Very much like the evolution deniers who cling on to the lack of detailed explanations for the initial formation of cells. They then feel free to discount the massive Earthloads of other evidence.
Problem is handling special characters via web interface. Allowing them causes all sorts of problems with encoding and bypass vulnerabilities. It's not impossible, just a lot trickier to implement. I don't mind the sites that decline special characters so much, it is the arbitrary length limits. Why can't I use 24 characters if I want? I don't know what back end issue would cause say a 12-character limit, unless it is just a front end to some cruddy old legacy system.
At least in my experience it did not cover "second tier" systems like email gateways, even medical data messaging systems (HL7 gateways, e.g.). Microsoft doesn't get FDA validation for Exchange. The FDA rules even allow for security patching and other alterations to the first tier medical devices without re-validation, as long as they weren't designed to alter the medical decision flow. My point is that if your org is interpreting these rules to mean no changes can be made, my experience suggests they might be way off base.
This would require the user to know what is required for the system to do what they want, which isn't going to happen. Malware doesn't come named "PWNDMUTHAFUCKA.exe" anymore, it comes named msexplorer.exe or something like that. How many users recognize that THAT file shouldn't be allowed? The only way to implement this approach for an ignorant user (just a fact, not a put down) would be the walled garden approach.
Not all systems require FDA validation, only those classified as 'medical devices', which sadly includes EHR systems. Anything that is used by a doctor to make a treatment decision. You are free to do whatever you like with your Exchange servers.
The government's response to the report will be "We will do anything it takes to resolve these issues as long as it doesn't cost anything and our users do not have to change their behavior."
Encrypting laptops is *expensive* in time and effort.
The problem is encrypting the system drive. Without this, our malefactor just edits the system drive, boots the OS with inserted password, and reads the encrypted data. Or if you do encrypt the system drive, there is some sort of pre-boot authentication required. Welcome to a patching and support nightmare. This is why mobile device encryption isn't as widely employed as some would like.
Yes, and the next time some Hospice official thinks about not encrypting their data, they're going to remember this event and think better of it.
What they will remember is that $50k is in the same ball park as the total cost of implementing and managing laptop encryption. So it makes sense to accept the risk of not having it.
flu is at its most infectious stage early on in the cycle
Can you provide a citation for this? I've often wondered if this was true. I did some quick Googling and so far everyone says this isn't true and that most infectious stages are when the symptoms arise.
The question is, how well do these products protect their users? This study doesn't really help in that regard. Sure, we can dig up samples that the product doesn't detect. This is inevitable as pretty much everyone acknowledges.
A couple thoughts though. Looking at the PDF, they are deliberately going after obscure and experimental samples of malware. Fair enough, this was the purpose of the study. If they wanted to establish that AV products won't detect obscure and experimental malware samples, so far so good. But how likely is it that any normal user is going to encounter one of these? Probably very unlikely.
The AV vendors have to prioritize their time, so they will focus more on malware that a user is likely to encounter, so as to provide better protection.
Yes, the underlying point is still valid. Any automated detection technology is going to lag behind, that's a problem we will have to live with. Even products from Imperva will suffer from this, malware authors will simply run their samples through VirusTotal and all the other tools and keep tweaking until they have an approach that evades the detection.
Very true. I usually read the worst reviews first, but then i have to exercise some judgement. Do these people sound credible or more like whiners? Then I compare with the good reviews. Are the bad reviews consistent or does it seem more likely that there was one bad day or one screw up. I have found public reviews to be pretty reliable, as long as they are taken in aggregate.
True, there's nothing inherent in the concept that prevents it. But I didn't say 'prevents' I said 'make it very difficult' which is true. Been there several times.
Yes. In other words the useful lifetime of the eReader is much longer than the tablet. Every few months there is an incremental improvement in tablets and eventually your apps stop working. The EReader will keep displaying files as longs as I keep putting them in there.
Thank you! Despite the summary's assertion to the contrary, my problem with unions isn't whether or not they can protect jobs. It's that they don't police their own membership, and instead make it very difficult to get rid of the worst workers. If unions put more effort into providing value for employers, as you say, there would be more unions. As a worker in the US, I want nothing to do with any union,from what I've seen they take money and do little except campaign for a rigid and inflexible workplace.
Yes, I do consider that. Government isn't required to validate quality. Just look at the classic examples, set ups like Underwriter's Laboratory or the old Good Housekeeping Seal
Slashdot Mirror
IIS and IE are completely different things. It's been quite a few years since IIS (NOT IE) was any more of a target than Apache.
Very much like the evolution deniers who cling on to the lack of detailed explanations for the initial formation of cells. They then feel free to discount the massive Earthloads of other evidence.
2. Invade
3. Profit!
What the hell does he mean by "linked?" This makes no sense.
It means they got his gmail, then used the 'I forgot my password' links at the other sites to email reminder or reset links to his Gmail address.
Problem is handling special characters via web interface. Allowing them causes all sorts of problems with encoding and bypass vulnerabilities. It's not impossible, just a lot trickier to implement. I don't mind the sites that decline special characters so much, it is the arbitrary length limits. Why can't I use 24 characters if I want? I don't know what back end issue would cause say a 12-character limit, unless it is just a front end to some cruddy old legacy system.
The sad part is, in a few decades when the country is an impoverished backwards mess nobody will have much sympathy. They did it to themselves.
At least in my experience it did not cover "second tier" systems like email gateways, even medical data messaging systems (HL7 gateways, e.g.). Microsoft doesn't get FDA validation for Exchange. The FDA rules even allow for security patching and other alterations to the first tier medical devices without re-validation, as long as they weren't designed to alter the medical decision flow. My point is that if your org is interpreting these rules to mean no changes can be made, my experience suggests they might be way off base.
This would require the user to know what is required for the system to do what they want, which isn't going to happen. Malware doesn't come named "PWNDMUTHAFUCKA.exe" anymore, it comes named msexplorer.exe or something like that. How many users recognize that THAT file shouldn't be allowed? The only way to implement this approach for an ignorant user (just a fact, not a put down) would be the walled garden approach.
Just for fun, here's F-Secure's rebuttal: http://www.f-secure.com/weblog/archives/00002482.html
Not all systems require FDA validation, only those classified as 'medical devices', which sadly includes EHR systems. Anything that is used by a doctor to make a treatment decision. You are free to do whatever you like with your Exchange servers.
They probably are 'obese' according to official US Government standards.
You're not a human being in the eyes of the state, and as such subject to being tracked like cattle.
FTFY
The government's response to the report will be "We will do anything it takes to resolve these issues as long as it doesn't cost anything and our users do not have to change their behavior."
It's not free to implement, support, and manage. Throwing out terms like 'incompetent' doesn't address this problem.
Encrypting laptops is *expensive* in time and effort. The problem is encrypting the system drive. Without this, our malefactor just edits the system drive, boots the OS with inserted password, and reads the encrypted data. Or if you do encrypt the system drive, there is some sort of pre-boot authentication required. Welcome to a patching and support nightmare. This is why mobile device encryption isn't as widely employed as some would like.
Yes, and the next time some Hospice official thinks about not encrypting their data, they're going to remember this event and think better of it.
What they will remember is that $50k is in the same ball park as the total cost of implementing and managing laptop encryption. So it makes sense to accept the risk of not having it.
flu is at its most infectious stage early on in the cycle
Can you provide a citation for this? I've often wondered if this was true. I did some quick Googling and so far everyone says this isn't true and that most infectious stages are when the symptoms arise.
The question is, how well do these products protect their users? This study doesn't really help in that regard. Sure, we can dig up samples that the product doesn't detect. This is inevitable as pretty much everyone acknowledges.
A couple thoughts though. Looking at the PDF, they are deliberately going after obscure and experimental samples of malware. Fair enough, this was the purpose of the study. If they wanted to establish that AV products won't detect obscure and experimental malware samples, so far so good. But how likely is it that any normal user is going to encounter one of these? Probably very unlikely.
The AV vendors have to prioritize their time, so they will focus more on malware that a user is likely to encounter, so as to provide better protection.
Yes, the underlying point is still valid. Any automated detection technology is going to lag behind, that's a problem we will have to live with. Even products from Imperva will suffer from this, malware authors will simply run their samples through VirusTotal and all the other tools and keep tweaking until they have an approach that evades the detection.
Very true. I usually read the worst reviews first, but then i have to exercise some judgement. Do these people sound credible or more like whiners? Then I compare with the good reviews. Are the bad reviews consistent or does it seem more likely that there was one bad day or one screw up. I have found public reviews to be pretty reliable, as long as they are taken in aggregate.
This assumes that using an automated car is voluntary. What about when the government forces everyone to use one 'to protect the children'?
I'm not claiming to subscribe to this theory, but the one 'natural origin' idea that seemed plausible on the surface at least was multi-decade ocean current oscillations: e.g. http://en.wikipedia.org/wiki/Atlantic_multidecadal_oscillation
True, there's nothing inherent in the concept that prevents it. But I didn't say 'prevents' I said 'make it very difficult' which is true. Been there several times.
Yes. In other words the useful lifetime of the eReader is much longer than the tablet. Every few months there is an incremental improvement in tablets and eventually your apps stop working. The EReader will keep displaying files as longs as I keep putting them in there.
Thank you! Despite the summary's assertion to the contrary, my problem with unions isn't whether or not they can protect jobs. It's that they don't police their own membership, and instead make it very difficult to get rid of the worst workers. If unions put more effort into providing value for employers, as you say, there would be more unions. As a worker in the US, I want nothing to do with any union,from what I've seen they take money and do little except campaign for a rigid and inflexible workplace.
Yes, I do consider that. Government isn't required to validate quality. Just look at the classic examples, set ups like Underwriter's Laboratory or the old Good Housekeeping Seal