DerbyCon 2018, Samuel Sayen's 'Red Teaming Gaps And Musings' →
Rather Than Focusing On Fixing Lame Windows Update System, Microsoft CEO Targets New Electronic Cricket Bat
Smart Move - Satya - Smart Move Now, what was it you were going to do about the October Creators Update for Windows 10 nagging problem of deleting user documents and other files en mass? Was this a redirection marketing tactic to deflect attention from the recent rash of Microsft Windows Update failures plaguing Redmond; or is it a Lack of Focus Mr. Nadella? (Update: News from Martin Brinkmann at GHacks that the file deletion issue is reportedly fixed). To be fair, an inability to service operating system updates robustly is not just a Microsoft Corporation (Nasdaq: MSFT) failure, this SNAFU is a hallmark of the so-called Android 'ecosystem' as well. Oh, and I'm a cricket fan as well. Enjoy.
GrrCon Augusta 2018, J. Wolfgang Goerlich's 'Bounty Hunters' →
Too Busy, Don't Care; So Sorry, Not Sorry
via Lawrence Abrams, writing at Bleeping Computer, comes news of a the most recent Attorney's General - The Gathering, colaescing into a brilliant coterie of top Law Enforcement Officials for their individual States. In which, Mesdames et Messieurs Procureurs Généraux demanding Somthing Be Done about Robo-Calls (cetainly the 1st, 2nd and perhaps 3rd World Scourge of Telecommunications) in a missive to the Federal Commmunications Commission (FCC).
Now, whilst I do enthusiastically laud the Advocatus Generalis' cumulative effort to stem-the-tide of robotic-calling systems - that enthusiasm is tempered by the herculean proposition it is to make such a request of the FCC, as Charman Pai of the Commission is far too busy casting his Reese's Peanut Butter Cup soaked visage for former employer Verizon and the other telcos' interests, rather than the People's Business.
"As these illegal telemarketing scams are estimated to have stolen 9.5 billion dollars from consumers, the letter urges the FCC to push for new protocols that can further help to battle these scams. These protocols are STIR (Secure Telephone Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) and can be used by telephone providers to identify legitimate calls and those from bad actors..." - via Lawrence Abrams> , writing at Bleeping Computer
El Cubano de Googlery
Otherwise known as a 'Memoranda of Understanding', and considering no information is available on what Google Inc. (Nasdaq: GOOG) agreed to 'understand' in their 'Memoranda of Understanding' with the Republic of Cuba and the ruling party - the Cuban Communists... Let's just say the deal between Pichai Sundararajan, aka Sundar Pichai and the Cuban Communist Party - is a might murky down Havana Way...
You know Sundar Pichai don't you? He's the CEO at Google Inc. who decided - with his super-decision-making-decision-powers to not inform Google+ users (also known as The Product) that Google, Inc. *lost their data due to flawed code-smithing in an API...
Google's Feet of Clay
Graham Cluley has reported (from an original Wall Street Journal source report) a Google, Inc. (Nasdaq: GOOG) security SNAFU... This time, the failure of the so-called non-evil company to report a significant data custody failure within their so-called 'Google Plus' product, where - in fact - you are the product. The company's better-late-than-never blog post covers the issue, in somewhat less than effective detail...
Robert M. Lee and Jeff Haas' Little Bobby Comics 'Carry A Big Stick' →
Via the Erudite Security Mindset of Robert M. Lee & the Superlative Illustration Talents of Jeff Haas at Little Bobby Comics.
Denials, Denials, Denials: Believe Them Or Not, Something Is Rotten On The Supply-Chain Side
Apple Inc. (Nasdaq: AAPL) has quite forcefully denied the (via Reuters, reportedly written by George Stathakopoulos - Apple’s Vice President for Information Security) existence of surreptitious-command-and-control-chip-insertions on system boards within devices manufactured by Super Micro Computer Inc. (NASDAQ: SMCI) under contract with and deployed/implemented by Apple Inc. within the latter's data centers. Interestingly, there is some evidence of security-related issues two years ago betwixt Apple, Inc. and Super Micro Computer Inc.... And then there's The Grugq, whose typically clear and exacting opinions are trusted hereabouts - his view appears here (you'd do well to listen to his take). Regardless of what path you walk in discerning the truth of this particularly murky debacle, one thing is clear - human nature given what it is, there is certainly an abundance of vile perniciousness floating about this scenario that has yet to be revealed.
Update: Axios has announced it has dropped the letter referred to in this post to Sribd, here.