very true. And when the unintended third party sees the posting, the context that brought it about in the first place is missing. And without the context, even a Rodney Dangerfield skit would be evidence of hate speech in a jury trial.
@Kurt that is one measure that could work. I also would urge people to think even if they don't mind their grandmother seeing it, would they be embarrassed if someone from their workplace sees it? We may blow off steam about a work situation with friends and family, but if that gets out to a supervisor or coworker, that could be another story.
... you still need your armor: hackers have learned to exploit "malvertising"; too they have discovered that what would be thought of as harmless sites are often relatively easy to hack and a good place from which to launch a drive by infection
caution is good but at the end of the day you have to have effective protection
how would one know if one's protection has been effective? only a software inventory from a separate read-only boot can verify that
in the end we will have to have Commerce rule on product liability. two difficult issues remain in fron though: (1) how to deal with portable documents which carry executable code, and (2) how best to vet x.509 certificates.
Ha, Dream Chaser! I'd argue impulses. For many folk, it is probably a learned response to stop, count to ten, then hit the enter key. Sadly, the learning sometimes (often?) has to take place from bitter experience.
IMHO(FWIW) there isn't any reasonable way we can expect ordinary computer users to defend against this sort of thing.
Where should the attack fail then?
I see two points of failure:
It is good to authenticate,-- you would certainly want to do that before you pay someone to put a new roof on your house,-- and we should want to do that before we accept any software for our computer
we are getting better at the latter but in this case the software is delivered in a WORD document, most likely as an e/mail attachment. That is one thing we all need to start doing better: authenticating who sends us e/mail, -- because any e/mail might contain an embedded attack... ask RSA--- that's how they got into that hack.
but in the end your computer needs to protect itself. in the attached the fatal stroke is when they inject code into services.exe. that should never be permitted. when the O/S runs any program with special privilege in the user address space it needs to assign such a program exec-only memory pages. MSFT has already addressed the problem of user programs bringing their own .dll files as substitutes for o/s versions
as I noted elsewhere it's taking MSFT 20 years to graduate from 5150 to System/360
The plan for unmanned police drones to patrol traffic and other city conditions in Seattle has sparked a new set of legal concerns about privacy. Law traditionally lags technology, but we can expect now to see a new round of activity in the courts as legal definitions begin to emerge on what "next-gen privacy" will look like.
The US government is funding controversial projects to collect daily Internet activity, including Web searches, Twitter messages, Facebook and blog posts, and the digital location trails generated by billions of cellphones. Its goal is to map these interactions to predict social behavior, such as protests.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
ITRC found that more than 600 security breaches took place in 2012. Flaws were found in some of the nation's most respected companies: Apple, Citibank, and Wells Fargo. So, it seems the bad guys are doing better than the men in the white hats.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?