Posted on 01/31/2022 11:33:39 AM PST by ShadowAce
VPN won’t help at all, unfortunately, because it is something that is independent of your TCP/IP connection.
Imagine if I held a bright Red, Pink & Purple umbrella with distinctive stripes and polka dots. Then I don a mask (like using VPN). People won’t know who’s under the mask, but when they see the umbrella, they’ll know it’s the same person as last time: that’s what advertisers want to know. And they’ll be able to track you (okay, I mean your computer - not you as an individual) across websites unless you disable JavaScript.
Our customer demands security scans of all software that will be delivered for use and a clean bill of health from a security perspective. The tools we use are maintained by a reputable supplier that keeps the scanner up to date with all the published vulnerabilities and adds heuristics to look for additional flaws. Anything flagged must be fixed before delivery.
“The tools we use are maintained by a reputable supplier”
Ah but human accidents and sabotage happen so, well, it’s job security for you guys. Multiple cats chasing multiple mice, huh?
What percentage of security breaches begin with human error?
“Another option to counter DrawnApart, or techniques like it, could be to use a blocking script that prevents access to at-risk resources.”
I keep sharing it and no one listens. “ NoScript “ just works and blocks everything by default yet lets you selectively turn on only the bare minimum to make a page work.
I’ve been using NoScript for years now. While it may be somewhat inconvenient, I’ve gotten used to the way my browser now works with it. It also lets me know which sites to avoid in general.
Yep, absolutely. If I can’t get the basic site script JS that makes the buttons work, or lets me read it using the first option in the list I just move on.
It really opens your eyes to how many hidden 3rd party tracking and fingerprinting scripts there really are on a lot of these sites.
After you use it you learn what is safe to use yet still block the other 25-50 scripts. What I really like is that you can actually block all the Google services on almost all sites without them breaking.
But some are now tying them to together, if you don’t allow the google then nothing will work. As you say, then just move on and find what you want elsewhere that is not pulling this game.
Another fringe benefit positive I have found with NoScript is that it happens to get around a lot of paywalls because the cover page or pop up is further down the inline stack and blocked as a separate item in NoScript. :)
If you are identified as a dissident, they will find many ways to track your public utterances of Wrongthink.
Know what else Ace? I like being able to click these items and go use “Blacklight”. It is extremely exposing with what these are actually doing.
I don't have hard numbers, but practical experience deploying website updates that failed was most often attributable to a failure to get some software settings correct on the deployment. At the coding level, failure to check return values, failure to initialize variables before using them, using memory that has been freed, failing to free memory after use, reading/writing off the end of an array, returning a reference to a local variable. Little stuff. The class of tools emulating the early "lint" for C is helpful for finding problems in source code. At runtime, tools like purify or valgrind expose memory misuse, but only if the code is executed. Code coverage analyzers track lines of code actually executed so your test cases can be improved to run all of the code and help purify or valgrind report a problem. When it's all "done", source code analysis with tools such as fortify driven with known defect databases look for the odd stuff.
Modern software depends on a lot of reuse of other people's work. A defect widely shared gets reported as a Common Vulnerability Enumeration (CVE) with a description of how to replicate the defect, how to exploit it and what release of the commonly shared library has been posted with a fix for the problem.
Between security and regular development, there is plenty of work in the queue.
If you want privacy get a dog.
;-)
“Modern software depends on a lot of reuse of other people’s work.”
The understatement of the year, but it has to be that way.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.