Slashdot Mirror

I think a large part of the perceived value is the time requirement (3+ years and a B.S./B.A. or 4+ years) for hands-on security work before you can even apply for the certification.

however.. this will in the long run once again achieve nothing.. they will just move into using some system where it's harder to make any proof who shared what, some waste/freenet like system probaly maybe with saturation enabled

I have been hearing this for years now. Why hasn't it happened? Why are the anon type systems broken and unusable and the open ones still dominant?

I think it's a tougher nut to crack than many have painted it as. Like the museum security paradox, utility requires popularity and popularity requires ease of use and regular operation - which are at odds with goals of security (and in this case, anonymity).

A better idea than fleeing to Peekaboo et al, for people in relatively free countries like USA and Iceland, might be to organize a coherent lobby and bring another side of the issue to political attention. Otherwise, expect a War on Copyright Infringement wherein, like in the Wars on Terror and Drugs, supposedly inalienable rights can be suspended. Do you really expect WASTE to save you against the full might of the American Empire turned against your purpose? With Carnivores and Clippers at every turn? Considering the assets of the NSA, the DOE and NASA, how many acres of government supercomputers will need to be harnessed to beat your encryption, do you think?

Let's change the wording a bit shall we: ... Do as I say, not as I do.


right, but changing the words as you have done changes the whole point. It's not the powerful government that is doing the tracking, it's powerless individuals who are tracking agents of the government to ensure that they don't abuse the power they ALREADY have, by virtue of their government affiliation. Shoe's on the other foot, isn't it? It is entirely appropriate for individuals to engage in behavior that the government is prohibited from pursuing, because of the differential in the balance of power.

Last I checked, I don't need a permit to follow you around my candy store and keep an eye on you. Especially if I've already caught you with one hand in the cookie jar.

now, s/candy store/country and s/cookie jar/treasury and there we have the current situation. Are you saying it's not legal to watch people as they go about in public? This society seems to spend an awful lot of time watching people for the sole reason that they are unusually attractive or wealthy. Do you think it should be illegal for this cult of celebrity to continue chasing movie stars around just to take "candid" pictures? If this kind of celebrity worship is legal, why isn't it legal to make available information about other, less famous people?

If you think tracking people who haven't been convicted of any crimes should be illegal, I think John Ashcroft would choose to differ with you. I'm sure that retired Admiral John Poindexter would disagree, were he to be given the opportunity. try my first paragraph again, and this time s/cookie jar/koran and I'm pretty sure that you have criteria that the justice department would suggest is probable cause to keep an eye (and maybe a wiretap) on you. Do you think that the FBI isn't spying on American Citizens right now, making a list and checking it twice, without telling anyone who is on that list?

Think again, my friend, think again. At least Indymedia has published the list of delegates, and the delegates themselves can look to see if they are listed on it. You would think these delegates would be PROUD of their chosen roles in the democratic process, and be willing to submit themselves to stand up and be counted, rather than so ashamed of the policies they represent that they have to call in the FBI to make some bogus claims to protect them from the public eye.

This is not even original. The exact text is stolen from: http://www.csoonline.com/read/030104/shop.html

As this article just came out. Pretty interesting.

Basically, it says patching and patch management has gotten out of control, but 99% of the verbiage in the article seems to be referring to Windows (ha, I typed Sindows by accident. Or maybe it wasn't an accident? Bum bum bum BUUUUUUUUM!)

CSO has a story claiming that patching just doesn't work as a security solution: there are too many vulnerabilities, and the patch creation and implementation process creates new vulnerabilities. For example, the article cites Microsoft's release of a nonsecurity hotfix for SQL Server -- which could reopen servers to the Slammer worm.

I was just talking about Blaster last night with one of the guys interviewed in the article. His solution is centralized patch management -- installing client software on his ten thousand boxes that checks whether a patch that he's approved for distribution has been installed yet, and either installing overnight or warning the user that the machine will be downloading, applying and rebooting soon -- save your work.

A couple of months ago CSO magazine ran an article about a similar problem, except it was coupled with the threat of blackmail.
Could it possible that this (or something similar) can get an innocent victim arrested? In a less technologically literate or a far more fundamentallist culture, the "virus did it" defense probably won't work . . .

To start with, Gartner estimates 70% so I guess I was being a little conservative.
To finish with, it sounds like you really have done some homework. Originally, when you threw that comment out it sounded like you were just saying that if it isn't on the internet it will be secure. That of course is simply not true, as you are clearly well aware.

One negative effect of employee monitoring is, they don't trust you (or they don't trust you even more than before). Here is an article about some employees who received an email, pay us $50 or we'll tell your boss you were pr0n-surfing.

Nearly all of the (innocent) employees paid up rather than report the scam! Few, if any, trusted their PHBs to take their word for it that they were being scammed on!!

Poorly organized. Lynx-optimized website (with only two pages), only two months to write papers, an overly broad topic, and being held in a pseudo-third world country, away from the main countries where most research is being done, don't exactly add up to success. I'll be surprised if they register more than 500 attendees.