It may be baseless, but it's a necessary assumption. A MITM attack means that, effectively, you are transmitting data in the clear. It is good security practice to assume that all such data is being recorded and/or logged.
Then do work at work, and non-work at home.
If they do decrypt personal traffic, would they be responsible for any medical data they intercept, thus triggering HIPAA?
Note: this is a gross oversimplification, but accurate relative to this story and what you're asking
HIPAA has to do with patient data, not medical data. If you're not a patient of the company doing the deep inspection, then there's no issue, and there's still no issue if you signed an appropriate HIPAA waiver, even if you ARE a patient and the company in question IS a hospital. If you go to HealthVault or some other site with *your* health records in it, and they are decrypting it, that's not HIPAA in the sense you're talking about.
Hell, even if they were shuffling the SSL traffic to a cloud service hosted by a 3rd party to do the scanning, AND you were a patient, AND the 3rd party was decrypting the data, that is just fine as long as the right paperwork is in place between the two companies.
Remember when Apple was the company that came out with revolutionary new products and the rest of the industry followed them?
Apparently, now it's Google.
(Oh, and who would trust Steve Jobs' company to make their medical devices? Yes I am speaking both to his general approach to ethics, and the circumstances of his death.)
- Not the first smartphone
- Not the first touch phone
- Not the first MP3 player
- Not the first GUI
- Not the first All-In-One
- Not the first platform for media production
- Not the first selling media
Apple's strength was, under Jobs, an impeccable sense of timing to enter the market, and marketing. They were great at making people think they were innovating, and made hundreds of billions doing it. There's nothing wrong with that except that they fundamentally weren't innovating, and they're not so good at the timing or marketing sans Jobs.
Google, on the other hand, is a train wreck of a company in desperate need of Ritalin. They throw large sums of money at ideas, other companies, and markets and pretty much nothing sticks except the things that drive more ad revenue. Things wither and die on the vine, and eventually are shed when the next shift in upper-management power comes along.
The signature has never been intended to be a form of identification, which is why Visa and MC tell merchants not to require or ask for it for small purchases
Chip+PIN was never brought to the US for one simple reason -- it slows down transactions. That's why the major networks are all requiring *less* signatures, not more. They want it to be super fast to swipe your card and go.
Chip+Signature eliminates the vast majority of credit card fraud, without a change in people's behavior or experience. Skimming and cloning, or large scale theft like Target had are eliminated. There's very little real fraud that happens with people physically stealing a card.
The anti-counterfeiting technology implementation for currency was delayed, in part, by lobbying companies involved in vending.
Increased expenditures for new card readers and technology has been rebuffed universally because the retailers aren't typically the ones out of the cash when a fraudulent credit card is used.
The Target breach was a large enough embarrassment to light the fuel under the motivational bonfire.
Except the transition dates were laid out over a year ago. Has absolutely nothing to do with Target.
In practice, it is far more secure to use a written signature than a 4-digit password that is exposed to eavesdroppers, video cameras, interception devices and a plethora of other attacks. That's secure for the person, you understand: it prevents the bank from saying "you must have lost your pin".
Which is okay, as US cards are going Chip+Signature, not Chip+PIN.
It also looks very different if you sort them by name:
also, they just paid $3b for nest, wonder when they'll sell that off. seems like they're grasping at straws here.
If Nest owners could only be so lucky.
More likely they'll go a couple years, realize its not of any use, and shut it down.
Kelvin? (is that you, Frank Herbert?)
Does it matter, relative to the story?
Sometimes a rock is just a rock, could had ended there because winds, a chain reaction caused by the rover, even a small asteroid hitting the planet and spreading pebbles around is easier to happen than life forms moving it.
The one thing it couldn't be is wind -- air is far too thin. Dust moves, but even in massive wind, bigger rocks wont.
Running wires is easy, and there's virtually nothing to go wrong.
When you're dealing with HVAC, simple is king.
The hard part isn't building a smart thermostat. The hard part is finding somebody simultaneously dumb enough and rich enough to pay $3.2 billion for a thermostat company.
Actually, it is... and even Nest can't manage to do it right. There's quite a large number of issues with the second generation Nest units failing -- and failing "on".
A thermostat should never, under any circumstances, be able to fail "on". That's a fundamental flaw.
I'll tell you what. I'll buy you a ticket to fly down and explain to the fatherless 3 year old how this is a win for moviegoers. Do report back on how that goes.
The kid is 3. He's not a moviegoer. The GP said its a win for moviegoers, not for the guy's family.
As a moviegoer who has no relation in any form with the victim, by any calculus if it makes people who think its okay to act like dicks think twice about being dicks, then it is, in fact, a win for me.
This one is my favorite. Why any retailer is running Windows on a POS PC is beyond anyone that knows how computers work. It should be illegal.
GEtting PCI compliance certification is not cheap, and you need it if you want integrated payment. So far, not a lot of open source POS systems are lining up to pay for certification...
Once you've crossed the "root" security boundary, its just as easy to access the raw memory in Linux as it is in Windows.
And its not hard to elevate to those rights on either platform. Vulnerabilities exist on everything.