One possible solution is to put notary schemes on top of the certificate check to help deal with the conflict between MitM vulnerability and the convenience of self-signed certificates.
This kind of modeling has been around for years in various forms. Unfortunately, despite the article (which, since this is slashdot, is vapid, naturally) plugging the technology, the approach is pretty narrow. Techniques such as non-executable data (e.g. in hardware the NX bit) and randomization (e.g. ASLR in use in Linux and Vista) provide more broad defense and better performance than this technique.
In summary: this is old hat, and it certainly will not revolutionize malware detection or replace current anti-virus products.
It's always been the case that human (generally users rather than admins) are the weakest link in the security chain, and this trend only increases as technologies to thwart network and malware attacks become more sophisticated. In the wild, you increasingly see targeted phishing attacks against companies and government agencies.
Unencrypted e-mail only works to the extent that it does because humans can *usually* decide whether a received e-mail is legitimate based on the content. However, in organizations it is common to receive fairly generic e-mails that contain office documents, so if the sender looks right (and does not trigger any of the technological tripwires), an office worker is pretty likely to open a document attached to a generic e-mail -- or worse yet, one that has been tailor-made just for the recipient by attackers.
Of course there are many other mediums over which to transmit PDFs, the clients of which have been rife with bugs despite their ubiquity in the office, but e-mail for the time being is the main vector. This problem won't go away until we either have:
1. Suitable, ubiquitous, open-source software to open office documents with security as a main focus of the projects, AND/OR 2. Authenticated e-mail with secure PKI structures (glwt).
Good idea, but immediately it occurs to me that there is a problem regarding the source of these questions/answers.
You could have a preset list of questions/answers made by humans, but then there is an immediate limit on the number of them. Plus, if the list got leaked, you'd have to come up with an entirely different set of questions/answers.
Barring that, you'd have to generate the list. I haven't studied natural language processing, but I would posit that generating question/answer pairs would be of a similar level of difficulty as processing questions.
So it would be unlikely that you could get the device to route someone to a dead-end, but given enough detours you could conceivably route the driver to a remote throughway. Or, if you figured out that what the GPS map is inaccurate, you might be able to route them to a dead-end, anyway.
Not sure whether this has been considered, but taking away the cost of tuition will not make college significantly more affordable for most people.
I went to a state university. Tuition as an in-state student was ~$2k. I had this waived due to high performance on the statewide testing. Too bad the other costs for the school (residence and various other mandatory expenses) tallied up to over $20k. And I already had health care coverage.
Instead of turning daddy and family into a bloody mess, the marines can now assess the situation, tell him to drop the gun, keep his hands up, and in general keep the two twitchy fingered parties away from each other until everyone has calmed down enough to make rational decisions.
I don't know about the rest of you, but if an armed mini-tanked rolled into my house and started barking orders at me in a foreign language, I'd shoot first and ask questions later!
Speaking of urban entry assaults, I don't think this machine looks all that effective for the task. Sure, it's a better idea than sending in human troops, but the robot seems to move extremely slowly and noisily; at the very least it would be prone to grenades, and I can easily imagine a human being flanking the thing if it were on its own.
I have to laugh at a lot of these comments being modded up on the topic.
I often hear judgments from socially limited geeks on the immorality or illogic of sex as a youth, or outside of marriage. After years of being ostracized by people unlike yourself, it is very easy to "otherize" them by deeming their activities and values (e.g. sex at a young age) inferior to your own. This is especially easy for geeks who already have an intellectual pedestal to stand on.
This has more to do with jadedness, however, than superior decision-making skills.
In particular, moral judgments on the appropriateness of sex age a young age, non-traditional relationship, etc. make me cringe. It is immoral to give birth to children that you can't support or to infected others with STD's, but modern science has equipped us with the tools necessary to avoid these vices to a very high degree.
If we really want to exercise our self-declared intellectual superiority, we should focus on the real short-comings of the scenario -- namely, a society that stifles the youth of many highly intelligent individuals.
This is why fitness experts who are not using science from 30 years ago recommend high intensity interval training for burning fat. Walking just doesn't cut it.
Also, the idea is not to simply EAT LESS. In fact, the vast majority of people do not eat often enough to have maximal fat loss. Let me repeat that, they do not eat OFTEN ENOUGH. In order to keep your body happy you should eat every 2-3 hours while awake. Otherwise your blood sugar drops and your insulin levels go out of wack, and you begin to secrete cortisol, and other harmful hormones that will make you fatter.
Slashdot Mirror
You'll all thank me when I deploy the second stage to install and run SETI@home and discover alien intelligence.
-Virus Author
Every good paranoid citizen needs a syringe of botox to keep him safe from the gub'ment.
One possible solution is to put notary schemes on top of the certificate check to help deal with the conflict between MitM vulnerability and the convenience of self-signed certificates.
I live in Long Island, and they do it here as well.
This kind of modeling has been around for years in various forms. Unfortunately, despite the article (which, since this is slashdot, is vapid, naturally) plugging the technology, the approach is pretty narrow. Techniques such as non-executable data (e.g. in hardware the NX bit) and randomization (e.g. ASLR in use in Linux and Vista) provide more broad defense and better performance than this technique.
In summary: this is old hat, and it certainly will not revolutionize malware detection or replace current anti-virus products.
It's always been the case that human (generally users rather than admins) are the weakest link in the security chain, and this trend only increases as technologies to thwart network and malware attacks become more sophisticated. In the wild, you increasingly see targeted phishing attacks against companies and government agencies.
Unencrypted e-mail only works to the extent that it does because humans can *usually* decide whether a received e-mail is legitimate based on the content. However, in organizations it is common to receive fairly generic e-mails that contain office documents, so if the sender looks right (and does not trigger any of the technological tripwires), an office worker is pretty likely to open a document attached to a generic e-mail -- or worse yet, one that has been tailor-made just for the recipient by attackers.
Of course there are many other mediums over which to transmit PDFs, the clients of which have been rife with bugs despite their ubiquity in the office, but e-mail for the time being is the main vector. This problem won't go away until we either have:
1. Suitable, ubiquitous, open-source software to open office documents with security as a main focus of the projects, AND/OR
2. Authenticated e-mail with secure PKI structures (glwt).
nm I got it on the first guess, it was rush/god. Hackers was right.
Just send me your root account information.
It seems that the draconian features present in Vista RTM have been replaced by nag screens and annoyances
So far in my Vista use, everything seems like an annoyance, and every screen is nagging. So far the changelog is 0 :/
Good idea, but immediately it occurs to me that there is a problem regarding the source of these questions/answers.
You could have a preset list of questions/answers made by humans, but then there is an immediate limit on the number of them. Plus, if the list got leaked, you'd have to come up with an entirely different set of questions/answers.
Barring that, you'd have to generate the list. I haven't studied natural language processing, but I would posit that generating question/answer pairs would be of a similar level of difficulty as processing questions.
So it would be unlikely that you could get the device to route someone to a dead-end, but given enough detours you could conceivably route the driver to a remote throughway. Or, if you figured out that what the GPS map is inaccurate, you might be able to route them to a dead-end, anyway.
I for one bid farewell to our swarm intelligence worm overlords.
Not sure whether this has been considered, but taking away the cost of tuition will not make college significantly more affordable for most people.
I went to a state university. Tuition as an in-state student was ~$2k. I had this waived due to high performance on the statewide testing. Too bad the other costs for the school (residence and various other mandatory expenses) tallied up to over $20k. And I already had health care coverage.
Instead of turning daddy and family into a bloody mess, the marines can now assess the situation, tell him to drop the gun, keep his hands up, and in general keep the two twitchy fingered parties away from each other until everyone has calmed down enough to make rational decisions.
I don't know about the rest of you, but if an armed mini-tanked rolled into my house and started barking orders at me in a foreign language, I'd shoot first and ask questions later!
Speaking of urban entry assaults, I don't think this machine looks all that effective for the task. Sure, it's a better idea than sending in human troops, but the robot seems to move extremely slowly and noisily; at the very least it would be prone to grenades, and I can easily imagine a human being flanking the thing if it were on its own.
I have to laugh at a lot of these comments being modded up on the topic. I often hear judgments from socially limited geeks on the immorality or illogic of sex as a youth, or outside of marriage. After years of being ostracized by people unlike yourself, it is very easy to "otherize" them by deeming their activities and values (e.g. sex at a young age) inferior to your own. This is especially easy for geeks who already have an intellectual pedestal to stand on. This has more to do with jadedness, however, than superior decision-making skills. In particular, moral judgments on the appropriateness of sex age a young age, non-traditional relationship, etc. make me cringe. It is immoral to give birth to children that you can't support or to infected others with STD's, but modern science has equipped us with the tools necessary to avoid these vices to a very high degree. If we really want to exercise our self-declared intellectual superiority, we should focus on the real short-comings of the scenario -- namely, a society that stifles the youth of many highly intelligent individuals.
This is why fitness experts who are not using science from 30 years ago recommend high intensity interval training for burning fat. Walking just doesn't cut it.
Also, the idea is not to simply EAT LESS. In fact, the vast majority of people do not eat often enough to have maximal fat loss. Let me repeat that, they do not eat OFTEN ENOUGH. In order to keep your body happy you should eat every 2-3 hours while awake. Otherwise your blood sugar drops and your insulin levels go out of wack, and you begin to secrete cortisol, and other harmful hormones that will make you fatter.