• 1 Post
  • 109 Comments
Joined 1 year ago
cake
Cake day: July 2nd, 2023

help-circle



  • Using Kali? Easy if you have training. The capstone for our security course a decade ago was too find and exploit 5 remote machines (4 on the same network, 1 was on a second network only one of the machines had access to) in an hour with Kali. I found all 5 but could only exploit 3 of them. If I didn’t have to exploit any of them 7 would be reasonably easy to find.

    Kali basically has a library of known exploits and you just run the scanner on a target.

    This isn’t novel exploit discovery. This is “which of these 10 windows machines hasn’t been updated in 3 years?”


  • Separation of data between accounts makes them fall under different retrieval requirements.

    As one account, a request for all of the data from that account contains both chunks. Separation of those accounts separates the need to accommodate requests for data from one on the other.

    It can also mean that internally they may have a sufficient mechanism that data that was previously identifying to no longer being identifying (breaking userid to data pairings for example) which is sufficient to “anonymize” the data that it no longer needs to be reported or maintained.


  • GDPR and pii reasons most likely. It’s a nightmare keeping track of why certain data is on certain accounts. This can vastly simplify the GDPR compliance mechanisms. If your GOG account is merged with your PR account, there is probably significantly more “sensitive” data (CC numbers, addresses, etc) in the GOG account. This probably exempts some data that either cdpr or gog tracks from deletion or retrieval requests.















  • Generally yes with two huge caveats.

    First, It has been widely demonstrated that diverse teams are more productive and produce higher quality products than homogeneous teams.

    Second, selection criteria is heavily biased towards homogeneous teams and has also been demonstrated to stifle innovation.

    Desire/inspiration is nearly as important as capability and non-optimal teams (according to most, if not all selection criteria) will consistently outperform “optimal” teams in any tasks that require innovation.