|
Microsoft refused to patch issue so security researcher released exploit code online. People who like people don't let them use IE anymore
But, "they wouldn't fix it, so I exploited it" seems more than a little "blackmaily"
|
|
|
|
|
Kent Sharkey wrote: But, "they wouldn't fix it, so I exploited it" seems more than a little "blackmaily" I'd say that it qualifies as industrial espionage -- not to mention that it is specifically aimed at causing injury to the public at large.
I'm getting really sick of these "researcher" types, arrogantly and/or thoughtlessly causing more harm than (or, at the very least, "tooling up") the hackers.
They should be arrested and tried for their crimes. Precedent needs to be set.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: Precedent needs to be set. Agree
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Microsoft has confirmed to TechCrunch that a certain “limited” number of people who use web email services managed by Microsoft — which cover services like @msn.com and @hotmail.com — had their accounts compromised. "Gentlemen do not read each other's mail."
|
|
|
|
|
Technically, "limited" means "not infinite".
I feel they need to be a tad more specific.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
https://www.foxnews.com/tech/air-force-cloud-migration-fights-ai-enabled-cyberattacks[^]
Unfortunately, I'm on the front lines of this initiative, and it ain't all roses and honey. For instance, we couldn't use a commercial cloud service because none of them support a high enough level of security. This means the AF has to setup its own "cloud". What do you imagine you get when you have people that don't know what they're doing or why they're doing it setting this kind of thing up?
You get chaos and connectivity issues. That's what you get.
And instead of stopping a patentedly bad idea in its tracks, everyone says, "Well, all we can do is go along, and wait for it to fail", all because some general somewhere has a massive erection for "the cloud" because some sales nazi sold him a bill of goods on some technology that is NOT fit for DoD consumption.
Yes. I'm bitter and annoyed.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
modified 12-Apr-19 11:17am.
|
|
|
|
|
Sounds very similar to when I was working on the video surveillance system for the MX Missile Train. Chaos, connectivity issues, etc. And pretty much everyone directly under gov't contract told us civilian contractors "we're working on it until Congress kills it."
Latest Article - A 4-Stack rPI Cluster with WiFi-Ethernet Bridging
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
The article looks like a PR piece for cisco...just a way to upsell their edge devices..the buzz words AI just means some alerts and reports if you see though the crap..anyway....
Caveat Emptor.
"Progress doesn't come from early risers – progress is made by lazy men looking for easier ways to do things." Lazarus Long
|
|
|
|
|
The Uneducated said: cloud access could allow an Air Force pilot to access needed additional intelligence to inform targeting, mission planning or other time-sensitive information - while en route to an attack
Please fire your cannon no
Buffering...
w... three seconds ago.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
I've experienced the connectivity issues caused by the over-the-top security absurdity, and this is a VERY real possibility.
The recently implemented this thing called JRSS, which takes all inbound and outbound traffic (which is already encrypted), decrypts the stream, inspects the packets (I don't know what they're looking for), re-encrypts the stream, and sends it on its way. This happens at both ends of the connection. We realized a drop in speed from 16mbits to 2.5 mbit - all in the name of security. Keep in mind that this is for traffic between two .mil domains. You'd think that there would be a certain trust level between two government domains, but no...
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Been there, done that, on the federal law enforcement side.
The most secure network is always the one you can't even use or log in on.
|
|
|
|
|
I suppose if you were on a long range strike mission updated data might be useful, but I cannot for the life of me see a pilot taking time to worry about updating a strike package, a mission profile or looking for additional data. I *can* see information like this pushed to the a/c.
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
It's probably because they are walking with their head in the clouds
|
|
|
|
|
Not to be obtuse, but isn't cloud access the whole raison d'etre of an air force?
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Daniel Pfeffer wrote: cloud access Jeeze!
Seeing those two words used in a single clause, right next to each other, nearly gave me an infarction!
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
#realJSOP wrote: What do you imagine you get when you have people that don't know what they're doing or why they're doing it setting this kind of thing up?
Isn't the the purest definition of Government?
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
For application developers, open source has become an indispensable part of the development process. THIS. IS. DEVELOPMENT!
Just don't try to picture most developers trying to kick the messenger into a pit (where the QA folk are working).
Also: wow. 300 developers. They surveyed almost all of them.
|
|
|
|
|
Kent Sharkey wrote: Also: wow. 300 developers. They surveyed almost all of them. Nearly 300.
But an IMMENSE sample of 1200 was used to calculate that: "over 90 percent of professional developers use open source".
I love Mathematics. That ain't what this is.
Also, although it implies (by having it in the breadcrumb path) that the article is sponsored, I didn't notice it saying exactly who the sponsor was.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: I didn't notice it saying exactly who the sponsor was.
Right at the top: Quote: Tidelift sponsored this post.
Latest Article - A 4-Stack rPI Cluster with WiFi-Ethernet Bridging
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
Oh, good grief!
I overlooked that as part of the "Please share me with fb and everyone else!" thing
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: an IMMENSE sample of 1200 was used to calculate If the study was well designed, questions were non-bias and was a truly random sample set, that number should be enough to draw a reasonable conclusion. Now ask me if I think any of that is the case.
|
|
|
|
|
Amazon, Apple and Google all employ staff who listen to customer voice recordings from their smart speakers and voice assistant apps. Did anyone think otherwise?
modified 11-Apr-19 16:07pm.
|
|
|
|
|
Y'know, we always knew that phone companies could listen in to what we were saying, during calls, but it wasn't a bother, let alone menacing, because they had no real interest (nosiness and giggles at the coffee machine aside) in doing so.
Today is so different.
A vast number of companies exist solely and only to snoop on everything we do and say on the net.
Even I was flabbergasted, after the EU privacy laws came into power, on the sheer number of companies involved (the average site has between 120 and 400 "partner companies") (yes, 400!), who reap data from every click we make.
Oh, and the workaround that they have for being legally blocked from collecting data is that they change domain names, every five minutes, so once you've gone to all the trouble of blocking them, it makes precious little difference, because they're back, a few days later, under a different name.
Are they malicious?
Probably not, mostly.
Avaricious, certainly.
But it's just such a f***ing intrusion!
It's like having hundreds of people standing outside your window, watching every move you make, and you can't close the curtains or tell them (politely or impolitely) to go away.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: It's like having hundreds of people standing outside your window, watching every move you make
and promptly making an offer (product, good/evil things, or even control sequences) you don't want or sell your current state to others of the same kind, all to their advantages not yours
|
|
|
|
|
We have our "alexa" controlling an array of x10 devices about our house via some bridging software. I have a box full of x10 modules so yeah. Anyway we have things called the stuff, the fireplace, the hall light, the kitchen light, my light, k light, corner light and Scentsy (wax Labrador fart covering).
She gets all of them right even if we're mumbling in the morning but continually when we say "Alexa, turn on the Scentsy" 9 out of 10 times She will respond with "Sorry, I did not find a device named Scentsy" - Seriously? This has gone on for about a year till last week I finally made a change in the bridging software to rename it to the wax. Now she finally gets it right. We would scream at it. You dumb hockey puck, I should slap shot you into next week!
So they're not listening to us - yet.
modified 11-Apr-19 21:40pm.
|
|
|
|