Comment Re:Such a surprise (Score 1) 71
Found the psychopath.
Found the psychopath.
Yes. But pretty goof projections and models became available around 1980. And then the traitors to humanity in the oil industry chose to suppress them and ridicule them, completely knowing what they were doing. It does not get much more evil than that.
Funny thing: There are no bans on slashdot. Unless you post something outright criminal, nothing is going to happen.
Well, yes. In part. The really bad effects are still a while away. But ordinary people cannot even plan one year ahead. How would they be able to do 50 years? And then the idiots are aggressive and loud about their incapability. Disgusting.
Goole is very much subject to the GDPR. Lying would get _very_ expensive.
It seems they all mess up. Time for real penalties large enough that make it worthwhile hiring actual experts and letting them do it right. Otherwise this crap will continue and it is getting unsustainable.
No, no one get security right, and they never will. Security is hard and even actual experts make mistakes.
The best you can do is to expect companies to make a good effort to avoid vulnerabilities and to run vulnerability reward programs to incentivize researchers to look for and report bugs, then promptly reward the researchers and fix the vulns.
And that's exactly what Google does, and what Google did. Google does hire lots of actual security experts and has lots of review processes intended to check that vulnerabilities are not created... but 100% success will never be achieved, which is why VRPs are crucial. If you read the details of this exploit, it's a fairly sophisticated attack against an obscure legacy API. Should the vulnerability have been proactively prevented? Sure. Is it reasonable that it escaped the engineers' notice? Absolutely. But the VRP program incentivized brutecat to find, verify and report the problem, and Google promptly fixed it, first by implementing preventive mitigations and then by shutting down the legacy API.
This is good, actually. Not that there was a problem, but problems are inevitable. It was good that a researcher was motivated to find and report the problem, and Google responded by fixing it and compensating him for his trouble.
As for your proposal of large penalties, that would be counterproductive. It would encourage companies to obfuscate, deny and attempt to shift blame, rather than being friendly and encouraging toward researchers and fixing problems fast.
Please stop being stupid and pushing lies. The scientifically sound warnings have been there since about 1980. They got fully ignored and they have turned out to be pretty accurate. Now, more spectacular warnings run the risk of being overstated (by their very nature), but that is not a way to tell they are baseless, like you seem to imply.
This is just another stage on the way to things getting really, really bad. Entirely predictable.
Indeed. Crappy systems with crappy system administration. It is time that businesses become liable.
Indeed. The usual crap the surveillance-fascists want. To the benefit of absolutely nobody except themselves.
Indeed. The problem is insecure systems. In any other engineering discipline that gets resolved with liability and minimal standards and, if needed, people going to prison. (No, that will _not_ kill FOSS. That is just a lie.) IT just has not had its really big catastrophes yet, or rather so far they were too abstract. But the way Microsoft (and others) are going, it is just a question of time.
And, yes, it's more difficult these days. I've been trying to find a reputable company (at a reasonable price) to just do a simple DDoS for me.
No, not for anything illegal. I just want to test some of my own infrastructure. It has gone through a DDoS attack a couple of times and has been just fine. But, those were short-lived (under an hour) and not very impressive as far as the numbers go. I'd like to find the breaking point so that I can work on that.
I think you are lying. A localized simulated DDoS is not hard to do and as good as the real thing. Any competent pen-testing outfit should be capable and willing.
You do realize you are promoting fascism, right? And that you are complicit as a result.
And at the same time, there are non-whites that proudly voted for this crap. Human stupidity is really unlimited.
Indeed. The whole story is essentially nonsense. If anything, they should call for better system security. But then they would have to criticize Microsoft for its abysmally shoddy practices and pathetic security. And that cannot be.
10 to the 6th power Bicycles = 2 megacycles