My favourite extensions are the ad blockers owned by advertising companies.
I mean at this point, you literally can't trust anything to not be spying on you. Not even just your computer, but your phone, your home automation, your thermastat, your car.. the list just goes on and on.
It's ridiculous that things have gotten to this state.
Yet another argument showing why it is better to favour software with visible source code.
No, it isn't.
You'd think the serious vulnerabilities that have come up in recent years in open source projects would put the final nail in the coffin for the many eyes theory.
It doesn't work because no one is actually looking and very few people have the expertise to understand what they are looking at in the first place.
The only advantage of open source is that if you are one of these rare unicorns with the technical ability, you can fix it yourself. Or continue/fork projects yourself.
We can't even drive on the ground with lines and markers everywhere.
I can't even imagine how terrible letting people fly their cars would be.
Did they have an audit or did they just pay $$ for a PCI compliance sticker?
Virtually every audit I've been a part of in over 20+ years in IT has been a sham. I've worked in hospitals, movie studios, etc. They're all bullshit.
I agree with this.. it is all about checking off boxes with very little understanding of the big picture or implications.
I mean, I think audits are better than no oversight at all but not by much.
Most of the time IT is in a gatekeeper position because they're held responsible for systems that malfunction due to overconsumption of their limited resources, yet at the same time requests for more resources go unheeded.
I've literally been in the meeting where I've been chided for poor performance due to oversubscription and also told no, we can't spend more money on it, either. What are you supposed to do besides ration resources when demand exceeds supply?
This.. exactly this.. remember kids, if you like technology and want to be involved with it as a career, stick in the areas where you "make" something. (Developer, hardware, something)
IT operations is a horrible, horrible, place to end up. In 99% of companies you're stuck in the exact situation described above, shit on from both sides, and you're managed by bean counters who haven't got a clue.
But I gotta say, he's not wrong.
Microsoft is as committed to Windows as they were in the past. The company is not as reliant on that lockin any longer since the future for the company is Azure and online services like Office 365.
Outside Windows Server for specific tasks and in-house applications/data centers, I don't think they are as fiercely protective of the OS.
I've often said they should just consolidate the Windows desktop to one version and give it away free (they practically did for Windows 10 free upgrades already).
Exactly right. I'm afraid that the takeaway will be either "Equifax was negligent in applying security patches to its servers" or "They hired a music major as CSO; they need to hire someone with relevant experience." The fact is that their business model is not built around security as Job #1; board members, who the C-level executives answer to, don't care.
Security isn't a business model. There is always a trade off and a risk assessment needed to determine what level of security is appropriate for a business. Obviously in this case I agree they *should* have top notch security, but unless organizations are forced to they will choose keeping their bonus $ over spending money for things that "might" happen every day.
Human beings are horrible at assessing risk. Especially managers who are up away from the fray and who don't understand tech in the first place.
Thing is, this is what 'next quarter' corporate culture rewards - accountants and lawyers cooking books and lobbying for government handouts.
Exactly. These breaches are going to happen again and again to organizations until regulation steps in or, by some miracle, the technology professions start being given respect in organizations (very doubtful outside of tech companies).
At the moment CTO/CSO/CIO are the backwater and low power positions of senior management at non-tech companies.
Get diversely fucked.
What makes you think this was a diversity hire?
It is very common for top managers in tech to be relatively clueless about what they are managing.. just like top-level management everywhere.
That said, I haven't seen any information about her qualifications or lack thereof.
Ask any programmer: "When was the last time you had a sprint to look at security? When was the last time your manager gave you extra time on a task to make sure it was secure?" The answer is always "never."
This person gets it.
On the same note, ask any IT infrastructure person how difficult it is to get spending and policies in place to maintain best practices in most organizations.
Very much so. Mistakes can happen, but ignoring a relevant CVE for months will not happen with halfway competent security people. The problem, however, is that no competent security people were hired and the CEO should lose his job immediately and be prosecuted for criminal negligence for that.
What if they had competent security people but insufficient budget / authority to override operations for a security concern?
I mean we all know there is no such thing as 100% safe in information security but this is not even trying..
Because sneaky upgrades were seriously annoying.
an original thought.
They don't have all the pieces of the puzzle to compete with Apple/Google & Microsoft. Even Amazon has more pieces.
What good is a ticket to the good life, if you can't find the entrance?
