Good points. The first thing that I thought when I read the summary was that the only way there could be a 100% increase is if the number of previous vulnerabilities was very small. Finding two vulnerabilities in the same period of time in which one was previously found is a 100% increase. Just like finding 60 when the previous amount was 30 is also a 100% increase.
What are you talking about? USB 3.0 is significantly faster than USB 2.0. I work in a business where we have to transfer data on physical media due to the volumes involved. We ship hundreds of drives a month. Our clients refuse to accept anything other than USB 3.0 anymore because the previous generation is too slow.
I swear we saw an identical article a few months ago.
We do not want your advertisements. Nobody wants your old gear. I pay you guys to haul it away, not sell it back to me on Slashdot.
Of course they get measured. In the long term if they deliver too many screwed up projects, their superiors stop giving them projects.
Ultimately it is the developer's responsibility to push back against stupid managers and give them honest feedback about what can and cannot be done.
On a more serious note, a single developer mistake can potentially affect millions of end users (in the case of an application like Windows). Therefore it makes sense to focus on the developers. "With great power comes great responsibility" and all that.
The world hates putting up with buggy code.
Trust but verify.
Have no fear.
Now THIS is the level of paranoia that I like to see.
You you realize that you forgot to fnord that and they can totally see what you wrote, right?
The kind of environment where the attacker is a sysadmin with access to the box and the ability to do whatever they feel like with BIOS, including enabling USB boot.
The default security posture of most organizations these days is to assume that a trusted insider will exploit the system at some point. Therefore everyone is implementing damage mitigation techniques so that they can respond quickly and understand the scope of the inevitable breach when it does occur.
Everyone is watching everyone else. The security guys get access to the firewalls and the IDS, but cannot touch the servers. The server guys cannot touch the backups. The backup team cannot initiate a restore without two levels of change control approval. It is a serious PITA for everyone involved and a gross inefficiency.
The first time an auditor told me that they cannot trust me, my knee jerk reaction was to tell them to go fuck themselves. Eventually I realized that I am in a very risky position with access to a lot of sensitive information. The key is not that they do not trust me, it is that they CANNOT trust me. While I may be trustworthy, who is to say that someone else in my same position, with my same level of access, is also trustworthy? Just like I have to assume that any executable downloaded from the internet is potentially full of malicious code, the risk management folks have to assume that every sysadmin in the organization is potentially full of malicious intent.
Last I heard, Verizon was scaling back / had stopped expanding their FiOS network. Is that still the case?
While this is great news for current FiOS subscribers, it means fuck all to the rest of us who do not, and likely will not ever have, FiOS.
I read the article and while one might question why data is being stored that is almost a decade old, the data itself is not that big of a deal. Basically the airlines store all the information about how he bought the ticket and what his preferences were (seat assignments, meal choices, etc.) The call center agents kept notes on why he called.
All of the information is benign. They kept his credit card information in plain text which is lame, but I have yet to see a story about a CBP breach that led to a bunch of fraud. It could happen, and they should probably encrypt the data in the future, but it is not a massive, conspiracy re-enforcing revelation.
The only disconcerting thing is the length of the data retention. Once it is obvious that the plane did not go down and nobody flying was involved in any subsequent terrorist activities, the data should be purged.
...hold on, and shut up.
I am tired of solving virtualization challenges and figuring out how manage petabytes of data. I'm going to take the next couple of years off and setup a consulting company installing WAPs in schools. That is obviously where the money is at....