Linus, The Pattern-Breaking Pattern →
via the remarkable Futility Closet, comes this cartoon discussing patterns (and by inference anti-patterns), and pattern-breaking patterns. Astonishing.
with homage to Charles Monroe Schulz
XKCD, Existential Bug Reports →
Similar to (but not the same as...) the moth in Hopper's printed code; via the eponymous Randall Munroe, operating at XKCD.
ISOC and OTA, The Initiative →
The Internet Society and the Online Trust Alliance have announced their intent to operate as a single entity, with the OTA transformed as a key initiative of the Society...
"The two organizations have a mutual history of working with their members to promote initiatives that enhance online security. Under the agreement, OTA will operate within the Internet Society, and members will automatically become Internet Society members. Together they will build and expand multiple initiatives including OTA’s annual Online Trust Audit and Cyber Incident Response Guide, and Internet of Things (IoT) Trust Framework." - via the ISOC OTA Announcement
Splunked, The Leak →
via the eponymous Richard Chirgwin, whilst writing at El Reg, comes this unfortunate tale of security flaws within Splunk Enterprise (now, happily patched). First discovered by John Page (aka hyp3rlinx), and published via an advisory at Full Discosure. Here's hyp3rlinxs' source.
For the Record: We have always been pleased with Splunk products, and, most importantly, they are fast and focused when fixing issues.
The takeway? Make an effort to be extraordinarily cognizant of the threats posed by log and machine generated data aggregation in the enterprise. That is all.
Carrier Wave Hack →
This reported exploit lands solidly embedded in the hard-to-locate-but-you'll-know-it-when-you-see-it genre of the Surreal Attack Vectors, while Dan Goodins' writing of the exploit is this week's inimitable MustRead... The key aspect of this exploit is to note that notwithstanding all is information, in this case, that information utilizes carrier waves to deliver it's payload, so-called air gaps no longer exist as a safety buffer.
US Congress Sells Out
Ladies and Gentlemen, Girls and Boys: Behold the list of both United States Senators and United States House of Representatives that voted to sell out your personal information while online (i.e., your precious online privacy) for monetary gain.
Each surname noted below, possesses a link to that Senator or Representative's contact page, to make it super-easy to let them know what you think. Oh, and for you parents/grandparents, gaurdians this includes all data requests coming from your home, i.e., your children's' data will also be swept up in this nightmare maelstrom example of the surveillance state. Enjoy
Senate of the UNITED STATES of AMERICA
YEA -- 50
U.S. Senate Roll Call Votes 115th Congress - 1st Session
Question: On the Joint Resolution (S.J. Res. 34 )
Alexander (R-TN)
Barrasso (R-WY)
Blunt (R-MO)
Boozman (R-AR)
Burr (R-NC)
Capito (R-WV)
Cassidy (R-LA)
Cochran (R-MS)
Collins (R-ME)
Corker (R-TN)
Cornyn (R-TX)
Cotton (R-AR)
Crapo (R-ID)
Cruz (R-TX)
Daines (R-MT)
Enzi (R-WY)
Ernst (R-IA)
Fischer (R-NE)
Flake (R-AZ)
Gardner (R-CO)
Graham (R-SC)
Grassley (R-IA)
Hatch (R-UT)
Heller (R-NV)
Hoeven (R-ND)
Inhofe (R-OK)
Johnson (R-WI)
Kennedy (R-LA)
Lankford (R-OK)
Lee (R-UT)
McCain (R-AZ)
McConnell (R-KY)
Moran (R-KS)
Murkowski (R-AK)
Perdue (R-GA)
Portman (R-OH)
Risch (R-ID)
Roberts (R-KS)
Rounds (R-SD)
Rubio (R-FL)
Sasse (R-NE)
Scott (R-SC)
Shelby (R-AL)
Strange (R-AL)
Sullivan (R-AK)
Thune (R-SD)
Tillis (R-NC)
Toomey (R-PA)
Wicker (R-MS)
Young (R-IN)
HOUSE OF REPRESENTATIVES of the UNITED STATES OF AMERICA
YEA -- 215
Abraham (R-LA)
Aderholt (R-AL)
Allen (R-GA)
Amodei (R-NV)
Arrington (R-TX)
Babin (R-TX)
Bacon (R-NE)
Banks (R-IN)
Barletta (R-PA)
Barr (R-KY)
Barton (R-TX)
Bergman (R-MI)
Biggs (R-AZ)
Bilirakis (R-FL)
Bishop (R-MI)
Bishop (R-UT)
Black (R-TN)
Blackburn (R-KY)
Blum (R-IA)
Bost (R-IL)
Brady (R-TX)
Brat (R-VA)
Bridenstine (R-OK)
Brooks (R-IN)
Buchanan (R-FL)
Buck (R-CO)
Bucshon (R-IN)
Budd (R-NC)
Burgess (R-TX)
Byrne (R-AL)
Calvert (R-CA)
Carter (R-GA)
Carter (R-TX)
Chabot (R-OH)
Chaffetz (R-UT)
Cheney (R-WY)
Cole (R-OK)
Collins (R-GA)
Collins (R-NY)
Comer (R-KY)
Comstock (R-VA)
Conaway (R-TX)
Cook (R-CA)
Costello (R-PA)
Cramer (R-ND)
Crawford (R-AR)
Culberson (R-TX)
Curbelo (R-FL)
Davis (R-IL)
Denham (R-CA)
Dent (R-PA)
DeSantis (R-FL)
DesJarlais (R-TN)
Diaz-Balart (R-FL)
Donovan (R-NY)
Duncan (R-SC)
Dunn (R-FL)
Emmer (R-MN)
Farenthold (R-TX)
Ferguson (R-GA)
Fitzpatrick (R-PA)
Fleischmann (R-TN)
Flores (R-TX)
Fortenberry (R-NE)
Foxx (R-NC)
Franks (R-AZ)
Frelinghuysen (R-NJ)
Gaetz (R-FL)
Gallagher (R-WI)
Garrett (R-VA)
Gibbs (R-OH)
Gohmert (R-TX)
Goodlatte (R-VA)
Gosar (R-AZ)
Gowdy (R-SC)
Granger (R-TX)
Graves (R-GA)
Graves (R-LA)
Graves (R-MO)
Griffith (R-VA)
Grothman (R-WI)
Guthrie (R-KY)
Harper (R-MS)
Harris (R-MD)
Hartzler (R-MO)
Hensarling (R-TX)
Hice (R-GA)
Higgins (R-LA)
Holding (R-NC)
Hollingsworth (R-IN)
Hudson (R-NC)
Huizenga (R-MI)
Hultgren (R-IL)
Hunter (R-CA)
Hurd (R-TX)
Issa (R-CA)
Jenkins (R-KS)
Jenkins (R-WV)
Johnson (R-LA)
Johnson (R-OH)
Johnson (R-TX)
Jordan (R-OH)
Joyce (R-OH)
Katko (R-NY)
Kelly (R-MS)
Kelly (R-PA)
King (R-IA)
King (R-NY)
Kinzinger (R-IL)
Knight (R-CA)
Kustoff (R-TN)
Labrador (R-ID)
LaHood (R-IL)
LaMalfa (R-CA)
Lamborn (R-CO)
Lance (R-NJ)
Latta (R-OH)
Lewis (R-MN)
LoBiondo (R-NJ)
Long (R-MO)
Loudermilk (R-GA)
Love (R-UT)
Lucas (R-OK)
Luetkemeyer (R-MO)
MacArthur (R-NJ)
Marchant (R-TX)
Marshall (R-KA)
Massie (R-KY)
Mast (R-FL)
McCarthy (R-CA)
McCaul (R-TX)
McHenry (R-NC)
McKinley (R-WV)
McMorris Rodgers (R-WA)
McSally (R-AZ)
Meadows (R-NC)
Meehan (R-PA)
Messer (R-IN)
Mitchell (R-MI)
Moolenaar (R-MI)
Mooney (R-WV)
Mullin (R-OK)
Murphy (R-PA)
Newhouse (R-WA)
Noem (R-SD)
Nunes (R-CA)
Olson (R-TX)
Palazzo (R-MS)
Palmer (R-AL)
Paulsen (R-MN)
Pearce (R-NM)
Perry (R-PA)
Poe (R-TX)
Poliquin (R-ME)
Posey (R-FL)
Ratcliffe (R-TX)
Reed (R-NY)
Renacci (R-OH)
Rice (R-SC)
Roby (R-AL)
Roe (R-TN)
Rogers (R-AL)
Rogers (R-KY)
Rohrabacher (R-CA)
Rokita (R-IN)
Rooney (R-FL)
Roskam (R-IL)
Ross (R-FL)
Rothfus (R-PA)
Rouzer (R-NC)
Royce (R-CA)
Russell (R-OK)
Rutherford (R-FL)
Scalise (R-LA)
Schweikert (R-AZ)
Scott (R-GA)
Sensenbrenner (R-WI)
Sessions (R-TX)
Shimkus (R-IL)
Shuster (PA-IL)
Smith (R-MO)
Smith (R-NE)
Smith (R-NJ)
Smith (R-TX)
Smucker (R-PA)
Stewart (R-UT)
Stivers (R-OH)
Taylor (R-VA)
Tenney (R-NY)
Thompson (R-PA)
Thornberry (R-TX)
Tiberi (R-OH)
Tipton (R-CO)
Trott (R-MI)
Turner (R-OH)
Upton (R-MI)
Valadao (R-CA)
Wagner (R-MO)
Walberg (R-MI)
Walden (R-OR)
Walker (R-NC)
Walorski (R-IN)
Walters (R-CA)
Weber (R-TX)
Webster (R-FL)
Wenstrup (R-OH)
Westerman (R-AR)
Williams (R-TX)
Wilson (R-SC)
Wittman (R-VA)
Womack (R-AR)
Woodall (R-GA)
Yoho (R-FL)
Young (R-AK)
Young (R-IA)
Gang of Fifty →
Tip of the Hat to Trey Blalock of Firewall Consultants, and via Bruce Sterling's Tumblr. Thanks Bruce.
That Ole Pesky PII - Microsoft Drops Docs.com Search →
Incroyable, mais vrai. Microsoft Corporation (NasdaqGS: MSFT) owned server platform's at Docs.com's search functionality exposes Personal Identifiable Information of hundreds - perhaps, thousands - of users... Does Microsoft Corporation believe that dropping search functionality will relieve the Corporation of risk?
Why weren't prudent safegaurds put in place to protect the Corporation's users (and the Corporation as well)? At the very least, a check for PII to assist in mitigating the exposure (risk-wise) to the Corporation? Do they check for malware or evil embedded macros in these documents? Who forgot to check for PII? Was the Corporation's well-seasoned Legal Department part of the sign off process to this debacle?
Perhaps the Corporation might want to take a gander at Identity and Access Management to help secure the product. Oracle's (NYSE: ORCL) got a great product...Just sayin'.