This article is very poorly researched. There are Cyber Corps graduates in every federal agency. You don't have to work for the CIA / NSA if you don't want to (but you do have to apply for jobs at other agencies; the NSA actively recruits Cyber Corps graduates so if that's the only job offer you get, you have to take it or pay the money back.
I have to say I disagree. One of my key values to my organization comes from my ability to state why a preferred course of action does not comply with the law, regulations, and requirements. My job is not (exclusively) to do what is asked of me; my job is to comply with the oath of office, to protect the Constitution of the United States from all enemies, foreign and domestic.
Now, it is true that being willing to say "No" can affect your career path. But it's also true that all the guys who have threatened me are no longer employed by my agency. That's probably the coolest part about being a fed: Doing the right thing for the right reasons means it's very difficult for some political hack to get you fired.
I am actually not a spook, though I was recruited by one of the spooky agencies. i chose the non-spook life and I don't regret it. I have a number of friends who are spooks and they are the last defense against political appointees who try to engage in all kinds of prohibited activities. The nice thing about being a government employee is that we get to take an oath pledging us to protect, not the government, not a party, but the Constitution from all enemies foreign and domestic. How do you think you became aware of the excesses of the past? It's because some low-level employee discovered some political hack set up an illegal program and let somebody -- a member of Congress, a law enforcement agency, or a newspaper -- about what was going on. You'd be shocked at how many liberals work for the NSA.
I joined the Cyber Corps in my Forties. Tulsa and I were talking quite a bit but eventually I wound up applying to another school instead. There are currently hundreds of schools across the United States that participate in the Cyber Corps program.
All civilian background investigations are performed by the Office of Personnel Management in conjunction with the FBI. Home agencies can conduct additional checks, like a credit report inquiry, if that's not included as part of minimum BI performed by OPM for a specific level.
Tuition is not an issue with the program (at least at the Master's level). It's a free ride, with a monthly stipend. The program is designed to allow students with families and mortgages to focus on school full time. No agency sponsorship is required; you compete for a slot just like a regular student. In some schools you can even design your own program (that's what I did; I could attend any class in any discipline, as long as I justified it with my advisor). I attended one of the top engineering schools in the country, and got paid to do it. Your only obligation is to seek employment from the government. if you don't get a job offer on graduation, you can take your degree and go. The downside is that if you only have one job offer, and you don't take it, you have to pay the money back.
Also, you don't have a clue about what the folks who work for the US government do for you.
I joined the Cybercorps in its first year of operation after two decades in an unrelated field; the reason you've never heard of the program is it was scheduled to be announced on Sept. 12, 2011. There are probably hundreds of schools certified as Centers of Excellence by the NSA; some of them are top notch, some of them not so much. I've been working for the government for nearly a decade now: Operations, compliance, and even teaching. Happy to discuss. Here's a link to the official Cyber Corps Web site, run by the Office of Personnel Management: https://www.sfs.opm.gov/
In McIntyre v. Ohio Elections Commission, a 1995 decision by the U.S. Supreme Court, the Court found that "Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society."
Back in the Seventies, kids were motivated to program because there literally wasn't much you could do with a computer unless you built your own application. We were also convinced that programming a computer was going to be a critical job skill. I remember getting a dream job in 1991 because I had a computer background and I had to confess that my experiential universe would not be particularly useful in the new position, writing about the development of the Internet. "No, that experience will be very useful," the boss said. I replied, "Yeah, I I hear what you're saying, but trust me there's not a lot of knowledge transfer possible between punch cards and Windows."
Um, yes, as I said and as you repeated, there is no FIPS 140-2 certified encryption module for iOS. You've linked to a process document tracking 140-1 and 140-2, and we're not talking about 140-1.
You can think of FIPS 140-1 as what's commonly referred to as encryption strength (that is, the type of encryption, like AES 256). FIPS 140-2 is a certification that the encryption you're using under 140-1 has been implemented properly and it looks like this chart combines both one and two. To the best of my knowledge there's no 140-2 certification for iOS.
You're right, there's no reason Apple can't...except it hasn't bothered. Until last year, Apple didn't have a FIPS 140-2 certified encryption module for *anything*. And it's not like if Apple developed an iOS encryption module and submitted it for approval that suddenly it's done; FIPS 140-2 is a testing requirement; it can take a long time before your encryption module is certified after being submitted for testing.
iOS does not have a FIPS 140-2 certified encryption module associated with it, meaning that viewing non-public government data on their e-mail system would be a contract violation at worst and might expose them to criminal liability. Aren't these guys basically government contractors?
You'll find a great many agencies do not require the card to be in the reader at all times while the machine is logged in (this is more of a practical issue than anything else; if people are forced to leave their cards in the readers all the time, they tend to forget about them when running out of the building during a fire alarm). Many agencies basically require the card to be in the reader for initial login, then it can be removed and there's your standard timeout feature after X minutes of inactivity you have to reinsert and reactivate. To sum up: I'm not gonna lose a lot of sleep over this.
I concur. The concept they're selling is that if you're logged into your system with your card and use your pin, they can then use those credentials to gain access to sensitive databases only you are supposed to have access to. I would argue that if your system is so porous that folks are hanging out waiting for you to log in to the network, you're already done.
The exploit isn't pulling PKI credentials; the exploit is only effective if the card is in the card reader, according to one of the articles. At which point it can play back the PIN; *that's* the exploit.
An exploit that can misappropriate identity within your hard-token based authentication system but only so long as the token is plugged into the system isn't much of an exploit since the only reasonable protection offered by hard tokens is...you can't authenticate if the token ain't there. Show me an exploit that allows authentication *without* the token and you'll get my attention.
Price is a lot. I waited for the price of the Kindle to come down under $200 before getting one; I've been waiting for usable pad to come out for the same price point. I expect there are a lot of people who share my opinion, based on the fact that the HP pad sold out nearly instantly when they priced it under $200.
Wakefield's theory was not about mercury in vaccines (nor is the link I first posted); it was about vaccines somehow causing a gut infection, leading to symptoms like irritable bowel syndrome (see the previous article) which led directly to autism. It was all bunk. And it killed people.
Re:No link between gut bacteria and autism
on
Urine Test For Autism
·
· Score: 2, Informative
Look harder: The story is about a test that can identify autism based on urine, because autistic kids have different bacteria in their gut than non-autistic kids. The link is to a summary of the retraction of the entire theory that autistic kids have different bacteria in the gut than non-autistic kids; the scientist who submitted that paper fabricated his results (as the link states).
No link between gut bacteria and autism
on
Urine Test For Autism
·
· Score: 1, Flamebait
The whole concept is a farce. The "research" upon which this test was based in fraudulent. Sad.
Slashdot Mirror
This article is very poorly researched. There are Cyber Corps graduates in every federal agency. You don't have to work for the CIA / NSA if you don't want to (but you do have to apply for jobs at other agencies; the NSA actively recruits Cyber Corps graduates so if that's the only job offer you get, you have to take it or pay the money back.
I have to say I disagree. One of my key values to my organization comes from my ability to state why a preferred course of action does not comply with the law, regulations, and requirements. My job is not (exclusively) to do what is asked of me; my job is to comply with the oath of office, to protect the Constitution of the United States from all enemies, foreign and domestic.
Now, it is true that being willing to say "No" can affect your career path. But it's also true that all the guys who have threatened me are no longer employed by my agency. That's probably the coolest part about being a fed: Doing the right thing for the right reasons means it's very difficult for some political hack to get you fired.
I am actually not a spook, though I was recruited by one of the spooky agencies. i chose the non-spook life and I don't regret it. I have a number of friends who are spooks and they are the last defense against political appointees who try to engage in all kinds of prohibited activities. The nice thing about being a government employee is that we get to take an oath pledging us to protect, not the government, not a party, but the Constitution from all enemies foreign and domestic. How do you think you became aware of the excesses of the past? It's because some low-level employee discovered some political hack set up an illegal program and let somebody -- a member of Congress, a law enforcement agency, or a newspaper -- about what was going on. You'd be shocked at how many liberals work for the NSA.
I joined the Cyber Corps in my Forties. Tulsa and I were talking quite a bit but eventually I wound up applying to another school instead. There are currently hundreds of schools across the United States that participate in the Cyber Corps program.
All civilian background investigations are performed by the Office of Personnel Management in conjunction with the FBI. Home agencies can conduct additional checks, like a credit report inquiry, if that's not included as part of minimum BI performed by OPM for a specific level.
Tuition is not an issue with the program (at least at the Master's level). It's a free ride, with a monthly stipend. The program is designed to allow students with families and mortgages to focus on school full time. No agency sponsorship is required; you compete for a slot just like a regular student. In some schools you can even design your own program (that's what I did; I could attend any class in any discipline, as long as I justified it with my advisor). I attended one of the top engineering schools in the country, and got paid to do it. Your only obligation is to seek employment from the government. if you don't get a job offer on graduation, you can take your degree and go. The downside is that if you only have one job offer, and you don't take it, you have to pay the money back.
Also, you don't have a clue about what the folks who work for the US government do for you.
I joined the Cybercorps in its first year of operation after two decades in an unrelated field; the reason you've never heard of the program is it was scheduled to be announced on Sept. 12, 2011. There are probably hundreds of schools certified as Centers of Excellence by the NSA; some of them are top notch, some of them not so much. I've been working for the government for nearly a decade now: Operations, compliance, and even teaching. Happy to discuss. Here's a link to the official Cyber Corps Web site, run by the Office of Personnel Management: https://www.sfs.opm.gov/
Free as in steal it.
In McIntyre v. Ohio Elections Commission, a 1995 decision by the U.S. Supreme Court, the Court found that "Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society."
Back in the Seventies, kids were motivated to program because there literally wasn't much you could do with a computer unless you built your own application. We were also convinced that programming a computer was going to be a critical job skill. I remember getting a dream job in 1991 because I had a computer background and I had to confess that my experiential universe would not be particularly useful in the new position, writing about the development of the Internet. "No, that experience will be very useful," the boss said. I replied, "Yeah, I I hear what you're saying, but trust me there's not a lot of knowledge transfer possible between punch cards and Windows."
Um, yes, as I said and as you repeated, there is no FIPS 140-2 certified encryption module for iOS. You've linked to a process document tracking 140-1 and 140-2, and we're not talking about 140-1.
You can think of FIPS 140-1 as what's commonly referred to as encryption strength (that is, the type of encryption, like AES 256). FIPS 140-2 is a certification that the encryption you're using under 140-1 has been implemented properly and it looks like this chart combines both one and two. To the best of my knowledge there's no 140-2 certification for iOS.
You're right, there's no reason Apple can't...except it hasn't bothered. Until last year, Apple didn't have a FIPS 140-2 certified encryption module for *anything*. And it's not like if Apple developed an iOS encryption module and submitted it for approval that suddenly it's done; FIPS 140-2 is a testing requirement; it can take a long time before your encryption module is certified after being submitted for testing.
iOS does not have a FIPS 140-2 certified encryption module associated with it, meaning that viewing non-public government data on their e-mail system would be a contract violation at worst and might expose them to criminal liability. Aren't these guys basically government contractors?
You'll find a great many agencies do not require the card to be in the reader at all times while the machine is logged in (this is more of a practical issue than anything else; if people are forced to leave their cards in the readers all the time, they tend to forget about them when running out of the building during a fire alarm). Many agencies basically require the card to be in the reader for initial login, then it can be removed and there's your standard timeout feature after X minutes of inactivity you have to reinsert and reactivate. To sum up: I'm not gonna lose a lot of sleep over this.
I concur. The concept they're selling is that if you're logged into your system with your card and use your pin, they can then use those credentials to gain access to sensitive databases only you are supposed to have access to. I would argue that if your system is so porous that folks are hanging out waiting for you to log in to the network, you're already done.
The exploit isn't pulling PKI credentials; the exploit is only effective if the card is in the card reader, according to one of the articles. At which point it can play back the PIN; *that's* the exploit.
An exploit that can misappropriate identity within your hard-token based authentication system but only so long as the token is plugged into the system isn't much of an exploit since the only reasonable protection offered by hard tokens is...you can't authenticate if the token ain't there. Show me an exploit that allows authentication *without* the token and you'll get my attention.
Price is a lot. I waited for the price of the Kindle to come down under $200 before getting one; I've been waiting for usable pad to come out for the same price point. I expect there are a lot of people who share my opinion, based on the fact that the HP pad sold out nearly instantly when they priced it under $200.
The Sun King will pay big bucks
About one out of every three people who contract measles die.
http://www.cdc.gov/vaccines/vac-gen/whatifstop.htm
Wakefield's theory was not about mercury in vaccines (nor is the link I first posted); it was about vaccines somehow causing a gut infection, leading to symptoms like irritable bowel syndrome (see the previous article) which led directly to autism. It was all bunk. And it killed people.
They don't, it turns out.
http://www.nytimes.com/2010/02/03/health/research/03lancet.html
Look harder: The story is about a test that can identify autism based on urine, because autistic kids have different bacteria in their gut than non-autistic kids. The link is to a summary of the retraction of the entire theory that autistic kids have different bacteria in the gut than non-autistic kids; the scientist who submitted that paper fabricated his results (as the link states).
The whole concept is a farce. The "research" upon which this test was based in fraudulent. Sad.
http://www.scientificblogging.com/rugbyologist/festival_idiots_3_andrew_wakefield_vaccines_and_autism
Yes, good point, but he hasn't yet destroyed the WSJ.