We only use SSO for the majority of our systems, we still get people falling for phishing login forms that look like they were created in Word 1997.
There is a plan to use MFA for staff with higher access but trying to get that working for every single staff member with an IT account will be mayhem when they forget their phone or lose their yubikey...
Classic example of the triangle of security, ease of use, speed. Only ever 2 of the three when people just want all 3. And that is why JISC saw 100%
Very few are willing to do security properly all the time as it takes a lot of effort
I work at a UK university and the report linked in this story doesn't surprise me one bit.
The key part that enabled the 100% success rate is phishing.
Most Universities will have multiple thousand staff. Most of those staff will not be technically literate. Most technically illiterate people fall for phishing.
We constantly have compromised staff accounts that originate from the most basic poorly crafted phishing emails.
Unless you completely lock down the email system or are able to teach every single staff member the detailed ways of checking email headers and body sources then this won't be fixed.
Except it isn't is it. As the OP said, the principcal of marketing is to show what you have. If I am selling lemonade and I put up a sign saying "You can buy lemonade here" then that is marketing and it isn't lying.
What you're referring to is just lying via marketing.
This makes it all sound like the guy helped create Vine, a service for posting short video clips. He then sold it off and the buyer eventually closed it. He's now deciding he wants to run Vine again so is launching a new video service hosting short clips.
I'd have thought the initial purchase of Vine would have included some sort of clause saying you can't just run off and create a competitor to the company you've just sold.
I use Feedly (free, I don't pay anything) and have yet to see any 'fake article' type injected entries.
Do you use an AdBlocker? I always will have either uBlock or AdBlock Plus depending on which device which may explain it. Although I also use the Feedly Android app and haven't seen anything there either.
I have an EX2 and tried the username and password on the 2.11.xx firmware and it didn't let me login.
I then read the actual original vulnerability release and you can't use the login details to sign into the UI, the username and password are hardcoded into a specific file that needs to be called via a HTTP(s) request. So you can just test this by attempting to login.
Yeah the NY times article was scaremongering and partially wrong but the 'bad' thing Uber did here was break the Apple TOS which say developers should not be fingerprinting users devices.
You're supposed to be able to install an app, uninstall it and then the next time you install the same app the company has no idea it is a second installation.
Apple have tried to give each app a new unique udid, unlike the old days of iOS where everyone read the same UDID
But you seem to have completely misread my question. I was making a point out of the summary stating it only had to be 'plausible' I know full well about how an IP isn't concrete proof
I'm fully in agreement that an IP address proves nothing in a case like this. I merely wanted to question the (we've all agreed quite clearly wrong) summary.
Although it does mean that this sentence in the summary is simply wrong - "To prove direct infringement copyright holders merely have to make it "plausible" that a defendant, Thomas Gonzales in this case, is indeed the copyright infringer."
If it was true, it doesn't matter how many other peoples shared the internet connection.
Which is exactly why I repeated 'plausible' three times as my point is, lets bring out the car analogy, if Mr Johnson owns a car and that car is caught speeding by a speed camera. It is PLAUSIBLE that Mr Johnson was speeding as it is his car. It's entirely plausible. It doesn't mean it wasn't Mrs Johnson driving or Mr Johnson's kid. It may have been stolen and it wasn't anyone in the Johnson family. But it is definitely PLAUSIBLE that it was Mr Johnson.
Exactly the same applies in this case, if the only requirement is whether it is plausible, then surely the IP belongs to Gonzales' account with the ISP so it is plausible it was him.
As much as I disagree with the copyright system across the globe, and would be a hypocrite to say downloading is wrong.
Surely the judge has got it wrong here? If this sentence is true "To prove direct infringement copyright holders merely have to make it "plausible" that a defendant, Thomas Gonzales in this case, is indeed the copyright infringer." then the IP address linked to the defendant's contract with the ISP is surely "plausible"?
There is quite a large jump between saying "I'm going to build my own AI like Jarvis from Iron Man" and then saying "I'll use this AI to help me turn on the lights or listen to music".
Is it going to be a glorified Amazon Echo / Apple Siri or will it actually be able to predict what you're doing and what you need help with?
I have a 2013 Nexus 7 and a Nexus 5 both on Lollipop and I don't have any issues on either. I've read other loud people who have issues but thankfully so far I've been fine, and I use my phone every day and my tablet most evenings.
Why are you so angry? Also, The Pirate Bay isn't "back" as per https://torrentfreak.com/can-p... - "Update: Just to be clear, thepiratebay.ee, thepiratebay.cr, thepiratebay.mobi and others are mirrors not affiliated with the original site. They serve old content (no new uploads) and are not TPB resurrections. If the site reappears it will be on the original.se domain."
"I know most clients clocks are not precise, but if they have their timezone wrong, I don't why that's the BBCs fault."
The whole issue here is that someone complained that the BBC's clock was wrong...while the whole time the BBC was using the local user's computer time as the source. So the end user having their timezone wrong would bring us back to step 1 in this dilemma. Hence why the problem isn't as easy as you think it seems to be.
The BBC can't use anything set locally on the end user's machine this basically leaves the IP address as an attempt to find the correct location, now try and find an IP -> geographical location database that is 100% accurate, as if it isn't accurate for one user...we're back to step 1 of this dilemma as that person can then complain that the BBC clock is wrong.
yeah, maybe the pedantry is needed:P I didn't mean a literal image as in some png file. I meant it more like you'd say an image of a backup you've done or a snapshot.
If I'm in doors within an old building with thick walls I may only be able to get 5kB/s
If I'm in a sports stadium and it's half time with everyone trying to use their phone at the same time, I may get 0kB/s and not be able to do anything.
Both of these are true "minimum" speeds that can happen fairly frequently.
What it sounds like the bill should be asking for is the average data speed.
Slashdot Mirror
We also use*
We only use SSO for the majority of our systems, we still get people falling for phishing login forms that look like they were created in Word 1997.
There is a plan to use MFA for staff with higher access but trying to get that working for every single staff member with an IT account will be mayhem when they forget their phone or lose their yubikey...
Classic example of the triangle of security, ease of use, speed. Only ever 2 of the three when people just want all 3. And that is why JISC saw 100%
Very few are willing to do security properly all the time as it takes a lot of effort
I work at a UK university and the report linked in this story doesn't surprise me one bit.
The key part that enabled the 100% success rate is phishing.
Most Universities will have multiple thousand staff. Most of those staff will not be technically literate. Most technically illiterate people fall for phishing.
We constantly have compromised staff accounts that originate from the most basic poorly crafted phishing emails.
Unless you completely lock down the email system or are able to teach every single staff member the detailed ways of checking email headers and body sources then this won't be fixed.
Except it isn't is it. As the OP said, the principcal of marketing is to show what you have. If I am selling lemonade and I put up a sign saying "You can buy lemonade here" then that is marketing and it isn't lying.
What you're referring to is just lying via marketing.
This makes it all sound like the guy helped create Vine, a service for posting short video clips. He then sold it off and the buyer eventually closed it. He's now deciding he wants to run Vine again so is launching a new video service hosting short clips.
I'd have thought the initial purchase of Vine would have included some sort of clause saying you can't just run off and create a competitor to the company you've just sold.
I use Feedly (free, I don't pay anything) and have yet to see any 'fake article' type injected entries.
Do you use an AdBlocker? I always will have either uBlock or AdBlock Plus depending on which device which may explain it. Although I also use the Feedly Android app and haven't seen anything there either.
What were these injected ads like?
I have an EX2 and tried the username and password on the 2.11.xx firmware and it didn't let me login.
I then read the actual original vulnerability release and you can't use the login details to sign into the UI, the username and password are hardcoded into a specific file that needs to be called via a HTTP(s) request. So you can just test this by attempting to login.
Yeah the NY times article was scaremongering and partially wrong but the 'bad' thing Uber did here was break the Apple TOS which say developers should not be fingerprinting users devices.
You're supposed to be able to install an app, uninstall it and then the next time you install the same app the company has no idea it is a second installation.
Apple have tried to give each app a new unique udid, unlike the old days of iOS where everyone read the same UDID
Wow, very defensive. You aren't understanding this what so ever. So let's leave it at that :)
But you seem to have completely misread my question. I was making a point out of the summary stating it only had to be 'plausible'
I know full well about how an IP isn't concrete proof
I'm fully in agreement that an IP address proves nothing in a case like this. I merely wanted to question the (we've all agreed quite clearly wrong) summary.
I'm not sure why you are saying I'm wrong, I was questioning the summary. It seems to be the summary that was wrong.
Ah, that makes sense then.
Although it does mean that this sentence in the summary is simply wrong - "To prove direct infringement copyright holders merely have to make it "plausible" that a defendant, Thomas Gonzales in this case, is indeed the copyright infringer."
If it was true, it doesn't matter how many other peoples shared the internet connection.
Which is exactly why I repeated 'plausible' three times as my point is, lets bring out the car analogy, if Mr Johnson owns a car and that car is caught speeding by a speed camera. It is PLAUSIBLE that Mr Johnson was speeding as it is his car. It's entirely plausible. It doesn't mean it wasn't Mrs Johnson driving or Mr Johnson's kid. It may have been stolen and it wasn't anyone in the Johnson family. But it is definitely PLAUSIBLE that it was Mr Johnson.
Exactly the same applies in this case, if the only requirement is whether it is plausible, then surely the IP belongs to Gonzales' account with the ISP so it is plausible it was him.
As much as I disagree with the copyright system across the globe, and would be a hypocrite to say downloading is wrong.
Surely the judge has got it wrong here? If this sentence is true "To prove direct infringement copyright holders merely have to make it "plausible" that a defendant, Thomas Gonzales in this case, is indeed the copyright infringer." then the IP address linked to the defendant's contract with the ISP is surely "plausible"?
If the IDs weren't used by normal accounts and then later were used, Twitter surely has to have some involvement.
There is quite a large jump between saying "I'm going to build my own AI like Jarvis from Iron Man" and then saying "I'll use this AI to help me turn on the lights or listen to music".
Is it going to be a glorified Amazon Echo / Apple Siri or will it actually be able to predict what you're doing and what you need help with?
No, it was Cannon. A British company that has only existed for 30 years.
I have a 2013 Nexus 7 and a Nexus 5 both on Lollipop and I don't have any issues on either. I've read other loud people who have issues but thankfully so far I've been fine, and I use my phone every day and my tablet most evenings.
Why are you so angry? Also, The Pirate Bay isn't "back" as per https://torrentfreak.com/can-p... - "Update: Just to be clear, thepiratebay.ee, thepiratebay.cr, thepiratebay.mobi and others are mirrors not affiliated with the original site. They serve old content (no new uploads) and are not TPB resurrections. If the site reappears it will be on the original .se domain."
There are no ads on the BBC for British people though?
"I know most clients clocks are not precise, but if they have their timezone wrong, I don't why that's the BBCs fault."
The whole issue here is that someone complained that the BBC's clock was wrong...while the whole time the BBC was using the local user's computer time as the source. So the end user having their timezone wrong would bring us back to step 1 in this dilemma. Hence why the problem isn't as easy as you think it seems to be.
The BBC can't use anything set locally on the end user's machine this basically leaves the IP address as an attempt to find the correct location, now try and find an IP -> geographical location database that is 100% accurate, as if it isn't accurate for one user...we're back to step 1 of this dilemma as that person can then complain that the BBC clock is wrong.
why would any customer want this?
yeah, maybe the pedantry is needed :P I didn't mean a literal image as in some png file. I meant it more like you'd say an image of a backup you've done or a snapshot.
If I'm in doors within an old building with thick walls I may only be able to get 5kB/s If I'm in a sports stadium and it's half time with everyone trying to use their phone at the same time, I may get 0kB/s and not be able to do anything. Both of these are true "minimum" speeds that can happen fairly frequently. What it sounds like the bill should be asking for is the average data speed.