Month: August 2024

The Rings of Power’s showrunners have defended the non-canonical events depicted in the hit Prime Video series’ first season.

One of The Rings of Power‘s showrunners has insisted that season 2’s closer ties to its source material “is not any kind of response” to fan frustrations with the first season.

Speaking to TechRadar ahead of The Rings of Power season 2‘s release, Patrick McKay stressed that he and co-creator J.D. Payne didn’t decide to lean more heavily into J.R.R. Tolkien’s beloved works following criticism from sections of the author’s fanbase. Instead, McKay maintained that “it was always the plan” for The Rings of Power season 1 to be less faithful to The Lord of the Rings books, appendices, and legendarium before they fully committed to canonical events in later seasons.

McKay’s response comes almost two years after the hit Prime Video show’s first season launched. While the high-fantasy series was a runaway success for Amazon MGM Studios – it’s the most-streamed Prime Video TV Original of all time – the prequel project was slammed by legions of diehard Tolkienities. Indeed, The Rings of Power‘s sparkling success couldn’t save it from some baffling and horrific fan backlash that not only chastized McKay and Payne’s take on the source material, but also led to racially-aggravated verbal attacks towards its black cast members.

Season 2 will depict the Siege of Eregion in all of its epic and brutal glory (Image credit: Ross Ferguson/Prime Video)

In the time between between its first two seasons, we learned that season 2 would forge closer ties to The Lord of the Rings‘ books and their supporting texts. Indeed, the arrival of The Rings of Power 2‘s first trailer suggested its creators had learned lessons from the first season, not least in their attempts to religiously adapt what Tolkien had written about Middle-earth’s Second Age.

Of course, as the first teaser and its follow-up trailers revealed, there would be plenty more original content that Payne, McKay, and the show’s other writers had devised. However, those at the helm of one of the best Prime Video shows were clearly ready to fully embrace events in Tolkien’s literary works, and bring them to life on the small screen as dutifully as possible.

What made McKay and Payne wait an entire season to deliver on that promise, though? Why didn’t they just dive headfirst into the written material and adapt it verbatim from the get-go? And did the fan ire force them to change tack from a storytelling approach?

“We set upon this journey with a plan,” McKay told me. “That plan was for a multi-season arc that would start in a place that welcomes audiences back to Middle-earth and introduces all of these characters. Some are canonical characters in a much earlier phase of development where they might look different to what you’d expect, and some are new characters, hopefully created in Tolkienian fashion that use the hints in the text as a springboard. That first season would then lead you into the Second Age before kicking you into what are now seasons built around canonical tentpole moments.

“So, really, it’s not any kind of response [to the backlash], or us learning anything from last season. It was always the plan to have a big season one that invites everyone in and, now they’re immersed in our world, they’re in this universe of major historical, mythical, canon events that we aim to build whole worlds around.”

That blueprint, although divisive among The Lord of the Rings‘ fanbase, is certainly taking shape now. In my review of The Rings of Power season 2’s first three episodes, I called it a “darker and more dangerous installment that’s far more faithful to its literary inspiration”, and added that it continues to be a “well-oiled, character-driven slice of prestige TV”. Here’s hoping the rest of this season lives up to the lofty expectations I’ve set for myself and others.

You might also like

‘We looked at it’: The Rings of Power season 2 pays tribute to The Fellowship of the Ring movie in the most precise way possible, its creators confirm‘It helped me enormously’: The Rings of Power‘s Celebrimbor actor had a ‘forensic’ crash course in ring-making to upgrade their character in season 2‘We’re working on it’: The Rings of Power season 3 hasn’t been confirmed yet, but the Prime Video show’s creators have an update on its development

Read More 

The larger an organization is, the more ‘shadow data’ it often has, and the harder it seems to be to keep track of all the different places data is stored.

Fujitsu made the news earlier this year after accidentally exposing AWS keys, plaintext passwords, and client data. The incident caused serious concern when it became clear that the exposed data had been floating about the internet for almost 12 months.

This type of unintentional lapse in data control is more common than you might think. Larger organizations, in particular, tend to have more shadow data than they would like to admit to, and can often find it harder to keep tabs on all the places where their data is stored, be that a stray code repository or some cloud storage being used to transfer data between non-corporate systems.

Enterprises falling foul of these data spills can face serious consequences, with the immediate fallout often including reputational damage and loss of customer trust, as well as difficult questions from investors, stakeholders, and journalists.

Fallout aside, the impact of these exposures is just as worrying. It can provide cybercriminals with access to highly confidential or proprietary data, which they can then use to commit fraud or disrupt operations.

With the added possibility of lawsuits, regulatory fines, and financial losses, no company can afford to ignore data and cybersecurity. Yet many incident response teams (including ours) are all too familiar with cases like this – and they remind us that seemingly straightforward preventative measures are more complex to apply across larger organizations.

So, what are some common pitfalls, and how can your business avoid them?

Always know where your data is

This might seem straightforward (and obvious), but all too often we encounter situations where restrictions on where data can and can’t go, and guidelines on what data can be added to publicly accessible sources, are either overlooked in project discussions or processes, or, in some cases, not documented at all. This lack of clarity leaves individuals to decide for themselves what is acceptable, leading to potential security risks.

Our incident response teams have dealt with several cases where developers have used unauthorized or undocumented public-facing storage and repositories. Even when a repository is known and approved for use within the organization, it’s crucial to clearly define what is allowed to be stored there. Guidelines on what needs to be removed from a codebase before pushing it to a public repo should be well-defined and regularly enforced. Not doing so can create significant unmanaged risk. No matter how strong your cybersecurity defenses are, you can’t protect data if you don’t know it exists.

Addressing storage-related governance and providing clear project documentation that defines parameters for what can/cannot be stored publicly will always help, as will compulsory staff training for all employees. Layered on top of that, threat intelligence and DLP scanning services can also be used to good effect to monitor and search for evidence of public exposures both in public locations as well as your own known storage locations – these are well worth monitoring and reporting on long term.

Code repositories

I’ve lost track of how many incidents we’ve dealt with recently where a breach was caused by the public exposure of sensitive data. Several of these breaches occurred due to sensitive information being stored in publicly accessible GitHub repositories or Amazon S3 buckets.

Frequently, these stored resources contained hard-coded materials like AWS administrative keys for user accounts and user credentials. In some cases, they even included static API keys for public services that hold sensitive financial information; it’s practically like signposting a target for attack and giving the attacker the keys to the door.

Using repositories has long been standard practice for developers, making it essential for enterprises to continuously review their security protocols. It’s not just about expecting developers to avoid mistakes – it’s about ensuring there are clear rules and automated checks in place to help prevent mistakes as well.

For instance, GitHub offers tools for secret scanning and advanced security features that can help detect and prevent sensitive data from being exposed in your codebase. By implementing these kinds of safeguards, you reduce the risk of sensitive information, such as API keys, being inadvertently published. Without these checks, even the most well-intentioned developers may unintentionally compromise security.

Keep it private

I’m not suggesting that GitHub or other code repositories are bad – far from it (they have saved my sanity far too many times for me to brand them as such!). But staying secure means organizations should endeavor to conceal their code until it’s safe to do otherwise.

With that in mind, privacy should always be the default stance until appropriate checks have been run on everything that’s being stored. And if you intend to publish publicly, make sure you complete pre- and post-publication repository checks first.

Make reporting easy

Specialist researchers and bug bounty hunters can provide valuable insights (even if you have not directly employed them), so long as you give them a clearly signposted route to tell you about anything they discover. In Fujitsu’s case, Jelle Ursem, a Netherlands-based security researcher, had tried to contact the company but found he could not easily reach the right person.

Preventing a similar situation is relatively simple: Set up a contact form on your website or use a dedicated monitored inbox to handle discoveries. You could even introduce a bug bounty program to reward ethical hackers and the wider research community for discovering and reporting vulnerabilities to you.

Either way, the key is to have a structured method for working with others to enable the reporting issues, because let’s face it – it’s always preferable to finding out after a breach. By that point it’s usually far too late, and the costly damage has already been done.

The reality is that the larger and more complex your organisation, the more data it will have. Unfortunately, this makes it more likely that information will be accidentally exposed. But as with many things, planning, education, and transparent policies, as well as the use of appropriate tools for checking against human error, will help minimize the risk.

We’ve featured the best encryption software.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More