Google Claims “Too Big to Comply” With Wage Discrimination Laws

They say there is no wage discrimination, but they can’t produce the data to prove that because, too big… Accused of underpaying women, Google says it’s too expensive to get wage data | Technology | The Guardian

Kristin Zmrhal, Google’s senior legal operations manager, also testified that the process of compiling data for the DoL has required engineers, lawyers and employees across departments to build new systems, conduct extensive quality reviews of files, redact documents and complete other complex tasks.

“It became too burdensome,” she said, noting Google was forced to hire a third-party vendor to help. “The team was bogged down.”

So we are supposed to believe that there is no wage discrimination at Google because they say so. Because there couldn’t be any wage discrimination at tech companies… Right.

Surveys have repeatedly found that women are often paid less than men for the same jobs across Silicon Valley. An account of sexual harassment at Uber earlier this year has also sparked a widespread debate about misogyny and misconduct in tech.

And then there is age discrimination…

2015 Cyberattack on the German Parliament – Probably by the folks who hacked the DNC

An interesting read on how a cyberattack – similar to what was apparently done to the Democratic National Committee in 2016 – unfolded in Germany. Cyberattack on the Bundestag: Merkel and the Fancy Bear | ZEIT ONLINE

This is a long article on how the Germans discovered the attack, and what they did about it.

The lethargic pace of the bureaucracy is most interesting. Days elapsed after they were warned of the existence of the attack. The way different bits of the government don’t work very well together. The fact that politicians were shocked – shocked! – to discover that they might be the target of hackers.

Adylkuzz: Worse than WannaCry?

What a surprise. (NOT!) There is another exploit that uses the unpatched computers attacked by the WannaCry ransomware worm. Adylkuzz hack, called larger than WannaCry, slows computers across the globe – CBS News

Monero is a crypto-currency, similar to Bitcoin. Adylkuzz takes over vulnerable computers to mine for Monero.

If you don’t understand that previous paragraph, you should make DAMN sure that you keep all of your computers up-to-date, and surf the web as little as possible, and DON’T open emails for folks you don’t know.

It’s a beautiful exploit really. These guys are probably making more than the folks behind WannaCry did, and most people won’t even realize that their computers are infected.

And all of this the result of NSA hording vulnerabilities so they could spy on us. (Well, and the insistence of folks who don’t know better that they can’t be bothered keeping up with security.)

WannaCry Ransomware Keeps Going – though slower than on Friday

Initial reports were that India dodged the WannaCry bullet. It seems the initial reports were wrong.

There was some impact of Indian government computers. Ransomware attack: 120 Gujarat govt computers affected by WannaCry virus

Around 120 computers connected to the Gujarat government’s information technology network were hit by the ransomware WannaCry virus, though no “valuable” data was compromised, a senior government official said on Monday.

That is a pretty small exposure compared to some impacts. (NHS) And there were a scattering of affected PCs around other government offices in India, but apparently nothing to bad.

And some billing was disrupted in an Indian power company. Ransomware attack: West Bengal state power companys computers hit; Kerala, AP too affected

A power department official who did not want to be named said billing for around 800,000 households was affected when the ransomware blocked access to files in the computers.

While that’s a lot of records, one of the eternal truths in government and industry is that the records of who owes what are the most secure. I have no doubt they will be billing those 800,000 people in no time at all.

As predicted, new variants have been detected in the wild. New WannaCry variant being monitored, DHS official says. But the impact has been much less than predicted. I’ve never been happier to have been proved wrong.

And this is an interesting look at the cross-section of places that were hit. WannaCry ramsomware is appearing in obscure places after global cyber attack – ABC News (Australian Broadcasting Corporation)

WannaCry: You Probably Haven’t Even Seen the Beginning – Let Alone the End

This latest cyber attack has been called a “wake-up call.” But no one will wake up. Ransomware attack ‘like having a Tomahawk missile stolen’, says Microsoft boss | Technology | The Guardian. (The name of this malware – WannaCry – always makes me think of the song “She Makes Me Wanna Die” from the soundtrack of The Replacement Killers. The video is at the end of this post.)

The cyber attack on Friday was stopped. (More on that in a bit.) But the fix was likely temporary. And new versions without a “kill switch” have been reported in the wild. So buckle-up buttercup, cause it gets bumpy from here.

Security officials around the world are scrambling to find who was behind the attack which affected 200,000 computer users and closed factories, hospitals and schools by using malicious software that believed to have been stolen from the US National Security Agency.

Can you imagine the devastation that would be unleashed if the .gov got a backdoor into every smartphone? Because they clearly can’t be trusted to keep secret things secret.

Businesses and hospitals were running PCs with Windows XP, and claiming that they are “critical infrastructure” and they also exposed those PCs to the public internet. What a bunch of idiots.

As I said the other day. If you are running “critical” systems on an operating system that isn’t supported, or you aren’t keeping up with the security updates, then treat it like a critical system and take it off the public internet.

  1. Make your system separate from the Internet. A hard gap. No access to the outside, only access to the features (like medical records) that are critical. (And no access to email, etc.)
  2. Commit to keeping your systems up-to-date. That means applying every MS patch Tuesday update, updates for all your application software (including such things as PDF readers) Not as fool proof as 1, but you can say you are doing your best.
  3. Go back to keeping records with pen and paper

Of course, no one will do this. Executives/Administrators/Powers-that-be will claim it is critical, and that it MUST be available on the internet, that we can’t possibly keep up with monthly security updates, or afford new hardware, and it isn’t our fault. It’s the fault of those damn folks in Information Technology who didn’t scream loud enough about this being a problem. We didn’t believe them when they spoke calmly.

Continue reading

UK’s NHS Ransomware Hack: They Knew They Were Vulnerable

They knew they were vulnerable because they had been hit before. Many times.

While everyone is busy being “shocked – shocked! – to discover that ransomware is real,” it turns out that NHS hospitals have been getting hit with ransomware for a while. NHS cyber attack: Doctor who predicted hack says scale makes him ‘worry about who is behind it’ | The Independent

“From a Freedom of Information request we know that over one third of NHS trusts have admitted to being hacked – but [in the past it seems to have been] individual organisations [targeted].”

So a third of your organization is hacked over some months, and Microsoft – and the whole of the cyber-security industry – starts yelling in March of this year that you need to update your systems or be in even worse stead, and you do nothing. (Exactly what would cause you to do something?)

Corporate IT departments will tell you that they can’t upgrade their systems every month. (I know I used to work in those departments, though I was never the one saying that.) But I update my system every month. And LibreOffice, all my browsers (I use several over the course of a week) my Kindle for PC app, Spotify (which is usually playing music in the background), games, etc. ALL continue to work. If your in-house applications don’t work across a security update, you are doing something REALLY wrong. And you should figure out how to stop doing that.

And then they launch into the “cost” of this attack, in terms of the impact on patients.

Continue reading

More reasons not to fly every day

Another day, another fight on an airplane. Passengers get into fistfight aboard Southwest flight –

Cell phone video that surfaced on social media shows two men apparently jostling for position near a row of seats. Then one man forces the other over the backs of the seats in front of them. He then leans over his fallen foe and unleashes a series of punches before fellow passengers rush in to stop the pummeling.

“What is wrong with you?” a female passenger asks, imploring the men to stop, the video shows.

What is wrong?