Windows. Where presumably EDGE is so welded to the OS that a bug can lead to total compromise of the System. A bug in the browser that can lead to System compromise is a defect in the Operating System. And don't presume to lecture the moderators on what is acceptable here on slashdot.
@Anonymous Coward: "So you are ok with an attacker reading or writing anywhere you can on the system once he finds an exploitable bug in the rendering- or javascript engine of a browser? I'm not."
How did you manage to read that into what I actually wrote. If the Operating System did this one thing: isolate process memory from each other then we wouldn't need SANDBOXING, OSR, RCE, CFG, ACG, LPAC or WDAG. What just occurred to me is when and if Microsoft disclosed such mitigations to the Chrome developers or did they keep it to themselves to give EDGE an edge up on their competitors.
Anonymous Coward: 'Was demonstrated once more by the Equifax mega breach.'
The Equifax mega breach demonstrated what happens when a company with an annual turnover of US$ 3.1 billion, uses software on an Internet facing machine without testing it for security vulnerabilities. In fact they didn't even have a patch strategy in place or even know who was responsible for implementing such patches.