Slashdot Mirror
Ed Felten: California Must Lead On Cybersecurity
An anonymous reader writes In a Sacramento Bee op-ed, (in)famous computer security researcher Ed Felten responds to the State of the Union cybersecurity proposal. He doesn't mince words: "The odds of clearing Congress: low. The odds of materially improving security: even lower. "What he suggests as an alternative, though, is a surprise. "California," he writes, "could blaze a trail for effective cybersecurity policy." He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts. It's an interesting idea. Even if it doesn't go anywhere, at least it's some fresh thinking in this area of backward policy.
From Felten's essay: Critical infrastructure increasingly relies on industrial automation systems. And those systems are often vulnerable – they keep a default password, for instance, or are accessible from the public Internet. These are not subtle or sophisticated errors. Fixing them requires basic due diligence, not rocket science. Requiring the state’s critical infrastructure providers to undergo regular security audits would be straightforward and inexpensive – especially relative to the enormous risks. Areas of sensitive data are also low-hanging cyber fruit. In health care, education and finance, California already imposes security and privacy requirements that go beyond federal law. Those legal mandates, though, are mostly enforced through after-the-fact penalties. Much like critical infrastructure, sectors that rely upon sensitive data would benefit from periodic outside auditing.
Of any state government's, California's policies also have the chance to help (or harm) the most people: nearly 39 million people, according to a 2014 U.S. Census estimate.
If California is leading the way then I don't want to live on this planet anymore.
This device uses a default password known to the State of California to cause cancer, birth defects, or other reproductive harm.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.
Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?
If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!
Why not? It's quick and easy - only 3 simple steps!
First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE and watch it.
You can watch GAY NIGGERS FROM OUTER SPACE on Youtube.
Second, you need to succeed in posting a GNAA "first post" on slashdot.org , a popular "news for trolls" website
Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!
If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.easynews.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here.
If you have mod points and would like to support GNAA, please moderate this post up.
This post brought to you by Penisbird , a proud member of the GNAA
G_____________________________________naann_______ ________G
N_____________________________nnnaa__nanaaa_______ ________A
A____________________aanana__nannaa_nna_an________ ________Y
A_____________annna_nnnnnan_aan_aa__na__aa________ ________*
G____________nnaana_nnn__nn_aa__nn__na_anaann_MERI CA______N
N___________ana__nn_an___an_aa_anaaannnanaa_______ ________I
A___________aa__ana_nn___nn_nnnnaa___ana__________ ________G
A__________nna__an__na___nn__nnn___SSOCIATION_of__ ________G
G__________ana_naa__an___nnn______________________ ________E
N__________ananan___nn___aan_IGGER________________ ________R
A__________nnna____naa____________________________ ________S
A________nnaa_____anan____________________________ ________*
G________anaannana________________________________ ________A
N________ananaannn_AY_____________________________ ________S
A________ana____nn_________IRC-EFNET-#GNAA________ ________S
A_______nn_____na_________________________________ ________O
*_______aaaan_____________________________________ ________C
Gary Niger gary_niger@gnaa.us GNAA Corporate Headquarters 143 Rolloffle Avenue Tarzana, California 91356
Enid Al-Punjabi enid_al_punjabi@gnaa.us GNAA World Headquarters No.33 Kyutei Bld. 2F, Shinjuku 2-11-7, Shinjuku-ku, Tokyo, Japan ????????2??11-6
Copyright (c) 2003-2015 Gay Nigger Association of America
Ich Bindawalross (London) - GNAA (NYSE: GNAA) President Nigger re
When used to protect bigotry and discrimination...Great, let's have some more!
When used to protect citizens from corporate abuse? Terrible, that's forbidden!
I've worked in banking were we were audited by multiple government entities, our private auditors and auditors from our thousands of customers.
Security audits are only worthwhile if the company being audited is actually serious about security in the first place. In over a decade of such audits I don't think the audits ever found anything that we didn't already know.
During this time we aquired multiple other companies, all of who had passed security audits, and the quality of their security had very little relation to what the audits said. You can have rather poor security and people who are really good at working with the auditors and get really good reviews from the auditors.
They may identify default passwords in Internet connected devices, but if the password is changed from the default to something trivial it won't detect the problem without helping much.
Bespoke setup - somewhat safe. COTS - You are asking for it.
Anyone who has default passwords or compromised firmware(with backdoors) deserve whats coming, and the directors should be personally responsible for all that follows.
Anything critical should have a dedicated line, or failing that dedicated, custom software / firmware/protocol(s) plural - where TCP/IP is not the only protocol. Recompile your TCP/IP stack so that is only has what you know you need - and drop any others)packets).
Yes, there are places who use off the shelf products with off the shelf software and rent a nerd/network monkey to get it up working. Or trust some cloud service to do it better/cheaper - even though passwords (and without sms or two factor) are in that solution and travel up wires that anyone can see.
All you really need, is a clue.
"Security audits are only worthwhile if the company being audited is actually serious about security in the first place".
I guess what matters is who holds the 'purse strings". When I observe a non-compliant issue and report it to my client, most of the time my client calls for a secondary audit. It's rare to see the same issue on the secondary. The audits I've done where I observe the same non-compliance are rarely retained by my clients.
My clients hold the "purse strings" and will accept an "anomaly", "error" or an explainable exception, but they won't deviate from agreed compliance with their clients.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
NOTHING is going to happen in California. Their budget is a joke. They have a double digit sales tax rate and the biggest deficit out of every state. They have the stupidest, most intrusive laws that negatively impact every other state. Their politics are almost as corrupt as Illinois. They don't do a thing about illegal immigrants and they're tipping the economy over and causing a massive crime problems. They also have a drug problem. California is the model of how you don't run a state.
And they're supposed to get tough on cyber security?
You mean all those industries that off-shored their IT and Security to the cheapest bidder can't secure their systems?
BIG FREAKING SURPRISE.
More homeless camps are appearing beyond downtown L.A.'s skid row
That state is making the US into a third world country.
What they propose is not going to happen simply because of this:
He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts.
Outside auditors doing anything in CA government? We'll see that only when all else is lost, and people are starting to go to prison.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I love California. I once went to San Francisco. I went to a club, I won't mention the name here. I was using the restroom and next thing I know a nice big dick slid threw a hole from the next stall over. Needless to say I got on my knees and immediately sucked that big dick dry, making sure to swallow. Just thought I'd share. ...apk
Really...how about Rhode Island? It's a small enough place, so it should be easier to secure.
Many, many people are moving from California to Texas, often following companies who are either moving their headquarters or like Apple, who is moving their new development to Texas. They come here because this is where the jobs are, and the cost of living is so much lower. The same person might make two to three times as much real income after accounting for cost of living.
They come to Texas because Texas has jobs, Texas has affordable housing, Texas has a road system that works, unlike California gridlock. Yet they bring with them the very same political ideas that have failed so badly in California. If you want to regulate your employer out of business, please STAY in California. Your welcome to come here and join in our success, but your also welcome to stay there and keep your fail. Please don't bring your fail here.
>. You are welcome to your state where a lack of laws allows employers to restrict your opportunities to change jobs. Yeah, welcome to your overlords who use the lack employee protection to push your income down.
Yeah, it was Texas where that happened, not California, right? It was Google and Apple conspiring against employees. Nope, must have been Toyota and Texas Instruments who did that.
The thing is, when the statehouse is deeply involved in business, those three or four businesses who purchase state senators have a huge advantage over all the smaller companies. Those three or four companies collude and the employees are screwed. When the politicians are expected to stay out of the way, you have hundreds of companies hiring just at one job fair in Austin alone. It's not possible for 500 tech companies in Austin to ALL collude.
Securing networks and computers will require companies to spend more time and money to take necessary steps to protect users of their products. The government, NIST in particular, has developed standards to evaluate risks in computer systems. Companies need to start putting their money where their mouth is and make changes.
Yeah baby. PICK YOUR NOSE AND EAT IT! Ohhhhhhhh yeahhh I just shit my pants. Enjoy the SMELL, the AROMA, the FLAVOR, dear SLASHDOT!
The cost of living is 28% higher in California:
http://livingwage.mit.edu/stat...
http://livingwage.mit.edu/stat...
The average dollar salary of a programmer is 10% higher:
http://www.indeed.com/salary/q...
http://www.indeed.com/salary/q...
Texas programmers therefore have average effective salaries 18% than in California. I AM having good luck.
A state run by a single party beholden to corporate interests and lobbyists and massively dependent on the tech industry. A state that is so incompetently run that it is teetering on the verge of bankruptcy, that its schools have dropped to the bottom, and that can't even solve its traffic gridlock. Cybersecurity legislation in California will do little more than exempt tech companies from any sort of liability and pour out massive amounts in government subsidies to big corporations for cybersecurity initiatives.
Real cybersecurity would require massively increasing the financial liability of corporations for any breach in security that causes their customers to lose money or waste time. For example, when a data breach at Home Depot causes banks to have to reissue credit cards, banks should be financially responsible to their customers for the many hours they have to waste on dealing with new credit card numbers, and Home Depot should be financially responsible to banks for all their resulting costs. If each of these data breaches cost corporations a few billion dollars, you'd be surprised how quickly security shapes up.
Do you think that will last if the price of oil stays down? Serious question, not an argument. I don't know the answer.
23 years ago, my mother moved to Austin because that's where she found a nice job with a tech company, Dell, and a nice house for about $120k. Since then, gas has gone to about $4, gone back up and down. The Texas economy has done well throughout. This is the point where someone will point out that the Texas economy wasn't as good 30 years ago (when Democrat Ann Richards was governor).
Shale oil has been good to Texas in the last three years, but again we've been doing well much longer than that, and tech is strong, independent of energy. The state has a large rainy day fund - money set aside, saved up. So fiscally we're prepared for hard times, unlike areas that have large debt they'll be paying on in the future.
People and companies have also been moving here from Colorado, where the tech sector has been weakening relative to Texas. My honest assessment is as I hinted above - business is coming to Texas FROM the states that are making pot legal, increasing regulations, etc - liberal states. That suggests to me that while smoking pot might be fun, and these liberal policies may have some benefits, they are bad for an economy - bad for jobs. I get it - I used to be a member of NORML. So I understand that point of view - I wrote some of the literature they read. It just hasn't worked well for the jobs and cost of living situation. The people coming to Texas for jobs are voters, however. They've come from Colorado and California and brought their pothead ballot initiatives with them. If they team up with other liberal groups to gain majority control, they'll likely vote for the same policies here, and we'll end up with the same results. That's when the Texas economy will fall long-term, I think.
In the past the oil industry was a much bigger part of the Texas economy than it is now. It's still a large part, but there is a ton of high-tech stuff all around Texas - Apple is building all of its Mac Pro units in Texas, for example...
They also have a lot of international trade, including a major airport and shipping port too. All of that adds to economic diversity.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I read the screeds above comparing Texas and CA. Look folks, California has a huge and diverse economy with a lot more than silicon valley contributing. It also has really, really nice weather. (which is why houses are expensive, in part) We're not rushing to the store today to stock up on batteries and food like they are in that other bastion of business on the east coast.
Some businesses are going to "business friendly" states.. why are they business friendly? Because they subsidize the move with tax rebates or forbearance (Tesla in NV, for instance) or because they have little or no regulation (grind those workers into the soil.. there's more where they came from).
I like being from a state where we have laws that protect the quality of life of the animals I eat. I like the "master plan for education", and the fact that free education has been guaranteed by the state constitution for over 100 years. I like being able to surf, rock climb, and ski all in the same day. I like eating fresh produce year round, grown and harvested by workers with nation leading protections on conditions for those workers (thank you UFW). I like being from the state that isn't killing its prisoners. I like living in a state where there's an agency protecting my access to the beach (all of it).
None of these is perfectly executed, far from it.. but the intention is there and is pervasive at its very core. As Gov Brown points out, you paddle a little on the left and a little on the right, and you gradually make your way in the direction you need to go.
You can, of course, live somewhere with no beaches or natural wonders to preserve. That does save on coastal commissions and the like. Or, you can just buy your own beach.
You can, of course, live somewhere with no significant labor laws, and benefit from virtual slavery of low paid workers afraid to challenge their boss. Papa Doc led a very nice life in Haiti, and probably didn't give a lot of thought to the life of the general population.
Yeah, I was being lazy when I wrote that, and I knew it. Funny that I didn't feel like taking a few seconds to do the arithmetic, given the subject line of my post.
Eyeballing it, Texas programmers effective salary is actually about 16% higher. I still don't feel like double-checking my math on that, but feel free to.
State governments are where most things should happen.
1) Decentralization of power keeps government closer to the people
2) Experiments only break or fix one state, allowing others to observe
3) The US federal government has a whitelist of duties, not a blacklist
A good case study is the community colleges. They are subsidized with the idea that better workers with better jobs will have a higher tax base. Except they all send the money back 'home' or use it to sneak in more. It is no joke that at most of my entry level jobs I was the token Anglo. Immigration allows for the creation of wealth by keeping wages down.
A lot of the now legal kids fall into a government support programs. Over 5 million family take some form of food aid in California. the state has only 38 million people! Some of the cultures these people have are very dependent based. They don't understand why we shouldn't go full socialism. They are basically conditioned to be surfs. abit surfs with money.
California is now issuing illegals Driver licenses! wtf the fuck! I don't care if it says it on the card. If it says it on the card they should be deported, not because they won't come back, but because it detours others from coming.
> As a result, we have to expect and accept that people will on occasion act in ways that we don't like and perhaps even contrary to their own well-being.
Perhaps that's applicable. There are enough gray areas to that question that we could go on for hundreds of pages discussing it. We'd never all agree, because it's a philosophical question, no a factual question. It's rather a different topic, though. What we're discussing here is jobs and the economy in Texas. In other words, as I said in the post you replied to:
while smoking pot might be fun, and these
liberal policies may have some benefits, they
are bad for an economy - bad for jobs
Similarly, maybe you think that "regulating" your employer to bankruptcy is more "fair". You and your boss can be homeless together. Okay, fine it fits your definition of "fair". I won't argue that. You are welcome to your philosophy*. It probably has some good points. Putting the employers out of business is clearly bad for jobs and bad for the economy - that's a provable statement of fact.
* You are very welcome to enjoy and IMPLEMENT that philosophy in a place where your neighbors agree with it. I request that you please do not run away from it's effects and bring it here. If you don't like the effects of your policies in California, change them, or come to Texas and become a Texan.
Perhaps that's applicable.
It is applicable. There's no "perhaps" to it. In a mostly free world people will act in ways that we won't approve of.
What we're discussing here is jobs and the economy in Texas.
And I get you think that legalized marijuana smoking is somehow worse economically than the current state of affairs with its destruction of people and the rule of law.
Similarly, maybe you think that "regulating" your employer to bankruptcy is more "fair".
OR MAYBE YOU DO. You're the one glossing over the destruction of a person's life just because they smoke or possess weed. Putting people out of business merely because they smoke something you don't approve of is pretty damned similar to the straw man you accuse me of above.
How is it more "liberal" to regulate a business to death rather than a person? Instead, I believe both are equally illiberal.
I request that you please do not run away from it's effects and bring it here. If you don't like the effects of your policies in California, change them, or come to Texas and become a Texan.
I in turn ask that instead of glibly saying that we'll never agree due to some mysterious quirk of philosophy or geography, look at the actual harm caused by the War on Drugs and then repudiate it. This is not a California thing. This is a moral thing.
As I noted earlier, the civil forfeiture of assets is the most unconstitutional thing the US and state governments do. There's also the militarization of law enforcement and the hijinks of unaccountable law enforcement, such as the Fast and Furious case where the ATF (Bureau of Alcohol, Tobacco, and Firearms) ran some alleged stings that had the sole outcome of providing considerable material support for the Sinaloa Cartel to kill people (and perhaps do other things like money laundering) in a nasty and bloody war across the border in Mexico.
> You're the one glossing over the destruction of a person's life just because they smoke or possess weed.
The morality of drug laws is not the topic of discussion in this thread. As I keep telling you:
What we're discussing here is jobs and the economy in Texas.
> And I get you think that legalized marijuana smoking is somehow worse economically than the current state of affairs with its destruction of people and the rule of law.
There's no "think" about it, the fact is that the economy in Colorado, California, and other liberal states has been getting worse and worse compared to Texas, which is thriving relative to those states. It's simple arithmetic. The unemployment umbers aren't somebody's opinion.
I'm sure someone would like to discuss drug policy with you in some other thread. I'd discuss it with someone else, someone who is still able to acknowledge that there is such a thing as arithmetic. maybe when you're a little less high.
If you can find any of it, I think you might enjoy reading a guy from Colorado named Ray Morris. He was a big pot guy in Colorado , active with NORML in the early nineties.
It has become obvious that you're currently unable to grasp the concept that there can be a conversation about something other than weed ( too stoned?), so if you're in Colorado, please stay there. All we have down here is Mexican dirt weed anyway. You wouldn't like it.