There's a lot of misinformation here.

Chip cards aren't meant to prevent card breaches. For card-present transactions (in person at the store), the exact same encryption and cardholder data protection requirements are in place from the reader to the bank whether its EMV or old mag-stripe. For card-not-present transactions (online and e-commerce) EMV makes no difference at all.

Chip cards do one thing. They make it harder to make a fraudulent physical card. With mag-stripe it is trivial to take another credit card or even a subway gift card and recode its mag-stripe to use a stolen card number, so I can walk into a merchant and use that card.

The author appears to be confusing EMV standards with the PCI P2PE (point to point encryption) standard, which is meant to prevent breaches by doing many of the things the author describes.

It is not that hard to build a login process, a registration process and a password reset process that don't disclosed if a guessed username is a correct username. And these controls do add significant value.

Username enumeration is one of the first things I consistently look for when penetration testing a web-facing application.
Why?

Because if I can start enumerating valid users I can start building a bit list of usernames.
Once I have a list of usernames I can start password spraying.

What's password spraying? I try one password guess per day against each user account that I identified.
Is it a company that rotates passwords every 90 days? OK then "Winter2017", "November2017", etc.
Is it a retailer based in Wisconsin? OK then "Packers1", etc.
This approach is probably about 80% effective at guessing at least one user's password if I can enumerate at least a few hundred usernames.

Some of the articles seem to indicate employees are stumbling across illegal images as part of their repair process. But they are retrieving images from slack space, which afaik is not something a best buy type repair tech would do as part of a repair. So the techs are at a minimum using forensic tools to recover data. Also where are they billing the time for these non repair activities?...forensic scans are time consuming.

I'm also very curious to know if the techs were then manually reviewing the recovered images, again time consuming, or if the FBI further assisted by providing the tech access to LE tools such as the databases of hashes of known CP to make their searching faster.

As a victim of CP myself I have no love for creeps who access or share it, but for the FBI to argue that best buy employees weren't being led to perform searches on their behalf sounds rediculous.

It looks like the vulnerability is in a PwC product called ACE, which analyzes SAP security settings.
The flagship product of the security firm that produced the disclosure appears to be "ESNC Security Suite", which from what I could tell appears to be a competing product.

While I definitely support security research and responsible disclosure, it makes me a little uncomfortable that it appears this security firm could have chosen to target and test the PwC software because it is a competitor to software they produce.

This seems like a cool idea, but are we really going to get the world to start using an algorithm for determining location that appears to be proprietary and closed-source? I was looking to find specifically how it works and as far as I can tell you can only implement this by downloading apps or APIs from what3words, and their closed code will do all the work mapping locations to words and vice-versa.

Why would anyone build any type of important solution or process on top of this and have their hands tied to this one vendor to use it going forward. Its not like you could upgrade or convert to a different process later if your plan was to get people to use this new method for specifying their location.

After some hunting around, I figured out how to unbrick a bricked FTDI device (set the PID back to 6001) using the ft232 tool on Linux.

I wrote up the steps here for those that are interested:
  http://www.minipwner.com/index...

The MiniPwner is a similar device built on a TP Link TL-Wr703N router, so you can build one for under $40. http://www.minipwner.com/

Also Hak5 has had their Wifi Pineapple available for a few years that is similar, however their MarkIV version which should come out really soon I think will trump both the Pwnie Express and the MiniPwner. http://hakshop.myshopify.com/products/wifi-pineapple

I recently started a similar project based on the $23 TPLink TL-WR703N travel router. Without any need for soldering or other "hardware hacking" you can build a battery-operated network drop box running OpenWrt linux.
http://www.minipwner.com/

There is a serial interface on the circuit board for the WR703N but you have to crack the box and do some soldering to connect to it. I've been toying with the idea to do just that to interface it with an arduino/parallax processor or sensors or whatever. I'm also playing with connecting a USB sound card and adding a microphone to record audio in the local range of the box.

Probably not the case, but I could see as an interviewer asking this question not to see the interviewee's answer, but to see the interviewee's response to a conflict situation. Its actually a great and creative way to see how they'd react (do they get frustrated/angry, do they take a constructive approach to resolving the conflict, do they just accept it and not push back at all?) Great insight to get about someone during an interview.

And How! The reason lunch is mandated is generally so the individual gets a break. For an extroverted person, a break means visiting with others. For an introverted person (introverted in the sense that she gets her energy from being along, and finds being with others draining, not that she is "shy") a break means being left alone to recharge. Pretty insulting for an extrovert to steal away all the introvert's time to recharge because he doesn't understand that the introverts are different than he is. Also pretty sad for his team that he's probably driving off all the introverts and losing the diversity in his team.

Instead of a one-time trip (like they do on the ghost hunter shows), if this is a family home that you could have 24x7 access to I would suggest setting up a DVR surveillance system like ZoneMinder. Find out where people see the most "Ghost" activity, and place various cameras to cover those areas. Then you ask the family members who live there to write down when and where they experience weird activities. Sure, if they saw an apparition the only thing you'll be able to show them is there was no apparition on film. But if they say that things are moved, doors open, etc. You'll have video evidence showing the real cause of the suspicious activity.

Having supported friends and family's home and small business computers for years, I'll go on record saying "in the cloud" is better than storing it locally for most of them.
- I'm pretty confident Google is doing a better job securing their data in the cloud than many home users and small businesses do securing their local PC's from trojans and other malware.
- I'm pretty sure Google is doing more frequent and reliable backups than many home users and small businesses.

Now I would never condone a business putting customer or sensitive company data on Google's cloud without a business contract with Google, and I would have friends and family avoid storing their taxes or other critical personal info in the cloud or on their personal computer, but for documents, pictures, etc. the cloud is probably a much better place for most home users.