First security job I had, the CISO had already declared that enforcing "no Youtube, porn, whatever" at work was a managerial problem and not a security problem [0]. And when management needed data from computers about an employee, they had to go through security -- they couldn't just fish around on their own. HR was involved, there was a paper trail, and requests were scope limited.
There are companies that do incredibly invasive employee monitoring, but those dystopias don't use EDR or whatever. They use some other vendor's spyware to replace management with creeping.
For some reason I'm reminded of the chains or cables used to keep operator hands (Posson's pull-backs) from being crushed in a press brake.
[0] The malware, etc that can come from those sites was a security problem -- but checking if creepy Bob was looking at boobs on company equipment or even just wasting time had nothing to do with infosec.
In my experience the most common use of this data is to build case for firing someone for cause when upper management wants them out. It's rarely used for actual security purposes.
What voting are you talking about? By not giving funding it's exactly that. A vote. A choice. I also stopped donating to the EFF when they showed they are shifting more political (non-tech space) than privacy focused etc. Does the EFF hold an annual vote I missed as a sponsor?
how do you get from no school/work/shopping to no websites/servers?
Servers perform work. For people. My oven (KitchenAid) is a machine, yet has a setting that makes it non-functional during certain religious events that require people not to work.
Similarly, B&H Photo's web site won't take orders on the Sabbath. They'd rather take the revenue hit than violate their principles.
What I don't get is how the author can't pin the year down to anything narrower than "between 1994 and 1997," especially considering he wrote the article in 2002: only a few years later.
I'm not at all implying the story was fake; just this particular thing feels weird.
The fact that you do not have to pull a card or even your phone could make the transaction faster.
Except they didn't in the real world.
The only place I ever saw these was at Whole Foods, and the store's POS terminals don't let you tap or palm until all items are rung up and there's a total available.
Usually when the cashier is down to the last two items, I have my card already out and hovering over the chip reader. The transaction completes in under two seconds.
Palm scanning is slower than any payment method other than cash or checks.
Back in the 80's and 90's he was pretty well known for noting that if you owe a bank enough money, it is in the bank's interest not to let you fail.
My guess is that it also helps to owe lots of money to lots of banks at the same time. That way when one goes after you, the others will help you out or risk losing their money, too.
(Every web site I've built in the last ten years has a series of conditions that combined will trigger a 418.)
reply