This is surprising? I, and many others in the information security business, have been saying this for years. Most security threats come from inside. It's either malicious (the dude that made a CD with 100,000 credit card holders' information in India) or negligent (we can all think of those cases). The outside attackers can get to plenty of individual machines, but most companies are actually pretty secure against outside threats.
As a sysadmin many years ago, I learned two sayings that still hold true. "User is a four letter word". "User rhymes with loser (luser)".
At many companies, the phones will show you the caller ID information for inside calls. When I worked at an unnamed semiconductor company, it even showed if the person was calling from Sunnyvale, Singapore or Dresden. So verifying that it's Sally from HR was no problem.
Security, like most of IT, is viewed as a cost center. So they try to minimize expenses. And wind up losing money on the proposition. There are numerous papers out there on the value proposition of security. But upper management doesn't read them. They don't read anything.
Since they're seeing this in rats and mice, which have a life expectancy of only a few years, then I would imagine we'd be seeing in a dog like, say, our Toby, who is 9 1/2 and was chipped when he was 12 weeks old. There are approximately 1500 members on Corgi-L, representing about 6000 dogs. It's been around since 1995. In that time, I know of about 100 cases of skin cancer. Some of those were secondary (metastatic). Now this is only anecdotal.
Most lab rats are bred to easily contract just about anything. Without knowing the exact line they come from, we don't know their initial susceptibility.
They've been chipping cattle since the late 80s or early 90s.
They've proven fairly accurate in locating most types of skin cancers and some internal cancers. I believe that they can identify lung cancer by smelling the breath of a patient, although as far as I know there haven't been any reverse tests, where they look for the disease AFTER the dog indicates (kind of like drug dogs, you tear the car up after the dog sits, instead of tearing up the car and then having the dog say "yup, drugs").
There are two protein markers that are reliable indicators of the presence of some cancers. Carol's oncologist tested for them every two weeks from before she started chemo until after the lumpectomy. She tested normal in July of last year and again in January and July.
There are lots of tests for very specific cancers (PSA and pap are the two most common). The holy grail is the you-have-cancer-and-the-cancer-is-xxx. It's worth a Nobel Prize. Assuming somebody doesn't find a cure for AIDS the same year.
Well it seems that the RIAA has itself been blatantly breaking the law, in junction with its hit man Media Sentry. Breaking into people's computers, for whatever reason, is illegal. Claiming to be a grandmother to get a little girl to talk to you is illegal. If they're going to try to claim the moral high ground, they should first try standing there. Don't question someone else's ethics until you've question your own. I own every recording in my possession.
And as long as you're an Anonymous Coward, you're still a coward. You know who I am.
Of course it's about "standards". Even Microsoft "standards". I've had two professional associations I belong to say that they won't accept anything in WTF the 2007 format is. This is for the benefit of both the office staff and also the referees. I'm still running 2000. That's what the ACM (you know, the computer people) require. The IEEE recommends 2000 but will also accept 2003. The ISSA hasn't taken an official stand, yet. But everything coming out of them is 2000.
Administrative Contact:
Carlton, Danny godaddy@DannyCarlton.net
19724 E Pine St
Suite #149
Catoosa, Oklahoma 75015
United States
(918) 697-4039 Fax --
Perhaps if we/.ed his email. I'm not recommending that we mail bomb him, but if everybody sent him one email objecting to this concept. I also plan to point out the various tools for the other browsers, as well as my enormous spending habits on line (B&H Video and Photo rocks! Broadway Photo rips off).
Ads steal bandwidth that I pay for. I wonder when the carriers are going to ask for a cut of the ad revenue, since they (the carriers) have to pay for all that bandwidth. Oh, wait...
Yes. In fact, most sites are still stuck in the mid 90s
What do you propose they do, send out SecureID tokens to all of their users? Here's a neat trick. Set up a phishing site for a bank that does use SecureID. Ask for the code, then hang for two minutes and come back with "there was an error processing your request, please re-enter your data". So I put in my code a second time, this time it's a new number. You now have two numbers and two time stamps. From this, the future numbers can be calculated. There are several calculators out there that will do this for you. It's one of the security world's dirty little secrets.
Let's see, up until I graduated from high school, I wanted to be an ME, going into automotive design. Then I changed to EE during my freshman year. After getting a gentle convincing (an F in my first EE class and a barely D in statics) I changed to CS. Where they taught me things like binary algebras and I learned how to do partial differential equations. What a waste. So I became a sys admin after a couple of years wandering through the waste lands of early 80s IT. Now I'm a security geek, with heavy emphasis on encryption. Which involves (ready?) heavy math.
My wife was a CS major. Now she's EE (DFT). Her brother was a Physics major. Now he's a EE (DFT). My room mate was a Psych major. Now he's a Java programmer (but not Javascript. He hates it and uses NoScript religiously). One of my friends in high school was an Environmental Design major. Now he's a DBA. Another room mate was a Bio Med major. Now he's vet (okay, bad example. Almost everybody who wanted to go to vet school was a Bio Med major).
Forcing 9th graders to pick "a major" is like me picking the specific options for a car when I don't even know what the 2009 models are going to look like. What if some poor schmo decides he wants to become an auto mechanic (we really need more) but after a couple of years realizes that he really wants to be an automotive engineer. Now he's a couple of years behind in his math. Yes, he can go to a community college to catch up, but now he's 21 and it'll be another 4 years before he's making money, which he'll never catch up on (take $3000 each in your first 4 years out of college and put it in an IRA. That's a lot of money 40 years later).
This is the latest in "education's" "let's try something new because we don't know what the fuck we're doing" campaign. I'm 51 and have been working since 1979. I got a well rounded education in high school that prepared me well for college. I had a strong math background, can draft, can touch type (fast, on a real typewriter), can solder, can safely work with hazardous chemicals including fuming red nitric acid (don't ask why I needed to learn that, although many of us know how to make those concoctions that require it) and can read and comprehend Latin. Since I've been working, I've learned how to weld and speak Spanish. Anybody who thinks that they can pigeon hole someone at age 14 and lay out their whole life for them is either an idiot or, well that does about sum it up.
It is not uncommon for a judge to require a large bond to be placed by the appellant, particularly when the judge does not believe that they will prevail in the appeal. This bond would only be about 3 times the judgment. I've seen cases where it was as much as 5 times. And, or course, the judgment also includes, but has not been listed yet, legal expenses incurred by the plaintiff. So they could quite conceivably be out much more.
Does anyone have a name/address/phone number of her attorneys? I'd love to send them a check for $100 to help fund her legal fees. Given the number of/. readers who just love the RIAA, $5 a pop would probably cover her through the Supreme Court.
Ever hear of OBD III? The spec for it includes a two way radio. It could be used by the cop on the side of the road to get your speed without ever turning on a radar. In theory, it could also be used to, for instance, turn off your car. That's not in the spec, but there's no telling what might get "added in" by our benevolent government.
You don't think that the ELINT can't pick up those signals? And discriminate?
Paranoid? Maybe. Just because you're paranoid doesn't mean they're not out to get you.
What he meant was, while standing at the top of the gallows, "at least they're not going to hang me in England".
Tejas is about to get red light cameras all over the place. We already have tracking on all the toll roads (which you almost can't avoid in Austin anymore). As has already been pointed out, NYC wants to put up traffic congestion cameras.
As far as not committing illegal acts, how would you like to have your door kicked in at 2 in the morning because you happened to be standing around outside a bank while it was being robbed?
Except that they officially knew about the problem. Assuming he had taken the time to sign his email. When they said they did know if they could fix it without a major rewrite, that was a tacit admission that they had known about it.
At least he went to the company first and sat on it for a while. Lots of people publish first, then notify the maker. That definitely makes him a white hat in my book.
I have a friend with MS. She goes in once every 4 weeks for an infusion of Tysabri. It's supposed to be the next miracle. It's prevented the formation of new lesions in over 90% of the test subjects. The previous med was beta interferon, IIRC.
Tysabri was pulled from the market in 2004 after two of the test subjects suffered from some sort of disorder that "turned their brains to mush" (Sarah's words). A further trial had no adverse results. She's had no new lesions and is currently asymptomatic.
I can name dozens of high tech companies that haven't switched to Vista internally and probably won't for a while. And lots of them are computer manufacturers. Yesterday I saw five brand new laptops from my current client with XP Pro on them. But if I try to buy one, it comes with Vista Basic.
I know Intel has publicly stated that they aren't moving.
I'm not moving until I have to. Which, sadly, may be soon. But my current 5 year old laptop will be dual boot, since I'm sure some of my software won't work on Vista. Has anyone run the Windows version of netstumbler on Vista?
Friend's house got hit by lightning (not a FOAF). Her TV literally jumped off its stand and she had a hole in her roof and ceiling where it hit. Her neighbor immediately called 911 and the Round Rock FD was there in about 4 minutes. Six units, total. They used an infrared camera to check all of her walls for smoldering (or whatever firefighters call it). Spent three or four hours there, put a tarp on her roof and even called an electrician and the telco for her. The report listed it as "lightning strike and subsequent fire". Her battery powered smoke detector went off. The AC powered one had some problems with being smoked.
I consider any time the FD gets called out to a real emergency to be a fire. Flames or no.
I've got a box of cards (two, actually. Two and half, really. You could never get all the cards back into the box). All I need is a card reader and a 360/65 with OS 360 and TSO and I'm set for life.
I've also got a programming card for an 029 and COBOL.
We were the sneaky bastards that used to put random comments and unused character strings into the code to thwart people like you. Then I graduated and became a people like you. And was constantly thwarted by people like me.
I've handled TS and above at a number of contractors over the years. That said, "What happened to locks, keys, and trusted employees?". And how do you get a server out of the building? Stuff in down your pants? I've never worked anywhere where areas with classified information weren't surrounded by cameras. And access control. And lots of other means of tracking the comings and goings. There's more to this story than has been made public.
The lady doth protest too much, methinks. Something is rotten in the state of Denmark.
Either there really wasn't much to worry about or they are secretly passing rectangular pieces of firehardened clay out their anuses. And these guys are called a "security" firm!
I have to wonder if ISP provided content (I'll use AT&T as an example since I only vaguely know the British ones), such as IPTV, will be charged in the same way. If the ISP provides this service without charging back (an internal charge back), then they are asking other service providers to subsidize those services.
Very much a trade secret. If the documents were properly labeled, that is. Too often a company will claim "trade secret" without treating it as such. It has to be marked with something that indicates that it's private and proprietary. Like having those words stamped on it. I've been doing this game for a long time.
Now, if I was said poster, I'd be using a Yahoo email address with all fake data and posting from free hotspots.
40 grand? A modern digital x-ray is around 60. An MRI machine runs over 500 and some nuclear medicine machines run over a million.
Heck, our vet has an automated hematology machine that runs around $10K.
Those who are really interested in this have either already done their own exploits and are pissed that it's "already" being addressed or don't care about the analysis because they're working on one of their own. Only the skiddies care, and most of them can't code in Java (or much of anything else, either). So they'll be waiting for some enterprising soul to sell them a tool.
In the meantime, those of us who don't code in Java can at least understand what's going on. But I can't write an exploit. Which I guess that makes me a skiddie.
Slashdot Mirror
This is surprising? I, and many others in the information security business, have been saying this for years. Most security threats come from inside. It's either malicious (the dude that made a CD with 100,000 credit card holders' information in India) or negligent (we can all think of those cases). The outside attackers can get to plenty of individual machines, but most companies are actually pretty secure against outside threats.
As a sysadmin many years ago, I learned two sayings that still hold true. "User is a four letter word". "User rhymes with loser (luser)".
At many companies, the phones will show you the caller ID information for inside calls. When I worked at an unnamed semiconductor company, it even showed if the person was calling from Sunnyvale, Singapore or Dresden. So verifying that it's Sally from HR was no problem.
Security, like most of IT, is viewed as a cost center. So they try to minimize expenses. And wind up losing money on the proposition. There are numerous papers out there on the value proposition of security. But upper management doesn't read them. They don't read anything.
Since they're seeing this in rats and mice, which have a life expectancy of only a few years, then I would imagine we'd be seeing in a dog like, say, our Toby, who is 9 1/2 and was chipped when he was 12 weeks old. There are approximately 1500 members on Corgi-L, representing about 6000 dogs. It's been around since 1995. In that time, I know of about 100 cases of skin cancer. Some of those were secondary (metastatic). Now this is only anecdotal.
Most lab rats are bred to easily contract just about anything. Without knowing the exact line they come from, we don't know their initial susceptibility.
They've been chipping cattle since the late 80s or early 90s.
They've proven fairly accurate in locating most types of skin cancers and some internal cancers. I believe that they can identify lung cancer by smelling the breath of a patient, although as far as I know there haven't been any reverse tests, where they look for the disease AFTER the dog indicates (kind of like drug dogs, you tear the car up after the dog sits, instead of tearing up the car and then having the dog say "yup, drugs").
There are two protein markers that are reliable indicators of the presence of some cancers. Carol's oncologist tested for them every two weeks from before she started chemo until after the lumpectomy. She tested normal in July of last year and again in January and July.
There are lots of tests for very specific cancers (PSA and pap are the two most common). The holy grail is the you-have-cancer-and-the-cancer-is-xxx. It's worth a Nobel Prize. Assuming somebody doesn't find a cure for AIDS the same year.
Well it seems that the RIAA has itself been blatantly breaking the law, in junction with its hit man Media Sentry. Breaking into people's computers, for whatever reason, is illegal. Claiming to be a grandmother to get a little girl to talk to you is illegal. If they're going to try to claim the moral high ground, they should first try standing there. Don't question someone else's ethics until you've question your own. I own every recording in my possession.
And as long as you're an Anonymous Coward, you're still a coward. You know who I am.
Of course it's about "standards". Even Microsoft "standards". I've had two professional associations I belong to say that they won't accept anything in WTF the 2007 format is. This is for the benefit of both the office staff and also the referees. I'm still running 2000. That's what the ACM (you know, the computer people) require. The IEEE recommends 2000 but will also accept 2003. The ISSA hasn't taken an official stand, yet. But everything coming out of them is 2000.
Most of the places I've worked at, it's considered the quick road to unemployment, without the check every two weeks.
Administrative Contact:
/.ed his email. I'm not recommending that we mail bomb him, but if everybody sent him one email objecting to this concept. I also plan to point out the various tools for the other browsers, as well as my enormous spending habits on line (B&H Video and Photo rocks! Broadway Photo rips off).
...
Carlton, Danny godaddy@DannyCarlton.net
19724 E Pine St
Suite #149
Catoosa, Oklahoma 75015
United States
(918) 697-4039 Fax --
Perhaps if we
Ads steal bandwidth that I pay for. I wonder when the carriers are going to ask for a cut of the ad revenue, since they (the carriers) have to pay for all that bandwidth. Oh, wait
In the late Sixties, it was "Comes the Revolution ..."
Just different pigs. As I've matured, cops have, for the most part, garnered more respect from me, while the RIAA and MPAA have lost more.
Yes. In fact, most sites are still stuck in the mid 90s
What do you propose they do, send out SecureID tokens to all of their users? Here's a neat trick. Set up a phishing site for a bank that does use SecureID. Ask for the code, then hang for two minutes and come back with "there was an error processing your request, please re-enter your data". So I put in my code a second time, this time it's a new number. You now have two numbers and two time stamps. From this, the future numbers can be calculated. There are several calculators out there that will do this for you. It's one of the security world's dirty little secrets.
Let's see, up until I graduated from high school, I wanted to be an ME, going into automotive design. Then I changed to EE during my freshman year. After getting a gentle convincing (an F in my first EE class and a barely D in statics) I changed to CS. Where they taught me things like binary algebras and I learned how to do partial differential equations. What a waste. So I became a sys admin after a couple of years wandering through the waste lands of early 80s IT. Now I'm a security geek, with heavy emphasis on encryption. Which involves (ready?) heavy math.
My wife was a CS major. Now she's EE (DFT). Her brother was a Physics major. Now he's a EE (DFT). My room mate was a Psych major. Now he's a Java programmer (but not Javascript. He hates it and uses NoScript religiously). One of my friends in high school was an Environmental Design major. Now he's a DBA. Another room mate was a Bio Med major. Now he's vet (okay, bad example. Almost everybody who wanted to go to vet school was a Bio Med major).
Forcing 9th graders to pick "a major" is like me picking the specific options for a car when I don't even know what the 2009 models are going to look like. What if some poor schmo decides he wants to become an auto mechanic (we really need more) but after a couple of years realizes that he really wants to be an automotive engineer. Now he's a couple of years behind in his math. Yes, he can go to a community college to catch up, but now he's 21 and it'll be another 4 years before he's making money, which he'll never catch up on (take $3000 each in your first 4 years out of college and put it in an IRA. That's a lot of money 40 years later).
This is the latest in "education's" "let's try something new because we don't know what the fuck we're doing" campaign. I'm 51 and have been working since 1979. I got a well rounded education in high school that prepared me well for college. I had a strong math background, can draft, can touch type (fast, on a real typewriter), can solder, can safely work with hazardous chemicals including fuming red nitric acid (don't ask why I needed to learn that, although many of us know how to make those concoctions that require it) and can read and comprehend Latin. Since I've been working, I've learned how to weld and speak Spanish. Anybody who thinks that they can pigeon hole someone at age 14 and lay out their whole life for them is either an idiot or, well that does about sum it up.
No, 1mm isn't much. But 1.00000 mm is. Sig figs. Or did you not learn about that?
It is not uncommon for a judge to require a large bond to be placed by the appellant, particularly when the judge does not believe that they will prevail in the appeal. This bond would only be about 3 times the judgment. I've seen cases where it was as much as 5 times. And, or course, the judgment also includes, but has not been listed yet, legal expenses incurred by the plaintiff. So they could quite conceivably be out much more.
/. readers who just love the RIAA, $5 a pop would probably cover her through the Supreme Court.
Does anyone have a name/address/phone number of her attorneys? I'd love to send them a check for $100 to help fund her legal fees. Given the number of
Ever hear of OBD III? The spec for it includes a two way radio. It could be used by the cop on the side of the road to get your speed without ever turning on a radar. In theory, it could also be used to, for instance, turn off your car. That's not in the spec, but there's no telling what might get "added in" by our benevolent government. You don't think that the ELINT can't pick up those signals? And discriminate? Paranoid? Maybe. Just because you're paranoid doesn't mean they're not out to get you.
What he meant was, while standing at the top of the gallows, "at least they're not going to hang me in England".
Tejas is about to get red light cameras all over the place. We already have tracking on all the toll roads (which you almost can't avoid in Austin anymore). As has already been pointed out, NYC wants to put up traffic congestion cameras.
As far as not committing illegal acts, how would you like to have your door kicked in at 2 in the morning because you happened to be standing around outside a bank while it was being robbed?
Except that they officially knew about the problem. Assuming he had taken the time to sign his email. When they said they did know if they could fix it without a major rewrite, that was a tacit admission that they had known about it.
At least he went to the company first and sat on it for a while. Lots of people publish first, then notify the maker. That definitely makes him a white hat in my book.
I have a friend with MS. She goes in once every 4 weeks for an infusion of Tysabri. It's supposed to be the next miracle. It's prevented the formation of new lesions in over 90% of the test subjects. The previous med was beta interferon, IIRC.
Tysabri was pulled from the market in 2004 after two of the test subjects suffered from some sort of disorder that "turned their brains to mush" (Sarah's words). A further trial had no adverse results. She's had no new lesions and is currently asymptomatic.
I can name dozens of high tech companies that haven't switched to Vista internally and probably won't for a while. And lots of them are computer manufacturers. Yesterday I saw five brand new laptops from my current client with XP Pro on them. But if I try to buy one, it comes with Vista Basic.
I know Intel has publicly stated that they aren't moving.
I'm not moving until I have to. Which, sadly, may be soon. But my current 5 year old laptop will be dual boot, since I'm sure some of my software won't work on Vista. Has anyone run the Windows version of netstumbler on Vista?
Friend's house got hit by lightning (not a FOAF). Her TV literally jumped off its stand and she had a hole in her roof and ceiling where it hit. Her neighbor immediately called 911 and the Round Rock FD was there in about 4 minutes. Six units, total. They used an infrared camera to check all of her walls for smoldering (or whatever firefighters call it). Spent three or four hours there, put a tarp on her roof and even called an electrician and the telco for her. The report listed it as "lightning strike and subsequent fire". Her battery powered smoke detector went off. The AC powered one had some problems with being smoked.
I consider any time the FD gets called out to a real emergency to be a fire. Flames or no.
I've got a box of cards (two, actually. Two and half, really. You could never get all the cards back into the box). All I need is a card reader and a 360/65 with OS 360 and TSO and I'm set for life.
I've also got a programming card for an 029 and COBOL.
We were the sneaky bastards that used to put random comments and unused character strings into the code to thwart people like you. Then I graduated and became a people like you. And was constantly thwarted by people like me.
OS 360, RSX11D, RSX11M, VMS. RIP.
I've handled TS and above at a number of contractors over the years. That said, "What happened to locks, keys, and trusted employees?". And how do you get a server out of the building? Stuff in down your pants? I've never worked anywhere where areas with classified information weren't surrounded by cameras. And access control. And lots of other means of tracking the comings and goings. There's more to this story than has been made public.
The lady doth protest too much, methinks. Something is rotten in the state of Denmark.
Either there really wasn't much to worry about or they are secretly passing rectangular pieces of firehardened clay out their anuses. And these guys are called a "security" firm!
I have to wonder if ISP provided content (I'll use AT&T as an example since I only vaguely know the British ones), such as IPTV, will be charged in the same way. If the ISP provides this service without charging back (an internal charge back), then they are asking other service providers to subsidize those services.
Naw, they'd never do that.
Very much a trade secret. If the documents were properly labeled, that is. Too often a company will claim "trade secret" without treating it as such. It has to be marked with something that indicates that it's private and proprietary. Like having those words stamped on it. I've been doing this game for a long time.
Now, if I was said poster, I'd be using a Yahoo email address with all fake data and posting from free hotspots.
I keep my backups in my safe deposit box.
For $500 I can get a 1TB NAS. Or a 250GB USB/Firewire drive and a night in a very nice hotel.
And anybody who's paying $500 for a pair of shoes or a hummer is paying too much.
40 grand? A modern digital x-ray is around 60. An MRI machine runs over 500 and some nuclear medicine machines run over a million. Heck, our vet has an automated hematology machine that runs around $10K.
Those who are really interested in this have either already done their own exploits and are pissed that it's "already" being addressed or don't care about the analysis because they're working on one of their own. Only the skiddies care, and most of them can't code in Java (or much of anything else, either). So they'll be waiting for some enterprising soul to sell them a tool.
In the meantime, those of us who don't code in Java can at least understand what's going on. But I can't write an exploit. Which I guess that makes me a skiddie.