Whenever they find Child Porn. Just like doctors must inform law enforcement about people who they believe are going to commit self harm, or harm others.
They're regulations that make sense, but have some nasty side effects. Someone's feeling suicidal and goes to get help. Hope they like being naked in prison, while not being allowed to sleep.
That they cooperate with law enforcement as legally required, but don't hire informants.
At the least I expect them to fire the employee. I also expect them to try whatever legal wrangling they can to ferret out all the other informants and fire them as well.
It's a huge black eye to the company. They've always been known to be scummy as far as pricing and diagnosing issues goes. If they're also associated with the FBI to this extent they may lose even more business.
On a minor side note, if the informant's name's been revealed I doubt he'll be able to get work in a technical field outside of law enforcement or government contractor.
Re: Re: Surveillance is the biggest threat to security
The problem is that costs money.
Plus, the embedded and process control people are still new to this whole "security" thing. Stuxnet and the IOT security disaster should be proof enough of that.
No really, I'll bet you good money that if you go to any large plant or refinery and hook into a data bus you'll see large amounts of un-encrypted traffic. That's the data keeping machines and tanks from exploding.
Even with brexit it still matters. The EU has been pretty strong in claiming that want to protect their citizens privacy.[1] Especially from foreign actors.
If brexit does happen I fully expect banking regulations reinforcing the EUs privacy requirement. All the banks would then be required to move their servers to a country with more privacy protections.
It would be a huge FU to the UK, for obvious reasons. Heck it might happen anyways if the UK appeal loses and they don't repeal the law.
[1]If I remember what Germany's doing correctly, also pretty hypocritical too. Everyone here at TD knows what can be done with "just metadata".
> Example, the Telephone poles and the underground pipes that handle the cabling are public property.
Umm, the entire fight about the one touch make ready legislation is the telephone poles **are not** public property. They are owned by the telcos. Who make it as difficult as possible for a potential competitor to use them.
If you're suggesting that the government should use eminent domain to forcibly purchase vital public resources to allow competition, then I agree. Combine that with one touch make ready rules and competition becomes possible.
> But, do you want to have the government get access to the birth certificate you have stored in your bank safe deposit box because someone who rents one on the other side of the vault MIGHT be storing marijuana in it?
If I were a company using one of these products I'd be rather unhappy.
Businesses, especially ones large enough to have this software, tend like stability and abhor risk. Especially in core infrastructure.
It's why they're willing to pay so much money to Oracle for something that free products do just as well. Corporate inertia means they're not willing to face the possibility of breakage when moving to a new back end.
PwC is relying on their products being so complicated and integral to companies that no one will switch. Unfortunately, they're probably correct. However, this may prevent new businesses from using their software. Plus, companies will implement stopgap measures, like stopping using the fancy features of the software that requires extra connectivity. Not a good way to keep customers in the long run.
The trick is to explain to the CFO that hacks to such a system don't just mean theft. If they understand that an SAP system hack means potential securities fraud they start paying attention.
These devices are meant to be used by smartphones away from home, but the manufacturers don't want to pay for infrastructure. Home routers have a feature, called UPNP, to allow devices to punch through the Network Address Translation (NAT) layer and become accessible to the public internet. These devices use that feature.
Turning off UPNP will not protect you if someone is close to your house in person, but will prevent the attacks talked about in the article.
Re: Why are all these devices directly on Internet?
Because it's cheaper.
Here's what the camera makers are doing at least:
Auto register with a dynamic DNS provider. Giving the home network a stable address.
Use UPNP to expose themselves to the internet.
Practically shout that dynamic DNS address to any listening device on the local network.
Now you can easily check your cheap WiFi camera from the smartphone app anywhere. All you need to do is run the app once while connected to the local network.
The alternative is persistent connections and the vendor having to gasp actually maintain some infrastructure.
The worst part is most of the problem isn't even unpatched security vulnerabilities, it's default passwords.
Many router manufacturers have at least gotten the message and burn a random default password into the rom. It goes on a sticker right next to the serial number.
Sure, there are plenty of other vulnerabilities in these devices that will never be patched, but using a random password should cut out most of the malicious activity we see today.
It's actually worse than that. The EU has, historically, relaxed it's privacy protections when dealing with US companies. The NSA leaks have caused them to now lean towards a "all EU data must be on EU soil" policy.
The big problem with this lawsuit is the data is on EU soil, but the US wants access to it without going through the EU. If the US wins the EU may go one step further and everything to be under the control of an EU company. A company that the US can not compel to divulge data.
This actually wouldn't be too big of a deal for Microsoft and other big companies. Sure it wouldn't be easy, but they'd basically set up subsidiaries in the EU to deal with it. The problem is any US company that stores user data would be required to have an EU subsidiary with at least one employee. Not exactly easy for things like a one man startup.
Yeah, the normal game costs $60. The collectors edition costs $140. I'll grant you that I really want that sucker, but it's a hard buy at that price point.
Minkind Divided also has microtransactions. Heck, one of the key issues people have is the in game digital goodies are gone after being collected. Start a new game and you have to buy them over again, with real money.
Would it be possible to mark all links to Forbes and other Ad-Blocker unfriendly websites with some sort of warning?
I appreciate that you can't always steer clear of those websites, but feel that we as a community should take pro-active measures to discourage annoying behavior.
Re: a blanket and rope tied to four corners does wonders.
I saw this in Rome. A patrol would come through and the vendors would all grab everything. When the police were gone everything was back in place. It's so strange to us country folks. I've lived in a city of 300k people, and street vendors were the exception not the rule.
Fun fact, blocking wifi can and will result in large fines and/or a jail sentence in the US. Actually, any radio jammer will. Even federal prison's aren't immune to this.
Schools, movie theaters, prisons, etc... can always turn the rooms or buildings into a large Faraday cage, but in a shocking surprise teachers, guards, etc... like/need having cell phones or radios.
Germany doesn't have the 1st Amendment, but they are part of the EU, which has some free speech protections.
It is the primary duty of every US judge to determine if a law is in compliance with the constitution. This was deliberately set up as a check and balance to prevent a simple majority from becoming tyrannical.
From things like this it certainly looks like German judges don't have that ability.
I was going to buy one of these, but not with that attitude.
Can anyone recommend a good competitor? I'm in need of something like the nano as a PGP keystore for my laptop. It needs the standard features, wipe on too many bad attempts, and anti-tamper protection.
Youbikey would have worked, but they didn't make it easy. Well, now to do research...
On the post: Court Documents Appear To Confirm The FBI Is Using Best Buy Techs To Perform Warrantless Searches For It
Re: When do pc techs become mandated reporters?
They're regulations that make sense, but have some nasty side effects. Someone's feeling suicidal and goes to get help. Hope they like being naked in prison, while not being allowed to sleep.
On the post: Court Documents Appear To Confirm The FBI Is Using Best Buy Techs To Perform Warrantless Searches For It
Re: What has Best Buy had to say about all this?
At the least I expect them to fire the employee. I also expect them to try whatever legal wrangling they can to ferret out all the other informants and fire them as well.
It's a huge black eye to the company. They've always been known to be scummy as far as pricing and diagnosing issues goes. If they're also associated with the FBI to this extent they may lose even more business.
On a minor side note, if the informant's name's been revealed I doubt he'll be able to get work in a technical field outside of law enforcement or government contractor.
On the post: European Information Security Advisory Says Mandating Encryption Backdoors Will Just Make Everything Worse
Re: Re: Surveillance is the biggest threat to security
Plus, the embedded and process control people are still new to this whole "security" thing. Stuxnet and the IOT security disaster should be proof enough of that.
No really, I'll bet you good money that if you go to any large plant or refinery and hook into a data bus you'll see large amounts of un-encrypted traffic. That's the data keeping machines and tanks from exploding.
On the post: Court Says Abandoned Phone Locked With A Passcode Still Has Expectation Of Privacy
Re:
On the post: European Court Of Justice Rules Against UK's Mass Surveillance Program
It still matters
If brexit does happen I fully expect banking regulations reinforcing the EUs privacy requirement. All the banks would then be required to move their servers to a country with more privacy protections.
It would be a huge FU to the UK, for obvious reasons. Heck it might happen anyways if the UK appeal loses and they don't repeal the law.
[1]If I remember what Germany's doing correctly, also pretty hypocritical too. Everyone here at TD knows what can be done with "just metadata".
On the post: Why Does It Still Take Press Attention For Comcast To Fix Obvious Screw Ups?
Re: Re: Re: Government idiocy
Umm, the entire fight about the one touch make ready legislation is the telephone poles **are not** public property. They are owned by the telcos. Who make it as difficult as possible for a potential competitor to use them.
If you're suggesting that the government should use eminent domain to forcibly purchase vital public resources to allow competition, then I agree. Combine that with one touch make ready rules and competition becomes possible.
On the post: Coinbase User (Also, Class Action Lawyer) Files To Intervene In Case Where IRS Wants Info On All Coinbase Users
Re: Re:
Perfect analogy of what they're asking for.
On the post: Researchers Find Vulnerability That Enables Accounting Fraud, PwC Decides The Best Response Is A Legal Threat
PwC Screaming "Hack Me"
If I were a company using one of these products I'd be rather unhappy.
Businesses, especially ones large enough to have this software, tend like stability and abhor risk. Especially in core infrastructure.
It's why they're willing to pay so much money to Oracle for something that free products do just as well. Corporate inertia means they're not willing to face the possibility of breakage when moving to a new back end.
PwC is relying on their products being so complicated and integral to companies that no one will switch. Unfortunately, they're probably correct. However, this may prevent new businesses from using their software. Plus, companies will implement stopgap measures, like stopping using the fancy features of the software that requires extra connectivity. Not a good way to keep customers in the long run.
The trick is to explain to the CFO that hacks to such a system don't just mean theft. If they understand that an SAP system hack means potential securities fraud they start paying attention.
On the post: Akamai: 12-Year-Old SSH Vulnerability Fueling Internet-Of-Broken-Things DDoS Attacks, And Worse
Re: I'm confused
See my previous comment.
These devices are meant to be used by smartphones away from home, but the manufacturers don't want to pay for infrastructure. Home routers have a feature, called UPNP, to allow devices to punch through the Network Address Translation (NAT) layer and become accessible to the public internet. These devices use that feature.
Turning off UPNP will not protect you if someone is close to your house in person, but will prevent the attacks talked about in the article.
On the post: Akamai: 12-Year-Old SSH Vulnerability Fueling Internet-Of-Broken-Things DDoS Attacks, And Worse
Re: Why are all these devices directly on Internet?
Because it's cheaper.
Here's what the camera makers are doing at least:
Now you can easily check your cheap WiFi camera from the smartphone app anywhere. All you need to do is run the app once while connected to the local network.
The alternative is persistent connections and the vendor having to gasp actually maintain some infrastructure.
On the post: Akamai: 12-Year-Old SSH Vulnerability Fueling Internet-Of-Broken-Things DDoS Attacks, And Worse
Random Default Passwords
Many router manufacturers have at least gotten the message and burn a random default password into the rom. It goes on a sticker right next to the serial number.
Sure, there are plenty of other vulnerabilities in these devices that will never be patched, but using a random password should cut out most of the malicious activity we see today.
On the post: Government Seeks Do-Over On Win For Microsoft And Its Overseas Data
Re: Mutual Legal Asistance Treaties?
The big problem with this lawsuit is the data is on EU soil, but the US wants access to it without going through the EU. If the US wins the EU may go one step further and everything to be under the control of an EU company. A company that the US can not compel to divulge data.
This actually wouldn't be too big of a deal for Microsoft and other big companies. Sure it wouldn't be easy, but they'd basically set up subsidiaries in the EU to deal with it. The problem is any US company that stores user data would be required to have an EU subsidiary with at least one employee. Not exactly easy for things like a one man startup.
On the post: Remember When Cracking Groups Said Denuvo Would End Game Piracy? Yeah, Didn't Happen
Re: value
Yeah, the normal game costs $60. The collectors edition costs $140. I'll grant you that I really want that sucker, but it's a hard buy at that price point.
Minkind Divided also has microtransactions. Heck, one of the key issues people have is the in game digital goodies are gone after being collected. Start a new game and you have to buy them over again, with real money.
On the post: Germany Interior Minister Pushing For Deployment Of Facial Recognition Software In Public Areas
Re: "For the Fatherla- I mean National Security!"
Keep in mind that legislators only complain when the other person is in charge. When they're on top they aren't concerned.
On the post: Australia's Census Fail Goes Into Overdrive -- A Complete And Utter Debacle
Forbes Warning
Would it be possible to mark all links to Forbes and other Ad-Blocker unfriendly websites with some sort of warning?
I appreciate that you can't always steer clear of those websites, but feel that we as a community should take pro-active measures to discourage annoying behavior.
Sincerely,
Arthur
On the post: Kickass Torrents Asks Justice Department To Drop Case
Re: Re: They can lose to win
Yeah, those don't exist in the US.
On the post: Chile's New Copyright Legislation Would Make Creative Commons Licensing Impossible For Audiovisual Works
Re: a blanket and rope tied to four corners does wonders.
On the post: Subtle: Iraq Flips The Internet Switch For 3 Hours To Combat Cheating Students And Corrupted Teachers
Re: A Common Sense Solid Solution.
Schools, movie theaters, prisons, etc... can always turn the rooms or buildings into a large Faraday cage, but in a shocking surprise teachers, guards, etc... like/need having cell phones or radios.
On the post: German Court Insults Free Speech, Bans Comedian From Mocking Turkish President
Re: But it is the LAW!
It is the primary duty of every US judge to determine if a law is in compliance with the constitution. This was deliberately set up as a check and balance to prevent a simple majority from becoming tyrannical.
From things like this it certainly looks like German judges don't have that ability.
On the post: Bad News: Two-Factor Authentication Pioneer YubiKey Drops Open Source PGP For Proprietary Version
Alternatives?
Can anyone recommend a good competitor? I'm in need of something like the nano as a PGP keystore for my laptop. It needs the standard features, wipe on too many bad attempts, and anti-tamper protection.
Youbikey would have worked, but they didn't make it easy. Well, now to do research...
Next >>