Its reasonable to trust a security company to manage security since they theoretically know more about it than you and can therefore do a better job. What is unreasonable is to trust someone with security with no kind of insurance against them screwing up - while a company can massively screw up and then simply say "sorry" and declare bankruptcey, leaving you out of pocket, they aren't really to be trusted.

I'm also not a big believer in accreditations - over the years I've had to deal with a lot of people who were supposidly qualified to do their job, but in the end I have frequently ended up picking up the pieces after it becomes clear that they don't know the first thing about what they're doing.

Or it shows that the applicant is the sort who will blindly accept a friend request from people they don't know. If you've got over 1000 "friends" on facebook, you aren't an extrovert, you're a security risk...

A non-HTTPS login page could be modified to submit the data to a different server instead of the bank's - by the time you realise, its too late. Or some JS could be embedded in the page to send the data to a third party *as well* as the bank, and you'd never spot that unless you had firebug open. The latter attack can also be carried out by embedding HTTP objects in an HTTPS page, which isn't especially visible to the end user.

Meanwhile I was reasonably impressed by HSBC, who fixed their website in about a day when I told them they were including HTTP objects in the HTTPS login page. That said, they still include some objects from third party servers, over HTTPS (notably, Google advertising). IMHO the browser should warn you if thre are any objects on an HTTPS page that aren't covered by the certificate displayed in the address bar.

I believe he was already in the (repressurising) airlock by that point, so whilst taking the helmet off would have been bad, it's not quite the same as doing it in space.

On the other hand, the helmets do have a depressurisation valve which can be opened while in space (Chris Hadfield had to use it to remove contamination from inside his suit while on EVA). ISTR that NASA had considered using that, but had concluded that the surface tension would prevent the water from migrating towards the valve so it wouldn't have worked.

Times have changed - when I did my computer science degree, most of the students were at the geeky end of the spectrum and were there because that's what they were really into. Compare to the present-day cross section of computer science students: most of them are there because computers are seen as a good career. The extra-curricular interest is giving way to people who just want a job.

Empathy on both my workstations has suddenly refused to log into facebook with auth failures over the past few weeks (no, I haven't changed my password). I must get around to looking into it, but it would imply that facebook have changed _something_ WRT XMPP...

Doesn't need to do that: crack the wifi key and you now have access to the whole network. From there you can install on *any* insecure device on the network - be it the AP itself, a Windows workstation, a NAS, smart TV, printer, whatever. If the device in question has its own wireless NIC (which is frequently the case if you've infected something like a laptop or smartphone) then you can find another wifi network, crack that, install on any device you find therein, rinse and repeat. Especially good for devices like laptops and phones which physically move around so can probably infect geographically separated networks (think: home user bringing their infected phone into work - the phone doesn't need to already be authorised to log into the office wifi network for it to sit there all day, every day, cracking the damned thing!).

Atrium works for me.

I'm left wondering, network effects being what they are, why people are using Whatsapp instead of Facebook Messenger (given that they're probably already subscribed to Facebook anyway).

Largely BS in my opinion - the article is based on the assumption that large scale energy production will cease almost entirely (no electricity, no fuel to transport goods, no gas to cook with, etc). This seems pretty unlikely to me - it's entirely possible that energy will become more expensive, but not world-endingly so - we already know we can produce energy from nuclear reactions for a reasonably low price - not "too cheap to meter", but still not insanely expensive. So since we've got a reasonable supply of energy from nuclear power, the problem becomes storing that energy to replace the oil infrastructure; and we know we can do that - you can use electricity to crack water into hydrogen, produce methane and heavier organics from that. It's not that efficient, but it's certainly doable, and it *will* be done if there is no more oil left.

What is more of a concern is an "energy gap" - a period of time between oil becoming scarce and replacement technologies being built. New power stations take many years to commission, for example. This is far more likely than a long term problem.

No, I treat that as my problem - I have no expectation of someone not treating my network as a public hotspot if I provided no way for them to know it wasn't.

If the person who owns the network isn't very technically literate then it's equivalent to damage - they suddenly won't be able to connect to their own network and will have to hire someone to undo the damage and make it work again. You are making the assumption that everyone knows how to diagnose and fix the problem you're creating which is fundamentally untrue - a significant proportion of the population don't know how to do this and will have to pay someone to do it for them.

Someone who uses weak security on their network either has a legitimate reason for doing so, or doesn't understand the problem. Either way, they are not an asshole - the only asshole in this situation is the person who broke into the network and damaged it in the full knowledge that they were committing a crime.

I work with the education sector and we're increasingly seeing schools moving to cloud services, such as Exchange Online, and even Dropbox and iCloud. No consideration seems to be being made regarding data protection laws, which are almost certainly being broken by using these services (IMHO there's no realistic way to ensure that personal data isn't placed on these services). Also, there seems to be no consideration for the increased load such services place on the internet uplink - suddenly stuff like email (frequently with potentially large attachments) is being shoved over the uplink rather than only over the LAN.

Doesn't that constitute a legitimate reason?

There is a significant distinction between no encryption and weak encryption: There is absolutely no way for someone to know whether or not an open AP is a public or private network (in fact, many devices will automatically connect to an open AP on the assumption it's a public hotspot, completely removing the user from the equation). Conversely, in order to use a weakly encrypted network, you must make a concious decision to do something that you know is criminal.

Breaking into a network and changing the SSID to let the owner know it can be broken into is akin to chucking a brick through someone's window with a note attached telling them that it's possible to break in through their window, or climbing over their garden fence and spraypainting a note on the side of their house warning them that it's possible to climb over the fence - it's not a "good samaritan" geasture, it's wanton criminal damage.

Sorry, I forgot to add "here in the UK" to my previous post. I'm unconvinced that (here) the information commissioner's office even cares, so I'm not expecting any kind of enforcement action soon.