... the cost of breaking corporate software with an update (they just took out our scheduling program for 4 days) is very measurable and affects everyone in the company, ...

Where are your test systems and test cases?

If you want to win these fights, you have to present defensible numbers in units that the PHB's understand: Dollars or Euro.

And the core problem with estimating losses is that you are now trying to play in the realm of the PHB. You will always lose. That is because while you are spending time on productive work they are spending time on personal relationships and politics.

Any time they do not follow your advice and a disaster does NOT strike ... well it is obvious that they were right and you were wrong. So they SAVED/EARNED the company money by being more "productive". Those IT people are all "the sky is falling". Ha ha.

Right up until the systems are cracked and then they're going to blame you any way because it was your job.

NOT training users not to download suspicious executables or engage in fantastic feats of memory regarding passwords.

Don't depend upon a user's memory. Tell them that it is GOOD to write down their passwords AS LONG AS THEY STORE THEM WITH THEIR CREDIT CARDS.

The solution, which security people hate to hear, is to get better at installing and maintaining multiple levels of firewall, application sandboxing and/or streaming applications for all office applications, improving intrusion detection and dynamic virus removal in real time.

The REAL problem with security is that the VENDORS do not place a priority on it.

It isn't that we hate to hear that.

We're already DOING that. But it doesn't help much when a CxO installs some infected software on his laptop (which he can because he is so important that he NEEDS admin-level access) and then brings it into the most firewalled section of the network.

Right now I'm focusing on knowing when a site is compromised rather than trying to get EVERYONE to follow the best practices EVERY TIME on EVERY SYSTEM.

you sure about that?

I mean, the point of the entire bug(more like a feature tbh) is that it gets around conventional checks for multiple failures(which is why you wouldn't be able to do this much of bruteforcing on normal connection because you would be banned).

the original blog post is unclear about that.

... following Kim Kardashian.

Actually, there is a problem. Which is why the schools with less money do worse on standardized tests than schools with more money.

And the problem is that the tests are written to a specific curriculum that is clearly identified in the text books associated with those tests.

So even if a student knows MORE about a subject than is taught in a specific text book, that student can still FAIL the standardized test because s/he does not provide the answer identified in the text book.

Such as ... what are the 3 main reasons for X.

In math it is more about how the word problems are written. If the student is familiar with the way the problems are phrased it is easier for him/her to get a higher score.

So how is Hacking Team different than a company that sells grenades to Syria? Are all companies that make grenades unethical, because there is no non-violent application for hand grenades? What if they're used for defense purposes?

What about a dual-use item, such as selling cattle prods? Are all companies that make cattle prods unethical? If cattle prods are used for an off-label application (torture of humans), is it ethical to sell them to someone you suspect might be using them for torture, even if they don't explicitly say "we want to buy 10 cattle prods for our Glorious Leader's Torture Squad"?

Conversely, Hacking Team might be selling the 0days to legitimate law enforcement agencies, who may be using them to prevent kidnappings and murders. Is that ethical or unethical? Can you absolutely tell based on the customer's return address being London vs. Pyongyang?

Hacking Team is the company that sells 0-day exploits to repressive governments so they can spy upon their citizens. Regimes like Syria, North Korea, etc. Presumably, they've used the Hacking Team exploits to spy on political or religious dissidents and arrest/silence them.

They are NOT the hackers that broke into the cheating site.

As I pointed out in that same paragraph, Android has actual user interface controls, including a labeled home button, a menu button, and a back button. I can at least clumsily navigate with them, even if I don't know their magic gestures. Does that solve your dilemma of it being impossible to implement a useful UI on a phone sized device?

Anyway, thank you for frothing up into a true iFanboi rage at my comment. No criticism of Apple is complete without receiving the expected how-dare-you-diss-my-iPhone response. Especially welcome were the swearing and the ad hominem attacks. Classy.

In Common Law jurisdictions we have another principle that goes back for 800+ years: mens rea. Meaning that you have to have a guilty mind (i.e., intent) to have broken the law. Unfortunately this principle is being steadily eroded in favor of "strict liability" laws that require no intent, thus criminalizing more behavior and further expanding the power of the State.

So visitors to his website:
* Must have been sequenced by 23andMe
* And be so interested in his website that they are willing to give him access to their genetic data
* And meet whatever genetic filter he has imposed.

At this point, what he is running is less of a 'website', more of a 'diary', as it will have only one reader.

he was complaining because without notice the behavior changed and he started missing valid emails from addresses previously he was responding to, partially without rhyme or reason, since he started missing in-between emails and sometimes would get a later email but see that there was mail in the 'thread' that he had missed due to the spam filter.

the point is, gmail changed the spam filter without notice (like starting to mark mail "this would go to spam next week") or whatever.

"Out of curiosity, what secure locations can you use your smartphone?"

the oval room.

just think of the possibilities for the next clinton.

also, just about any military base USA has, any donetsk rebel base... of course, you might want to opt to say that any location that allows anyone to have smartphones isn't secure. but that's just the way it is, people have them now and if you can't trust them to not be snapping pictures with 'em phones you can't trust them to not photocopy the shit out of the stuff either.

to be fair, the "10 miles away" is arbitrary.

"anyone who knows the carâ(TM)s IP address gain access from anywhere in the country. âoeFrom an attackerâ(TM)s perspective, itâ(TM)s a super nice vulnerability,â Miller says."

though, I have to ask, why the car has a public facing IP in the first place? sounds like waste of ip. I assume it's provided cellular provider, which would make most of them sit behind.

still pretty shitty design though.

da fuq? I remember being forced to use gcc 2.9x to do symbian development 10+ years ago.

good luck you need it.

You mean fire shots into the air which they can't be certain where they will land...

https://en.wikipedia.org/wiki/...