> Using Chrome Galvanizer, you can protect yourself from attacks like this by specifying specific sites that one or all of your extensions can no longer access. For the MEGA case, if users had created a policy restricting access for the MEGA extension to access amazon.com, live.com, github.com, google.com, myetherwallet.com, mymonero.com, and idex.market then they'd be protected from the attack.
What about: nothing, just accumulate more, stach it and one day a need or opportunity will arise.
Might not be a popular opinion since we all are expected to optimize everything but 50 years in and this non strategy has made my financial live rather dull, which I like.
I would like to say thank you to him, since it opened a huge budget and mandate for my security team at the time.
No more draining discussion if AV needed to be installed on particular systems, the right to wipe any employees desk or laptop in case of "issues", create outbound firewall rules (yes those where new, and yes it saved a lot of damage 3 years later when Slammer hit, but that's another story) and budget to install "monitoring services" on whatever we'd like.
The total data loss was limited, the costs of employees not being able to work was a lot worst.
I was born in one, lived long in a second and now am home in a third country.
In all three languages I feel confident, can tell jokes, understand and have tested level C2 (https://www.efset.org/cefr/).
Still, every once in a while, I "have this feeling" my proficiency is subpar. Still I learn new expressions and grammar twists that I was now aware about before.
What helps me getting more certain and better in the word craft of the local language is asking locals to correct me and ask them to explain words and constructs that seem strange or unknown to me.
THE thing I wished more developers knew about databases: they are badass when it comes to data manipulation.
Stop sucking all data and manipulate it in your language of choice. Tell you DBA what you want done and let her do it for you.
Really, DB's may look like they are the special needs kid in the chain, but they're magnificent powerhouses when it comes to 90% of what you are trying to do to data.
It is really interesting since this is one of these parameters one can check easily and cheap (OXI meters are around 100 euro). And they're still available ATM.
Ah Adrian! Yes his SCION is quite impressive and has plenty of cool features, but if it will ever outgrow the “future internet” technology phase remains to be seen.
I (other account) once submitted their work to HN to see what real smart people thought about it, but it got 0 traction.
This submission is a better honeypot than the software link it points to. It has not been updated (latest blog entry 19/02/2018, latest code release Jul 30 2018).
Honeypots are high maintenance, or easy detectable.
Better example (disclaimer, I might have had something to do with this when it was being developed) is the DT Honeypot initiative.
I say (from experience) during hard times is the best time to start.
You will not be lured into massive fixed costs and start with the absolute minimum and required, which you can scale up when your business start flying.
As long as you start tight, you will stand a good change.
For me the exact opposite. 15 years ago I removed any and all reverence to my history of COBOL because I was suddenly actively being contacted for COBOL coding jobs.
Although I had a great time, as a starting coder, with COBOL jobs (transcoding COBOL to C at the time), I know one thing: ever ever again will I utter one like of COBOL code.
There are still people making very decent money doing it, but the lockin to one particular source of work just does not sound like what I could bare.
> Bug bounty programs are not supposed to replace you other security activities, but it's a way for you to have additional source of vulnerabilities.
Exactly the way we position our own Bug Bounty Program. Where the pentesters can be hired to also confirm things done well, the hunters are only paid for failures they found.
In our case there is an added bonus with the Bug Bounty Program: we've come to REALLY apriciate the technical level of reports. Since they only get paid for triagable findings, the details we get reported are so much better then what we used to get from our pentesters. Of course we now require the same quality of reporting from them.
What also helps is that the pentesters are motivated more to deliver higher quality findings since they are aware the service will enter the Bug Bounty Program after their findings are resolved.
Again, BBP should NOT replace your other security activities, they are an additional source with possible unforeseen benefits.
Some dude ranting about "how the system works" where "you are all slaves" and "they get free money" does not help anyone but the youtuber who's collecting views.
Here in Europe there is close to no police still using analog and listening to air traffic control or couriers just does not cut it for me.
Bought the app, hope you'll be able to keep this up.