While it’s idiotic to refrain from updating your servers, it is doubly-idiotic to refuse to update your servers after they’ve been hacked.
Under the terms of the provisioning service that the servers were provided under, Fleishman-Hilliard was responsible for the administration and security of the servers, including operating system updates, software installations and backups, and had set up the servers—but “had chosen not to update their applications,” Brubeck said.
via After first Anon hack, PR firm failed to update other .gov websites.
Julian Sanchez discusses some of the difficulties of having the federal government enact a”Do Not Track” mandate on Internet browsers and websites:
A browser-embedded header may be technically simpler than a government-administered “Do Not Call” list, but “Do Not Call” is conceptually much simpler: A marketer either places an unsolicited call to a particular number, or it doesn’t. When it comes to the information generated by the interaction between a user and a Website, the datastream may be binary, but the question of whether someone is being “tracked” or not is anything but. And as the “arms race” alluded to above shows, it’s not always going to be clear in advance which kinds of information will facilitate tracking. And of course, users will find it useful and convenient to permit the collection of certain types of information even as they prohibit others, making it desirable, as the FTC’s David Vladeck put it in his testimony, for Do Not Track to enable “granular control” by users, rather than a simple on-off switch. But the more types of data collection and sharing need to be controlled—including new types that become prevalent as technology evolves—the more elusive the clarity and simplicity promised by Do Not Track (relative to mechanism-specific self help) becomes.
via To Track or Not to Track? That’s Actually Not the Question. | Cato @ Liberty.