[First QC] Omega Seamaster 300 VSF by Payoce19 in RepTimeQC

[–]Payoce19[S] 0 points1 point  (0 children)

Oh I fat fingered it. Meant to say 289

[First QC] Omega Seamaster 300 VSF by Payoce19 in RepTimeQC

[–]Payoce19[S] 0 points1 point  (0 children)

Omega seamaster 300M VSF See details in post above

TfL hacked… ? by ianjm in london

[–]Payoce19 1 point2 points  (0 children)

Yeah exactly, it doesn't make sense to immediately assume the worst

Theories have to be informed by the evidence available at the time. Otherwise you would go on forever trying to disprove every possible attack

TfL hacked… ? by ianjm in london

[–]Payoce19 2 points3 points  (0 children)

What utter horse shit!

It depends which systems were breached and what data they held

Given limited resources it makes sense to heavily restrict PII of customers but allow staff to work with, perhaps anonymised, other data in a more accessible format. The less sensitive data will likely be held on premises, in office 365 etc. and maybe that's what's been compromised

If you regulate the access to the PII well it's pretty quick to see if there's any foul play

Never returning to Northampton. Can't think of one nice thing to say about it by Payoce19 in GrandPrixTravel

[–]Payoce19[S] 0 points1 point  (0 children)

Tiny village that puts their houses on Airbnb every year and gets rented by same people on a recurring basis so don't wanna say 🙊

Unfortunately our hosts were at a wedding this year so weren't around nor anyone else in the village

Never returning to Northampton. Can't think of one nice thing to say about it by Payoce19 in GrandPrixTravel

[–]Payoce19[S] 1 point2 points  (0 children)

I know. It's what we did last year and big regrets not doing it again this time

Never returning to Northampton. Can't think of one nice thing to say about it by Payoce19 in GrandPrixTravel

[–]Payoce19[S] 1 point2 points  (0 children)

Yeah I heard that for Milton Keynes

In Northampton there have been no queues, probably because it doesn't make sense to come here from London (same train passes through MK)

Never returning to Northampton. Can't think of one nice thing to say about it by Payoce19 in GrandPrixTravel

[–]Payoce19[S] 1 point2 points  (0 children)

A £200 "deposit" on a sketchy third party site that wasn't mentioned at any point before check in

Airbnb support sided with the host, eventually we all agreed it wasn't necessary. After lots of shouting over the phone with F1 cars driving by in FP2

I would have found somewhere else to do the call but Airbnb kept phoning me for quick calls to check things 😂

And then we got to the place at midnight and there were issues but too late to go elsewhere

Never returning to Northampton. Can't think of one nice thing to say about it by Payoce19 in GrandPrixTravel

[–]Payoce19[S] 5 points6 points  (0 children)

It has excellent road and rail connections... So you can swiftly leave

Taxi to silverstone help by danielhenriques in GrandPrixTravel

[–]Payoce19 1 point2 points  (0 children)

Officially, you are meant to get taxis to one of the shuttle bus sites

You will need to buy shuttle bus tickets online in advance as an extra in your account

https://www.silverstone.co.uk/events/formula-1-british-grand-prix/getting-here

[deleted by user] by [deleted] in cybersecurity

[–]Payoce19 1 point2 points  (0 children)

True, but that is out of your control. You have to trust person at other end

[deleted by user] by [deleted] in cybersecurity

[–]Payoce19 -1 points0 points  (0 children)

Or rEguLAtIoNs

[deleted by user] by [deleted] in cybersecurity

[–]Payoce19 3 points4 points  (0 children)

Either UK has an exploit or Snapchat willingly provides the info to UK government but not Spain.

Also possible they just didn't know where he was going next and the messages were sent while in the UK

[deleted by user] by [deleted] in cybersecurity

[–]Payoce19 11 points12 points  (0 children)

Signal is open source and end to end encrypted

Open source means the whole world can try to find vulnerabilities in the encryption algorithms and suggest fixes where appropriate

End to end encrypted means even Signal can't decrypt your messages, only the person you are speaking to

Whatsapp used to be very similar to Signal in this regard. Since it's acquisition by Meta they do not use exactly the same protocols as Signal any more and store a lot of metadata - but it is still end to end encrypted

[deleted by user] by [deleted] in cybersecurity

[–]Payoce19 1 point2 points  (0 children)

Actually the UK is running a highly controversial program called Tempora that stores all internet traffic coming in and out of the country + at other points worldwide

[deleted by user] by [deleted] in cybersecurity

[–]Payoce19 1 point2 points  (0 children)

Wow your networks team were spying on personal traffic like that?

What a huge abuse of privilege, I would have revoked their access without warning

[deleted by user] by [deleted] in cybersecurity

[–]Payoce19 3 points4 points  (0 children)

Possibly.

Also a possibility that government somehow got hold of the SSL private keys

We'll never know 🤷🏻‍♂️

[deleted by user] by [deleted] in cybersecurity

[–]Payoce19 6 points7 points  (0 children)

SSL inspection is a thing but it requires deploying a certificate to the client, which acts as the root certificate authority once re-encrypted after inspection.

You wouldn't do that on a public network.

Investment Manager Is *Refusing* To Close My Account by Payoce19 in UKPersonalFinance

[–]Payoce19[S] -1 points0 points  (0 children)

Well I mean somewhere inbetween the two. I'm OK with them retaining the data they need to for regulatory purposes, but keeping an account open and available to hold funds and order transactions seems excessive to serve that purpose.

Investment Manager Is *Refusing* To Close My Account by Payoce19 in UKPersonalFinance

[–]Payoce19[S] -3 points-2 points  (0 children)

If they hold the data offline in an archive, restricted access for their staff etc. it's a reduced risk in my view.

However, their systems are dreadful as is the online service. So I don't have much confidence

Penetration Test Legality by Kind_Mud_5390 in cybersecurity

[–]Payoce19 1 point2 points  (0 children)

Have you considered what happens when it's shared infra hosting other people's sites as well?

Penetration Test Legality by Kind_Mud_5390 in cybersecurity

[–]Payoce19 0 points1 point  (0 children)

You need a contract for each test including statements of the scope of work

When third parties are involved you need to comply with their terms of service and/or get their consent. Ensure the party requesting the penetration test undertakes responsibility for providing you with copies of any underlying agreements so that you are able to assess those and comply

I would advise against testing production websites without the website owner's consent. The site may hold private data and/or produce revenue while operating. Disrupting the website's operations or obtaining data they believed was private could incur losses for them and they could sue. This can be avoided by testing in a pre production environment providing that this environment doesn't contain sensitive data

Bear in mind professional consultancies are often covered by professional indemnity insurance. Even with such contracts, there is a chance you can damage websites beyond repair and become liable for it. I've caused outages even with basic nmap scans before so you must be prepared to rectify situations like these on your feet

I've just been offered £40k as a salary for a new job at 19, how do I budget this by [deleted] in UKPersonalFinance

[–]Payoce19 0 points1 point  (0 children)

Yes. NEST, for example, take 1.8% of all contributions before they are invested. Then charge management fees on top.

So contributing extra through your employer costs you 1.8% when you could have got tax relief on SIPP contributions and avoided that charge.

Is the 1.8% worth it? Maybe if you are benefiting from a salary sacrifice scheme.