This very much depends on your perception of punishment. I really don't mind stopping over to have my breath analyzed when I know that at least some fool is fined or apprehended. We're all paying for others pulling off this crap, I know, but to me it seems a good deterrent. I think repeated or heavy violations should be punished severely though, that's an understatement. Put a drunk driver in a driving simulator and have him drive through a city street, for example. Make sure that the vehicle overreacts or doesn't always respond to the driver's input. Make the vehicle realistically hit someone. I guess that will wake up most otherwise sane people.
The capability to access Gmail over SSL is not new. Perhaps not too many people know about it, but that does not make it new.
This is a new feature. It is not about your credentials or session cookies being sent unencrypted when you intentionally use Gmail, that's not the point. The point is that any time somebody refers to http://mail.google.com/ that will make the browser transmit the session cookie in plaintext. This feature will make sure that the unencrypted page no longer works with your account, the browser can't be tricked into sending session cookies, at least they're always sent over SSL so they can't be sniffed.
"Because we do not understand the brain very well we are constantly tempted to use the latest technology as a model for trying to understand it. In my childhood we were always assured that the brain was a telephone switchboard. ('What else could it be?') I was amused to see that Sherrington, the great British neuroscientist, thought that the brain worked like a telegraph system. Freud often compared the brain to hydraulic and electro-magnetic systems. Leibniz compared it to a mill, and I am told some of the ancient Greeks thought the brain functions like a catapult. At present, obviously, the metaphor is the digital computer." -- John R Searls.
Considering once the data is on their network, it costs them (virtually) zero to transmit it to their customers, a usenet leech is the best customer you could ever have.
I don't know about your ISP, but the number of feeds and retention on my ISP's "free" service is useless. I use a third party Usenet provider.
At my previous employer's they used to name servers categorized into numbers. Not something I would recommend for really large environments (we hosted about 70 servers of which 32 Citrix MPS) but I thought it really worked well in our environment. The naming was like this:
xxxxx101, 102 etc: Cluster nodes
xxxxx201, 202 etc: SMTP/Mailbox servers
xxxxx301, 302 etc: File/Print servers
400 Citrix Servers
500 Database servers
600 Test environment
700 VMware hosts
800 network functions (dhcp/dns/proxy)
900 management/admin/tooling servers.
We did have branch offices but those all used Citrix, so there was just one server site. Replace xxxxx with a geographical location, company, department, whatever, if necessary.
Using this naming convention you can refer to a server as "The 203" and we all knew that was the Exchange SMTP bridgehead server, for example. I also found these short numbers easier to remember than names.
Also, a radio transmitter cannot account for the distortion of a ball upon impact
I seriously doubt that an umpire can.
Hawkeye's also being used in snooker now, and it actually looks very accurate. The refs always re-spot the ball at least 2 inches away from the spot where it was, and I don't see why they're not using this more often.
Honestly, even if the Hawkeye system is off by a few millimeters, if I were a pro tennis player then I'd rather have a call which is at most 3mm off than being called by an umpire who maybe wasn't paying close attention and calls whatever he thinks is right.
What strikes me as odd is that this computer system, that can ultimately cause the shutdown of the facility, is a single point of failure. The control system relies on critical data from this single computer - why isn't this designed as a majority set with three monitoring systems? This case, one component can fail, or taken offline for maintainance, with two others still providing reliable data. Only when two or more components start reporting different data or no data at all you can call it an emergency.
I know they do this to critical airplane systems. Why not a nuclear facility?
those fill ups at the gas tank are starting to hurt Wake-up call. You're paying, what, $3.70/gallon? Are you aware that gasoline rates in most W-European countries are steadily approaching $10/gallon?
Antivirus and tools are no match for this kind of idiocy, if it's true.. They just don't expect the bold nerve and fall prey to social engineering and scams sooner or later. This is a bank teller, for chrissake.
If anybody's trusting enough not to verify the authenticity of any kind of claim that hits them financially, then online business is not even their worst problem. Yes, people who forsake their identity this easily should eat the consequences. But I'm saying, in the context of TFA, that online banking, with the right tools, is more secure than withdrawing cash in person. Providing the security measures is the responsibility of the bank, demanding those measures is the customer's.
They did everything necessary to ensure their side of the connection is secure. If the transaction does not require two-factor authentication, then I do not agree. I am an ABNAMRO customer, and as mentioned above logging on to the bank account requires knowledge of the bank account number, card number, my PIN and the posession of a device called edentifier (which is generic, I can use anybody's edentifier).
After entering my account and card details on the website (over HTTPS), the site generates a one-time challenge and the site expects the response from the edentifier to match. Every transfer requires a challenge/response authentication and amounts over EUR 500 require a second authorization with the amount factored in.
Now, even if I gave you all details of above, how were you going to loot my account without the physical card and my PIN?? In my opinion, this makes it even a little more secure than walking up to an ATM, and best of all, this has nothing to do with OS or browser security.
Btw, I'm also growing tired of the car- and/or gun-analogies everyone's trying to apply to online transactions. Driving a car and handling a gun require some sort of skill on the owner's part. If you can't handle one, don't use one. There are laws for that, too. How does that apply to logging on to your bank account and transferring money, again? You want every human in the range of 16 to 120 years old to be a counter-scam-super-artist? Especially minors, for whom the parents are financially responsible? Get real!
Good write-up, but afaic it only shows that it's difficult to secure new, unformatted drives because you can tell them apart from the rest. If the drive had been wiped by even a single pass and quickformatted, that would probably make things more difficult.
I agree that salts should apply and keys should be different for every sector, like Truecrypt does. But secure drives should be fully overwritten before use, even then. If the cracker has access to your encrypted data over a period of time, you should also use free space cleaning stuff (alcohol works best) because the same scenario applies.
And slashdot needs to pull this headline. SP1 is not being withdrawn from release next March.
Actually, I just received a technet flash today that announces availability of Vista SP1 for all Technet subscribers, which is different from "news" featured earlier here.
Also worth mentioning is that in the TN flash was a link to Russinovich's blog on the way Vista RTM and SP1 handles file copy operations (http://go.microsoft.com/?linkid=8345230)
If you want to know about this sort of stuff, find a source other than slashdot. MS's newsletters are more accurate for chrissake.
... which still comes down to a most-restricted policy. A company that is able to afford one or several multifunctionals probably has VLANs (thwarts ARP poisoning) and a firewall in place. Allowing SMTP out from any server other than your mail servers is a big no-no anyways, don't need printers to exploit that.
Slashdot Mirror
The principal would probably have done the same thing if the libel had affected a teacher or even the janitor. I would have. Nothing personal.
This very much depends on your perception of punishment. I really don't mind stopping over to have my breath analyzed when I know that at least some fool is fined or apprehended. We're all paying for others pulling off this crap, I know, but to me it seems a good deterrent. I think repeated or heavy violations should be punished severely though, that's an understatement. Put a drunk driver in a driving simulator and have him drive through a city street, for example. Make sure that the vehicle overreacts or doesn't always respond to the driver's input. Make the vehicle realistically hit someone. I guess that will wake up most otherwise sane people.
Yes! That's another geek card today. Only 2 more until my geek upgrade
A frontal lobe?
The capability to access Gmail over SSL is not new. Perhaps not too many people know about it, but that does not make it new.
This is a new feature. It is not about your credentials or session cookies being sent unencrypted when you intentionally use Gmail, that's not the point. The point is that any time somebody refers to http://mail.google.com/ that will make the browser transmit the session cookie in plaintext. This feature will make sure that the unencrypted page no longer works with your account, the browser can't be tricked into sending session cookies, at least they're always sent over SSL so they can't be sniffed.
DNF... Did Not Finish?
All examples you mention do require some sort of interface to the artificial universe. That line would be a very thin one, indeed. ~
I'm not a vegetarian because I like plants, you insensitive clod. I'm a vegetarian because I hate plants.
"Because we do not understand the brain very well we are constantly tempted to use the latest technology as a model for trying to understand it. In my childhood we were always assured that the brain was a telephone switchboard. ('What else could it be?') I was amused to see that Sherrington, the great British neuroscientist, thought that the brain worked like a telegraph system. Freud often compared the brain to hydraulic and electro-magnetic systems. Leibniz compared it to a mill, and I am told some of the ancient Greeks thought the brain functions like a catapult. At present, obviously, the metaphor is the digital computer." -- John R Searls.
http://science.slashdot.org/article.pl?sid=06/05/06/0143244/
Considering once the data is on their network, it costs them (virtually) zero to transmit it to their customers, a usenet leech is the best customer you could ever have.
I don't know about your ISP, but the number of feeds and retention on my ISP's "free" service is useless. I use a third party Usenet provider.
At my previous employer's they used to name servers categorized into numbers. Not something I would recommend for really large environments (we hosted about 70 servers of which 32 Citrix MPS) but I thought it really worked well in our environment. The naming was like this:
xxxxx101, 102 etc: Cluster nodes
xxxxx201, 202 etc: SMTP/Mailbox servers
xxxxx301, 302 etc: File/Print servers
400 Citrix Servers
500 Database servers
600 Test environment
700 VMware hosts
800 network functions (dhcp/dns/proxy)
900 management/admin/tooling servers.
We did have branch offices but those all used Citrix, so there was just one server site. Replace xxxxx with a geographical location, company, department, whatever, if necessary.
Using this naming convention you can refer to a server as "The 203" and we all knew that was the Exchange SMTP bridgehead server, for example. I also found these short numbers easier to remember than names.
Mammoth.
Also, a radio transmitter cannot account for the distortion of a ball upon impact
I seriously doubt that an umpire can.
Hawkeye's also being used in snooker now, and it actually looks very accurate. The refs always re-spot the ball at least 2 inches away from the spot where it was, and I don't see why they're not using this more often.
Honestly, even if the Hawkeye system is off by a few millimeters, if I were a pro tennis player then I'd rather have a call which is at most 3mm off than being called by an umpire who maybe wasn't paying close attention and calls whatever he thinks is right.
Ow, sorry... I thought you said "soccer punch". Cheers.
What strikes me as odd is that this computer system, that can ultimately cause the shutdown of the facility, is a single point of failure. The control system relies on critical data from this single computer - why isn't this designed as a majority set with three monitoring systems? This case, one component can fail, or taken offline for maintainance, with two others still providing reliable data. Only when two or more components start reporting different data or no data at all you can call it an emergency.
I know they do this to critical airplane systems. Why not a nuclear facility?
As we speak, the Daily WTF hits my feedreader.
:(
http://thedailywtf.com/Articles/Halifax-Bank-Security.aspx
Antivirus and tools are no match for this kind of idiocy, if it's true.. They just don't expect the bold nerve and fall prey to social engineering and scams sooner or later. This is a bank teller, for chrissake.
If anybody's trusting enough not to verify the authenticity of any kind of claim that hits them financially, then online business is not even their worst problem. Yes, people who forsake their identity this easily should eat the consequences. But I'm saying, in the context of TFA, that online banking, with the right tools, is more secure than withdrawing cash in person. Providing the security measures is the responsibility of the bank, demanding those measures is the customer's.
It'll never happen, will it?
You're right. The story is not about blogging. It's about greed.
After entering my account and card details on the website (over HTTPS), the site generates a one-time challenge and the site expects the response from the edentifier to match. Every transfer requires a challenge/response authentication and amounts over EUR 500 require a second authorization with the amount factored in.
Now, even if I gave you all details of above, how were you going to loot my account without the physical card and my PIN?? In my opinion, this makes it even a little more secure than walking up to an ATM, and best of all, this has nothing to do with OS or browser security.
Btw, I'm also growing tired of the car- and/or gun-analogies everyone's trying to apply to online transactions. Driving a car and handling a gun require some sort of skill on the owner's part. If you can't handle one, don't use one. There are laws for that, too. How does that apply to logging on to your bank account and transferring money, again? You want every human in the range of 16 to 120 years old to be a counter-scam-super-artist? Especially minors, for whom the parents are financially responsible? Get real!
Good write-up, but afaic it only shows that it's difficult to secure new, unformatted drives because you can tell them apart from the rest. If the drive had been wiped by even a single pass and quickformatted, that would probably make things more difficult.
I agree that salts should apply and keys should be different for every sector, like Truecrypt does. But secure drives should be fully overwritten before use, even then. If the cracker has access to your encrypted data over a period of time, you should also use free space cleaning stuff (alcohol works best) because the same scenario applies.
What field of science do I have to study for how long to understand that summary?
Most of us who DO practice Zen tradition are invulnerable for three seconds after respawning.
You should be working at that.
And slashdot needs to pull this headline. SP1 is not being withdrawn from release next March.
Actually, I just received a technet flash today that announces availability of Vista SP1 for all Technet subscribers, which is different from "news" featured earlier here.
Also worth mentioning is that in the TN flash was a link to Russinovich's blog on the way Vista RTM and SP1 handles file copy operations (http://go.microsoft.com/?linkid=8345230)
If you want to know about this sort of stuff, find a source other than slashdot. MS's newsletters are more accurate for chrissake.
Your user number is far too high to have any authority on this. Don't believe him folks! Symantec Anti Virus 2008 is the way to go!
... which still comes down to a most-restricted policy. A company that is able to afford one or several multifunctionals probably has VLANs (thwarts ARP poisoning) and a firewall in place. Allowing SMTP out from any server other than your mail servers is a big no-no anyways, don't need printers to exploit that.