It's a co-working space. Essentially a coffee shop with a conference room, only with more outlets and different (often better) coffee. Also, the people in the coffee shop, er, co-working space pay rent and there's quieter music (and hopefully no frappe machine).
I'll bet $100 that there's a "spec" written by a guy with two years development experience that looks like this:
GET https://api.corpsite.com/customer/ID - returns the customer data (in JSON or XML) for the provided ID
I'll bet another $100 that there's no mention of any authenticated roles needed to access that call and an extra $100 that there were never any tests designed to try to access a customer's data while signed on as a different customer.
>> Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with
In the real world, I'd go to Kaspersky's biggest competitors and say, "if you replace these guys on a one-to-one basis (at no charge this year), we'll give you their support contracts in future years."
I owned two Trinitron TVs. One got color-spotty in the upper-left corner (sorry STTNG) and was so warm that our cat made a bee-line for it whenever we turned it on. The other lost the ability to controls its own volume and spent much of its days with foam and pads of paper duct-taped to the side speakers to regulate the sound. (It's a wonder I had a girlfriend back then.)
So, is Sony "good" hardware? Meh...maybe for the time, but quality enough to trust the name 25 years later? Nope.
Maybe the developers were just told they would have to work with "Maven" and quit on the news (without knowing that it was also the name for some drone program). https://maven.apache.org/
^^^ THIS ^^^ - PGP and SMIME are still fine. It's that dumb-ass software put secure (decrypted) and non-secure content into the same pot, and let the non-secure content broadcast the secure content out.
This site has the actual details (and paper): https://efail.de/
"EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago. The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker."
TFA article tells you crap about the complaints. Here's a much better article: http://www.datacenterdynamics.com/content-tracks/design-build/apples-irish-data-center-faces-new-hearing/96069.fullarticle
"...objectors raise fears that it would flood golf course, and make inordinate demands on Ireland’s power grid."
"The full proposal would reduce the habitat of bats and badgers, say some objections, and the Bord has also received a complaint from Athenry Golf Club, 1km away from the site. 'Our primary concern is the totality of the proposed development, especially the extent of the proposed masterplan, and the potential this has to alter the hydrology of the local area and potentially increase the frequency and duration of flooding already experienced at the golf club,' says the golf club’s appeal"
That's normally part of the preamble when you get into most phone systems today. "This call may be monitored or recorded for (whatever)." And then the voice response script starts.
>> Glad I don't have to depend on public transportation
^^^ THIS ^^^. Add that to the risk of strike once unions get involved and the excess pollution associated with empty trains and busses and you see why the 20th-century version of public transportation is drag on modern society. I, for one, look forward to universal car sharing (essentially subsidized electric taxis with automated drivers) and the continued death of passenger rail (because the places people want to live and travel to are constantly changing).
^^^ this ^^^. This kind of mistake is worth a little class action. Non-negligent companies don't deploy noob code like this ("der...dump all POST input because we have our fingers in production...herp!") on the machines that actually parse the passwords (or any other sensitive data). Non-negligent companies also have tests for exactly this kind of thing (e.g., try signing on as "user123 / pass123", then make sure "pass123" isn't actually in the log).
>> If you have incompatible hardware, why run Windows 10?
PREVIOUS versions of Windows 10 were compatible with the hardware, and they run great! (Remember how one of Windows 10's pitches was faster startup and leaner running?) That's how I got it installed. But Microsoft drops some device compatibility with each of these unnecessary and unwanted "feature" releases. I really just want the security patches.
I have a couple of older laptops and machines that are no longer supported by the drivers in Windows 10 automatic upgrades. Yet, they still try to apply themselves again. And again. And again; wasting gigabyte bandwidth and hours of time with each futile attempt.
Thank {deity} for the Windows tool that allows you to selectively disable major "upgrades" like this.
Of course you bring your press-friendly distractions, like VR headsets.
Especially when you are dealing with a PR timebomb that has you in the sights of establishment liberals who think Facebook stole the election from Hillary, fringe conservatives annoyed that Facebook has assembled a pre-weaponized Orwellian database, and ordinary citizens worried that a Facebook is clamping down on free speech all at the same time.
Five years until they can tell who is flipping the bird in a photo? Five years until you can tell that the tiny dark splotch behind the sun-dappled leaves is a bird? Yeah...seems optimistic to me.
Well, that ought to be interesting to attend. You have a bunch of suits presenting the usual batch of mine-our-user's-data products and you have a bunch of attendees thinking "I wonder how much of this will still be around in two months." If anything, it should work to help companies negotiate better prices for the data they buy from Facebook (and we heard about Facebook's "close elevator door / erase some data" button yesterday), but I'm still not sure how the consumer is helped by any of this.
Slashdot Mirror
It's a co-working space. Essentially a coffee shop with a conference room, only with more outlets and different (often better) coffee. Also, the people in the coffee shop, er, co-working space pay rent and there's quieter music (and hopefully no frappe machine).
Travel booking
I'll bet $100 that there's a "spec" written by a guy with two years development experience that looks like this:
GET https://api.corpsite.com/customer/ID - returns the customer data (in JSON or XML) for the provided ID
I'll bet another $100 that there's no mention of any authenticated roles needed to access that call and an extra $100 that there were never any tests designed to try to access a customer's data while signed on as a different customer.
Play stupid games...
To burn the records and wipe the hard drive?
>> Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with
In the real world, I'd go to Kaspersky's biggest competitors and say, "if you replace these guys on a one-to-one basis (at no charge this year), we'll give you their support contracts in future years."
I owned two Trinitron TVs. One got color-spotty in the upper-left corner (sorry STTNG) and was so warm that our cat made a bee-line for it whenever we turned it on. The other lost the ability to controls its own volume and spent much of its days with foam and pads of paper duct-taped to the side speakers to regulate the sound. (It's a wonder I had a girlfriend back then.)
So, is Sony "good" hardware? Meh...maybe for the time, but quality enough to trust the name 25 years later? Nope.
When someone pays the $135K fee for "your TLD here"
>> Crappy TLD ".app" is now taking money from suckers.
Nope.
Maybe the developers were just told they would have to work with "Maven" and quit on the news (without knowing that it was also the name for some drone program). https://maven.apache.org/
^^^ THIS ^^^ - PGP and SMIME are still fine. It's that dumb-ass software put secure (decrypted) and non-secure content into the same pot, and let the non-secure content broadcast the secure content out.
This site has the actual details (and paper): https://efail.de/
"EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago. The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker."
TFA article tells you crap about the complaints. Here's a much better article:
http://www.datacenterdynamics.com/content-tracks/design-build/apples-irish-data-center-faces-new-hearing/96069.fullarticle
"...objectors raise fears that it would flood golf course, and make inordinate demands on Ireland’s power grid."
"The full proposal would reduce the habitat of bats and badgers, say some objections, and the Bord has also received a complaint from Athenry Golf Club, 1km away from the site. 'Our primary concern is the totality of the proposed development, especially the extent of the proposed masterplan, and the potential this has to alter the hydrology of the local area and potentially increase the frequency and duration of flooding already experienced at the golf club,' says the golf club’s appeal"
That's normally part of the preamble when you get into most phone systems today. "This call may be monitored or recorded for (whatever)." And then the voice response script starts.
>> Glad I don't have to depend on public transportation
^^^ THIS ^^^. Add that to the risk of strike once unions get involved and the excess pollution associated with empty trains and busses and you see why the 20th-century version of public transportation is drag on modern society. I, for one, look forward to universal car sharing (essentially subsidized electric taxis with automated drivers) and the continued death of passenger rail (because the places people want to live and travel to are constantly changing).
I for one can't wait until unpowered cylinder phonographs come back. I even bought a gold-plated horn to ensure optimal audio fidelity.
>> a large Japanese human resources company that owns other job sites like Indeed
It would be politically incorrect to say why, as a huge fan of "Big Trouble in Little China", that I found this phrase very, very funny.
Exactly. This is one law/regulation that's not only working as designed, it's working as intended!
^^^ this ^^^. This kind of mistake is worth a little class action. Non-negligent companies don't deploy noob code like this ("der...dump all POST input because we have our fingers in production...herp!") on the machines that actually parse the passwords (or any other sensitive data). Non-negligent companies also have tests for exactly this kind of thing (e.g., try signing on as "user123 / pass123", then make sure "pass123" isn't actually in the log).
Nail 'em to the wall.
>> If you have incompatible hardware, why run Windows 10?
PREVIOUS versions of Windows 10 were compatible with the hardware, and they run great! (Remember how one of Windows 10's pitches was faster startup and leaner running?) That's how I got it installed. But Microsoft drops some device compatibility with each of these unnecessary and unwanted "feature" releases. I really just want the security patches.
>> Collision Conference, one of North America's most influential technology gatherings
(gaffaws)
If you have to tell people you're "influential", you aren't influential. Wake me up when RSA heads to Vancouver.
I have a couple of older laptops and machines that are no longer supported by the drivers in Windows 10 automatic upgrades. Yet, they still try to apply themselves again. And again. And again; wasting gigabyte bandwidth and hours of time with each futile attempt.
Thank {deity} for the Windows tool that allows you to selectively disable major "upgrades" like this.
No amount of PR and side projects will diminish the creepiness of Facebook and the stalkers who work there.
Of course you bring your press-friendly distractions, like VR headsets.
Especially when you are dealing with a PR timebomb that has you in the sights of establishment liberals who think Facebook stole the election from Hillary, fringe conservatives annoyed that Facebook has assembled a pre-weaponized Orwellian database, and ordinary citizens worried that a Facebook is clamping down on free speech all at the same time.
Five years until they can tell who is flipping the bird in a photo? Five years until you can tell that the tiny dark splotch behind the sun-dappled leaves is a bird? Yeah...seems optimistic to me.
>> Facebook ... annual conference
Well, that ought to be interesting to attend. You have a bunch of suits presenting the usual batch of mine-our-user's-data products and you have a bunch of attendees thinking "I wonder how much of this will still be around in two months." If anything, it should work to help companies negotiate better prices for the data they buy from Facebook (and we heard about Facebook's "close elevator door / erase some data" button yesterday), but I'm still not sure how the consumer is helped by any of this.
>> If only we could build a corresponding network of consumer bots, that interact with business bots
Congratulations, you invented "Twitter"