Exactly.

Half the reason for user based security is to protect users from each other. That is the reason we have accounts in the first place.

So attacks from your own user base should always be on the radar.

The same applies across Europe, the regulations are grounded in EU and very similar across countries.

The outrage in the article is synthetic. I call to make something illegal that is already illegal. (Electric motorcycles that have no type approval, no insurance, and no business in public.)

> I see e-bikes from across the pond that absolutely I think should be outright fucking banned. Able to drive 40+km/h, able to do so without pedal assist (not an e-bike despite being sold as one, actually a moped), excessively heavy, shit breaks, and lights that are worse than a car with high-beams. This shit should be regulated, and I say that as an e-bike owner.

These illegal electric motorcycles are common, but illegal on the road.

There is no regulation necessary, because motor vehicle are illegal on the road unless regulated.

The article is shit.

It confuses pedelecs, which are tightly regulated and limited to 15mph, with illegal electric motorcycles.

While pedelecs have some risk for injury, it is really not much different from a bicycle.

Illegal electric motorcycles, on the other hand, are more dangerous than motorcycles. Which should not be surprising.

Obviously, banning pedelecs is not going to solve the problem of illegal electric motorcycles.

> Car manufacturers are terrible at IT.

Absolutely,

Recently, the EU has increased regulation, and they now require a basic IT security concept for every vehicle sold. Not a certification, not a specific approach, just a basic definition.

And did the manufacturers do? Withdraw a whole bunch of models from sale. Because they did not even have a basic IT security concept, and they did not think they could create one.

So yes, IT security in automotive is certainly an issue.

> He's claiming that they acted unwisely in making their core business dependent on one particular (any particular) supplier.

Yes, but which company doesn't? Is there any big company that does not rely on Microsoft products at least to some degree? Nividua GPGPU? Apple products?

Sure, they should have started looking into alternatives when Broadcom bought VMWare, because the writing is on the wall. But on the other hand, they do have a contract that was promised to go up to 2030, and Broadcom is just not caring.

As somebody said, basically all big companies do illegal stuff, or they would not be this big. (And that includes Tesco...)

And, if the US is not allowed, to the five eyes. So the UK snoops on US citizens, and then forwards the data to Trump...

Hypocrisy does not quite cover what they are doing.

> that says something to the effect of "You'll be getting a mail over the next few days from SurveyPartner. The e-mail originates from @domain.com and it has a link to https://surveybox.something/ou... [surveybox.something] something".

Inevitably followed by "please check your spam filter".

How about tell IT to get the spam filter properly set up? Whitelists exist for a reason, and they are much less work than 3000 employees checking the spam folder.

No, I will stick with "incompetence is rife on all levels, and it would be wrong to blame the grunts".

> So, I called them and sure enough it turns out the bank actually did call me in an act which was almost indistinguishable from a phishing attempt.

This is the real problem. We fail to authentical important messages, and that is the root of the opportunity for fishing.

> Many people are willing to trust easily, with no verification.

Because they know their bosses are vindicative assholes. "Hey boss, you really shouldn't issue financial instructions over an insecure channel..." - yeah, that will go down well.

Phishing emails work because bosses would do stupid stuff like that, and would punish people for erring on the side of safety.

So yes, stupid is the problem, but it is not necessarily the underlings.

Massive problem. IT should really list all the companies they partner with.

I have so many question about this.

Our gateway filters are standard Microsoft, and they are absolutely terrible. We have two junk mail filters, one in the gateway, one in outlook, and neither seem to catch any significant amount of junk (both are pathetic compared to Gmail, for example)|.

Why are internal emails filtered out? I have never understood this. Internal emails should be secure. If you have an internal account sending phishing emails, you are already breached, and you have bigger problems than to filter out emails.

Finally, what is the issue with links? Links should be safe to click. If links are not safe, you have a security problem already. It is what you do next that is the problem.

This statement is disingenuous. Windows 10 was supposed to be the "last Windows version", with continuous updates. And the last major updates is Windows 10 22H2, which is not even 3 years old. End of Life was only announced 2 years ago, and 23H2 was cancelled. (Of course, Windows 11 was released 4 years ago, so the writing was on the wall, but the official statement was no end of support until 2 years ago.)

2 years is not a realistic timeframe to retire the most used OS on the planet.

This. Windows 11 is the version you want to skip. At least people will try.

While that is true, Microsoft had promised that Windows 10 would the the last version they ever release.

And there is also the fact that Windows 11 was only released 4 years ago, and it is a bit shit. As they said, every second Windows version is one you want to skip.

So there are still lots of devices out there that run Windows 10, and people have no intention of upgrading until Microsoft does better than Windows 11.