"If a user has Google Chrome installed, visiting an attacker-controlled Web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running. "
I don't really blame them for missing this since they probably don't use IE. And I must say I would have been tempted to classify this as an IE bug.
I would be too, since it works if you visit a website in IE, but doesn't work if you visit a website in Chrome.
What I wonder is... does the Chrome Frame counter this particular exploit? I could see it doing so by either negating the "visit in IE" requirement (by using the Chrome rendering engine) or the "Chrome not running" requirement (by running the Frame).
Of course it can! It could, for example, immediately upon launch, enroll you in a roster of botnets, search your drive for 9- and 16- digit numbers to send to an email address in the Czech Republic, and post all pictures it finds on all connected drives to Flickr.
I don't blame the poor for being poor. I blame the poor for staying poor unless that's what they choose to do.
Because they could... what? Go to college? Not if they couldn't get into college-track courses in high school. Not if they can't earn a scholarship. Learn a trade? Even that is expensive; during apprenticeship (such as for plumbing) you make almost no money, and it's often competitive to get into one. Just what do you suggest as the method(s) that really anyone can pull themselves up by their bootstraps? Because I have yet to learn of some path that is truly available to *everyone*, regardless of their resources.
There are plenty of opportunities for poor people to a) earn money and b) be very happy with or without that money.
Oh, wow. That's just... wow.
What's the poorest *you've* ever been? And what are these opportunities you speak of that don't require special training, a high degree of literacy and/or numeracy, or physical prowess? because some people don't have ANY of those things, or any way to get them.
More than that, there are an infinite number of opportunities for people like us to lose our place, no longer be smart, and certainly no longer have any wealth. My sister's done all three of those.
And why? Why has she? Do you ever think about that?
What people like us don't have, is the ability to work physically hard.
Sure we do (at least, a lot of us do). We're just not willing to, and we have enough acquired power (see Hobbes, or was it Rousseau?) that we don't have to.
And that's the point. Any impoverished person willing to work physically hard for people like us get paid really really really well.
You know, my housekeeper makes $90/day to come to my house every other week and clean. That comes out to more than $10/hour, but that is NOT getting paid "really, really, really well" in this area. Not only that, but she's 66 years old, and can't work as physically hard as she used to. She's never had an opportunity to save for retirement, though, and her son barely makes enough to support himself and his daughter, so she can't quit. She doesn't speak English very well (some people are good with languages, but she's not one of them), and though she's very intelligent, she's not well-educated, so there aren't many non-physical opportunities for her. She's taken some jewelry-making classes, and I pay her $10-20 to fix broken necklaces every now and then, but she doesn't have the resources to start up a full-scale jewelry business.
What do you suggest for her? What are her options to make money? She's a US citizen (if you're over 65, you're allowed to take the exam in your native language), but doesn't have much else in the way of natural or acquired power.
What about the friend of a friend who, having lost her eligibility for Medicaid when her kids moved in with their dad (because she was about to be homeless), can no longer afford her medication for bipolar disorder? She's slipped farther and farther into depression and dysfunctionality, smokes too much weed and can't be a good parent, pay her rent, or keep a job. But she also can't afford mental health care or substance abuse treatment, which aren't easy to get even if you *do* have Medicaid.
If she does lose her job, she may be able to get her insurance back, but then if she regains functionality with treatment, she could lose it again. What's your solution for her problems? What's she just not doing right? Most of her skills tend toward backstage grunt work for community theater.
The real question that I have to ask that I didn't se an answer for: Did he give them permission to play or not?
As he was being detained elsewhere at the time, I doubt it. But maybe so. Maybe the cops on the scene called in to wherever he was being detained and asked him "Mind if we bowl a few rounds while we're here?"
How could this be used to advantage by the defense?
Ok, I'm not a lawyer, I just hang out with lawyers sometimes... but...
How about tainting the warrant by arguing that the *real* reason the cops wanted in the guy's house when he wasn't there was to play with his toys? Especially if the probable cause is at all weak or disputable, the attorney *might* be able to get the warrant thrown out, thus invalidating all evidence gathered.
I think PP's point is that the quoted defense attorney is not actually representing the defendant; he's just this guy who is a defense attorney that the reporter knew well enough to ask a few questions.
No, they are not always considered on duty, otherwise they would always be in uniform.
They are not "still exercising their powers;" it's just that they retain the ability to exercise them in the case where they see something illegal in the same way that an EMT retains his ability to help out in medical emergencies. If I'm not mistaken, they (police) don't have the same legal protections when doing police work while off-duty, nor are they acting as a representative of the police while doing off-duty things like going to the bar, making love to their wives or, yes, playing Wii Sports.
You *do* know that in TFA, the officers playing Wii Sports were on duty in the middle of conducting a raid?
The freedom from harassment isn't something that is earned. That right is something every human is born with.
I thought that too, until on my way home from class one day when I was in college, a guy pulled up alongside in a car and started telling me all the gross sexual things he wanted to do to me. I memorized his license plate and called the cops... and found out from a very sympathetic female watch officer that IT WASN'T ILLEGAL. Freedom of speech, and all that. He would have had to actually *touch* me to break the law.
I'm alse in the "greater-than-average" power in society. But I'd never say mine, nor yours, is an accident of birth.
Really?
I was born white. I was born middle-class. I was born in one of the largest cities in one of the world's richest countries. I was born to well-educated parents, who knew how to pass on their knowledge. I was born after certain civil rights movements gained significant advances for the position of women in society. I was born before No Child Left Behind and Proposition 13 gutted our school systems. I was born with better-than-average looks and much-better-than-average intelligence. I was in the right place at the right time to meet my husband. My kids happen to be attractive, smart, and neurotypical.
It is terribly frightening to those of us with good lives to think that, with a few small changes, we could have had bad ones. I can almost guarantee your sister didn't have "the same potential" as you. Undiagnosed mental disorders or learning disabilities? Trauma? Gender discrimination? Who knows. But your example of you and your sister proves my point: *you*, also, could have had a different outcome. The fact that you didn't doesn't qualify you to judge someone who did.
In college, I made a friend. A good friend. She and I are still best friends. For a while, after college, she lived on my couch. She told me, "If it weren't for you, I would be homeless." She's smart, educated, etc. etc. The primary difference between the homeless and "everyone else" is social support networks. Some people are good at creating those, and some people are not. Even those who are not may wind up with good families and/or friendships... or they might not.
Blaming the poor for being poor and the powerless for being powerless assuages our guilt in some way, but it doesn't even come close to the truth. The truth is, our individual wealth or position in society is *not* a reliable indicator of our internal worth as a human being.
I've always felt that to be the line between direct and indirect.
Yes I would hold the actor responsible before I'd hold the teacher responsible.
You're more interested in revenge than in solutions. That makes you like most humans, it turns out, according to experiments in economic game theory. People are inclined to take actions that are economically irrational if they feel that someone has treated them unfairly and deserves to be punished.
I'm interested in who has power to solve problems. Why is it the responsibility of the disenfranchised student to force the school system to meet his needs? Why isn't it MY responsibility, as the parent of a kid who represents the local hegemony, to participate in the *same* school and ensure that it's a good place for EVERYONE to get an education? I'm pretty weird among my friends for insisting on sending my son to our local public school. Everyone else in my social circle at least picks a charter school, sometimes private, and frequently homeschools (or unschools). But I have this crazy notion that if the school down the street isn't good enough for *my* kid, then I'd better fix that, since I have neighbors who don't have the resources I do, and don't have much choice about sending their kids there. If I want the other five-year-olds in my son's kindergarten class to grow into teenagers who may be annoying, but not actually destructive, I can start now by being involved and seeing that the resources exist, and are distributed in an equitable manner.
I recognize that by an accident of birth, I have greater-than-average power in society. With great power comes great responsibility. When we all come to terms with that, then I'll be a Libertarian, because *that* is what enlightened self-interest really is.
Link is broken. But yeah, restaurants really frequently use carcinogenic or teratogenic pesticides and cleaning agents, because it's faster and cheaper than using safe stuff.
You illustrate my point - because almost EVERYTHING causes cancer at some degree of exposure, then almost EVERYTHING must receive that label, regardless of the circumstances.
No, this doesn't illustrate your point. While yes, there's always a quantity that's "too much" of something, we're talking about things that, at non-astronomical doses, have demonstrated in clinical tests to cause cancer.
You know what? I don't hang out in parking garages. I turn on the recirc when I drive in, and I don't take deep breaths when walking through. Because (duh) the AIR is BAD for me. Maybe I shouldn't need a sign to tell me this, but it does drive the point home and remind me, should I forget.
The problem isn't that the *signs* are pervasive; the problem is that the chemicals are. Here's an Excel spreadsheet of the chemicals they have to warn about, and what dose levels are exempt. They only have to post the sign if you're likely to be inhaling or ingesting the substances. If you see the sign up in a building, that's because they are pretty sure that these things are in the air you're breathing.
People should be punished for opening a safe and snooping around classified information, no matter how badly the safe was designed. This could be mitigated by telling them he found a flaw, but as far as I know McKinnon did no such thing.
Isn't he the one who basically "left a note" on the machine after he hacked in, telling them what the vulnerability was?
And in general, there's no disputing that he broke the law and has earned jail time and restitution. But the question is, is $700,000 just a wee bit excessive given that he didn't actually destroy any data or use any data for gain? They're including costs of securing their systems against intrusion in ways they SHOULD HAVE done in the first place. Charge him for the man-hours it took to determine whether any damage was done, fine. But *don't* bill him for the IDS and firewall you thought you didn't need.
No, it's more like making him pay for new locks because he wrote a lockpicking book. The flaws existed, and he exposed them, but it's not his fault that people might use them to perpetrate crimes. If someone tells me how to crack a safe, I'd generally blame the safe's maker for designing that fault... not the person who realized the problem. Eh?
Actually, from TFA, it's more like making him pay for changing the locks because he READ the book someone else wrote.
The entire concept of having to lock doors is the concept of paying for security which is only necessary because of the criminals. Locks wouldn't exist without crime. We're not talking about keeping children out of cabinets.
So when a criminal does indeed prove that a lock is required, it makes sense to have those criminals pay for the security required to keep them out.
Hell, it makes a lot more sense for the criminal to pay for the security measures than for me to pay to keep them at bay.
That's a good point. We should hold financially responsible the person who makes the problem possible in the first place.
But is that the criminal? In this case, was our villain's obsession with information about UFOs something generated entirely out of himself? On the one hand, perhaps; but then, we might be looking at a case of not simply Asperger's Syndrome, but clinical OCD or even schizophrenia. Is he to blame for mental illness that drives him to irrational impulses?
Or could we instead hold responsible the culture of secretiveness of various world governments, fighting transparency tooth and nail, teaching every one of us that the only way to gain information (even when it may affect our daily lives) is illegally?
Will you endeavor to explore how the person who broke into your house came to feel entitled to do so? Or so desperate that he didn't care whether it was wrong or right? Will you learn whether he's a sociopath, who has disconnected himself from human emotion and empathy after years of abuse at the hands of his elders? Or simply a desperately impoverished individual, who has finally gone over the edge and will risk himself for a chance to fill his baby's belly and stop her crying? Or perhaps it's a teenager, ignored by his parents, his schools, his community, persecuted by police based on the cut of his hair or the color of his skin, who has never seen what respect for others is?
If you want to talk about the reasons why we pay for security, we'll have to look at our investments in schools, the way we care for our neighbors, how our law enforcement seeks to build or break communities, and our system of health (especially mental health) care. If you want to figure out who's to blame for crime and its costs, and make them pay the bill, you'll find ultimately that it already works out that way. Those with power to shape society DO. Those without power are either treated with respect and given access to the resources they need to be whole, healthy human beings, or they learn to take what they need without abiding the rules of the powerful.
Insofar as how he did it would be revealed at least in part by the public record of the legal case against McKinnon, and insofar as he may have communicated details of the exploits that are not in the public record to others, the fact that he did breach the system makes it more likely that others would do so, increase the risk:cost profile associated with securing the system against that type of breach, and making it more necessary to protect the systems than it would otherwise have been. So there is at least an argument that protecting at least the particular systems breached against the same type of breach that McKinnon conducted is an expense that is at least in part necessary because of his actions.
And the reciprocal argument is that his success makes it clear that the security measures were necessary BEFORE his breach. They didn't suddenly become necessary because he was the first person to ever discover the particular vulnerabilities. There's tons of prior art for blank admin passwords.
Doesn't matter how good the lock is if they don't use it properly. You might have the best keypad entry system in the world, but if the entry code is 12345 then who's fault is it when someone gets in?
Somehow I think the best keypad entry system in the world requires a sequence of more than five digits....
The one exception to this analogy would be if the hacker published the security holes. In which case you could argue it's like stealing a key and giving away copies--in which case he could reasonably be forced to pay for re-keying the locks he 'broke'.
That doesn't seem to be the issue in this case. TFA quotes an expert witness who was also an insurance adjuster for technology systems, who says that the "damages" include basic IDS and firewall systems that should have been in place to begin with. If he'd hacked *through* such systems, and published the hacks, rendering the systems useless, and then they had to pay to fix the vulnerabilities or replace the systems, you could maybe make the case. That's not the issue here, though.
Your analogy changes though if it's a greased naked man who squeezed through a skylight on the roof and is looking through your sock drawer at 2 am. Now perhaps it is not the mans fault that you have a skylight, and that other people who are willing can do the same thing he did.. but you can see how you might want him to pay to keep others from doing the same thing.
You might want it, but there is nothing anywhere in any code of law that makes *him* responsible for putting bars on your skylight. Yes, you'll do it, and your insurer might even require it if you make a claim for the actual damages he caused (maybe he got grease on a priceless pair of silk stockings that used to belong to Marilyn Monroe?). But there's simply no precedent or code that makes YOUR basic security HIS financial responsibility.
The issue here is that they're charging this guy $700,000 in "damages," and some of those "damages" are the costs of placing intrusion detection and firewall systems that weren't there in the first place and would likely have prevented his hacking. He didn't DISABLE or BREAK them; they just weren't there at all.
Let's get to the heart of the issue here. Maybe I'm feeling particularly crabby this morning, but when will people just start taking responsibility for their actions? Will putting a label on the photo really stop girls from doing harmful things to their bodies in order to imitate what they see in ads?
Maybe not. But it's more feasible to label the ads than to ban the alteration altogether.
There is a *substantial* body of research showing the link between exposure to idealized images and body image-related disorders in adolescents. Most of the research pertains to females, but there's also some evidence that adolescent boys are vulnerable to body-image difficulties that may lead to steroid use or other harmful practices in an attempt to attain an impossible physique.
If you've spent some time working with photographers, you know that moving a light just a tiny bit can dramatically change how much someone appears to weigh. Changing the colour of light - or even the colour of other nearby objects that reflect some light - can change someone from vibrant to sickly. And don't even get started on makeup.
But these things don't just alter *the image*, they alter how the person ACTUALLY appears. Because we've seen for ourselves that our friend who looked a bit ill in the bathroom this morning looks fine when we're out in the sunlight, and that rotating our body a few degrees to the right totally changes how thin or fat we look in the mirror, we can intuitively grasp that the model doesn't really look quite *that* good on average.
That's a different thing than digitally altering the picture in a way that is impossible to reproduce for the naked eye.
Clearly, the problem isn't with the idea, but with the label: it should say which thing contains carcinogens so that you can avoid the problem.
Yes, it should explain that the AIR in the hotel and its parking garage contain chemicals known to the state of California to cause cancer.
All parking garages have the Prop 65 warning, because they're all full of car exhaust. Almost all hotels have them, because they use carcinogenic pesticides.
As it turns out, the labels are accurate, and what you need to avoid is the ENTIRE BUILDING if you don't want to be exposed to carcinogens. OTOH, if you go outside, that's the smoking section...
My employer won't even pay for my health insurance. OTOH, rescuing employees out of a hostage situation *would* probably help keep insurance premiums down...
Slashdot Mirror
The second technique:
"If a user has Google Chrome installed, visiting an attacker-controlled Web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running. "
I don't really blame them for missing this since they probably don't use IE. And I must say I would have been tempted to classify this as an IE bug.
I would be too, since it works if you visit a website in IE, but doesn't work if you visit a website in Chrome.
What I wonder is... does the Chrome Frame counter this particular exploit? I could see it doing so by either negating the "visit in IE" requirement (by using the Chrome rendering engine) or the "Chrome not running" requirement (by running the Frame).
IE, on the other hand, cannot be less secure.
Of course it can! It could, for example, immediately upon launch, enroll you in a roster of botnets, search your drive for 9- and 16- digit numbers to send to an email address in the Czech Republic, and post all pictures it finds on all connected drives to Flickr.
Sure, it's plausible. But the least plausible part of it is that the cops called the perp in the first place.
I don't blame the poor for being poor. I blame the poor for staying poor unless that's what they choose to do.
Because they could... what? Go to college? Not if they couldn't get into college-track courses in high school. Not if they can't earn a scholarship. Learn a trade? Even that is expensive; during apprenticeship (such as for plumbing) you make almost no money, and it's often competitive to get into one. Just what do you suggest as the method(s) that really anyone can pull themselves up by their bootstraps? Because I have yet to learn of some path that is truly available to *everyone*, regardless of their resources.
There are plenty of opportunities for poor people to a) earn money and b) be very happy with or without that money.
Oh, wow. That's just... wow.
What's the poorest *you've* ever been? And what are these opportunities you speak of that don't require special training, a high degree of literacy and/or numeracy, or physical prowess? because some people don't have ANY of those things, or any way to get them.
More than that, there are an infinite number of opportunities for people like us to lose our place, no longer be smart, and certainly no longer have any wealth. My sister's done all three of those.
And why? Why has she? Do you ever think about that?
What people like us don't have, is the ability to work physically hard.
Sure we do (at least, a lot of us do). We're just not willing to, and we have enough acquired power (see Hobbes, or was it Rousseau?) that we don't have to.
And that's the point. Any impoverished person willing to work physically hard for people like us get paid really really really well.
You know, my housekeeper makes $90/day to come to my house every other week and clean. That comes out to more than $10/hour, but that is NOT getting paid "really, really, really well" in this area. Not only that, but she's 66 years old, and can't work as physically hard as she used to. She's never had an opportunity to save for retirement, though, and her son barely makes enough to support himself and his daughter, so she can't quit. She doesn't speak English very well (some people are good with languages, but she's not one of them), and though she's very intelligent, she's not well-educated, so there aren't many non-physical opportunities for her. She's taken some jewelry-making classes, and I pay her $10-20 to fix broken necklaces every now and then, but she doesn't have the resources to start up a full-scale jewelry business.
What do you suggest for her? What are her options to make money? She's a US citizen (if you're over 65, you're allowed to take the exam in your native language), but doesn't have much else in the way of natural or acquired power.
What about the friend of a friend who, having lost her eligibility for Medicaid when her kids moved in with their dad (because she was about to be homeless), can no longer afford her medication for bipolar disorder? She's slipped farther and farther into depression and dysfunctionality, smokes too much weed and can't be a good parent, pay her rent, or keep a job. But she also can't afford mental health care or substance abuse treatment, which aren't easy to get even if you *do* have Medicaid.
If she does lose her job, she may be able to get her insurance back, but then if she regains functionality with treatment, she could lose it again. What's your solution for her problems? What's she just not doing right? Most of her skills tend toward backstage grunt work for community theater.
The real question that I have to ask that I didn't se an answer for: Did he give them permission to play or not?
As he was being detained elsewhere at the time, I doubt it. But maybe so. Maybe the cops on the scene called in to wherever he was being detained and asked him "Mind if we bowl a few rounds while we're here?"
My imagination is failing me.
How could this be used to advantage by the defense?
Ok, I'm not a lawyer, I just hang out with lawyers sometimes... but...
How about tainting the warrant by arguing that the *real* reason the cops wanted in the guy's house when he wasn't there was to play with his toys? Especially if the probable cause is at all weak or disputable, the attorney *might* be able to get the warrant thrown out, thus invalidating all evidence gathered.
I think PP's point is that the quoted defense attorney is not actually representing the defendant; he's just this guy who is a defense attorney that the reporter knew well enough to ask a few questions.
No, they are not always considered on duty, otherwise they would always be in uniform.
They are not "still exercising their powers;" it's just that they retain the ability to exercise them in the case where they see something illegal in the same way that an EMT retains his ability to help out in medical emergencies. If I'm not mistaken, they (police) don't have the same legal protections when doing police work while off-duty, nor are they acting as a representative of the police while doing off-duty things like going to the bar, making love to their wives or, yes, playing Wii Sports.
You *do* know that in TFA, the officers playing Wii Sports were on duty in the middle of conducting a raid?
The freedom from harassment isn't something that is earned. That right is something every human is born with.
I thought that too, until on my way home from class one day when I was in college, a guy pulled up alongside in a car and started telling me all the gross sexual things he wanted to do to me. I memorized his license plate and called the cops... and found out from a very sympathetic female watch officer that IT WASN'T ILLEGAL. Freedom of speech, and all that. He would have had to actually *touch* me to break the law.
I'm alse in the "greater-than-average" power in society. But I'd never say mine, nor yours, is an accident of birth.
Really?
I was born white. I was born middle-class. I was born in one of the largest cities in one of the world's richest countries. I was born to well-educated parents, who knew how to pass on their knowledge. I was born after certain civil rights movements gained significant advances for the position of women in society. I was born before No Child Left Behind and Proposition 13 gutted our school systems. I was born with better-than-average looks and much-better-than-average intelligence. I was in the right place at the right time to meet my husband. My kids happen to be attractive, smart, and neurotypical.
It is terribly frightening to those of us with good lives to think that, with a few small changes, we could have had bad ones. I can almost guarantee your sister didn't have "the same potential" as you. Undiagnosed mental disorders or learning disabilities? Trauma? Gender discrimination? Who knows. But your example of you and your sister proves my point: *you*, also, could have had a different outcome. The fact that you didn't doesn't qualify you to judge someone who did.
In college, I made a friend. A good friend. She and I are still best friends. For a while, after college, she lived on my couch. She told me, "If it weren't for you, I would be homeless." She's smart, educated, etc. etc. The primary difference between the homeless and "everyone else" is social support networks. Some people are good at creating those, and some people are not. Even those who are not may wind up with good families and/or friendships... or they might not.
Blaming the poor for being poor and the powerless for being powerless assuages our guilt in some way, but it doesn't even come close to the truth. The truth is, our individual wealth or position in society is *not* a reliable indicator of our internal worth as a human being.
I've always felt that to be the line between direct and indirect.
Yes I would hold the actor responsible before I'd hold the teacher responsible.
You're more interested in revenge than in solutions. That makes you like most humans, it turns out, according to experiments in economic game theory. People are inclined to take actions that are economically irrational if they feel that someone has treated them unfairly and deserves to be punished.
I'm interested in who has power to solve problems. Why is it the responsibility of the disenfranchised student to force the school system to meet his needs? Why isn't it MY responsibility, as the parent of a kid who represents the local hegemony, to participate in the *same* school and ensure that it's a good place for EVERYONE to get an education? I'm pretty weird among my friends for insisting on sending my son to our local public school. Everyone else in my social circle at least picks a charter school, sometimes private, and frequently homeschools (or unschools). But I have this crazy notion that if the school down the street isn't good enough for *my* kid, then I'd better fix that, since I have neighbors who don't have the resources I do, and don't have much choice about sending their kids there. If I want the other five-year-olds in my son's kindergarten class to grow into teenagers who may be annoying, but not actually destructive, I can start now by being involved and seeing that the resources exist, and are distributed in an equitable manner.
I recognize that by an accident of birth, I have greater-than-average power in society. With great power comes great responsibility. When we all come to terms with that, then I'll be a Libertarian, because *that* is what enlightened self-interest really is.
Link is broken. But yeah, restaurants really frequently use carcinogenic or teratogenic pesticides and cleaning agents, because it's faster and cheaper than using safe stuff.
You illustrate my point - because almost EVERYTHING causes cancer at some degree of exposure, then almost EVERYTHING must receive that label, regardless of the circumstances.
No, this doesn't illustrate your point. While yes, there's always a quantity that's "too much" of something, we're talking about things that, at non-astronomical doses, have demonstrated in clinical tests to cause cancer.
You know what? I don't hang out in parking garages. I turn on the recirc when I drive in, and I don't take deep breaths when walking through. Because (duh) the AIR is BAD for me. Maybe I shouldn't need a sign to tell me this, but it does drive the point home and remind me, should I forget.
The problem isn't that the *signs* are pervasive; the problem is that the chemicals are. Here's an Excel spreadsheet of the chemicals they have to warn about, and what dose levels are exempt. They only have to post the sign if you're likely to be inhaling or ingesting the substances. If you see the sign up in a building, that's because they are pretty sure that these things are in the air you're breathing.
But is it then his job to pay for the admin's time to set up secure passwords and close ports?
People should be punished for opening a safe and snooping around classified information, no matter how badly the safe was designed. This could be mitigated by telling them he found a flaw, but as far as I know McKinnon did no such thing.
Isn't he the one who basically "left a note" on the machine after he hacked in, telling them what the vulnerability was?
And in general, there's no disputing that he broke the law and has earned jail time and restitution. But the question is, is $700,000 just a wee bit excessive given that he didn't actually destroy any data or use any data for gain? They're including costs of securing their systems against intrusion in ways they SHOULD HAVE done in the first place. Charge him for the man-hours it took to determine whether any damage was done, fine. But *don't* bill him for the IDS and firewall you thought you didn't need.
No, it's more like making him pay for new locks because he wrote a lockpicking book. The flaws existed, and he exposed them, but it's not his fault that people might use them to perpetrate crimes. If someone tells me how to crack a safe, I'd generally blame the safe's maker for designing that fault... not the person who realized the problem. Eh?
Actually, from TFA, it's more like making him pay for changing the locks because he READ the book someone else wrote.
The entire concept of having to lock doors is the concept of paying for security which is only necessary because of the criminals. Locks wouldn't exist without crime. We're not talking about keeping children out of cabinets.
So when a criminal does indeed prove that a lock is required, it makes sense to have those criminals pay for the security required to keep them out.
Hell, it makes a lot more sense for the criminal to pay for the security measures than for me to pay to keep them at bay.
That's a good point. We should hold financially responsible the person who makes the problem possible in the first place.
But is that the criminal? In this case, was our villain's obsession with information about UFOs something generated entirely out of himself? On the one hand, perhaps; but then, we might be looking at a case of not simply Asperger's Syndrome, but clinical OCD or even schizophrenia. Is he to blame for mental illness that drives him to irrational impulses?
Or could we instead hold responsible the culture of secretiveness of various world governments, fighting transparency tooth and nail, teaching every one of us that the only way to gain information (even when it may affect our daily lives) is illegally?
Will you endeavor to explore how the person who broke into your house came to feel entitled to do so? Or so desperate that he didn't care whether it was wrong or right? Will you learn whether he's a sociopath, who has disconnected himself from human emotion and empathy after years of abuse at the hands of his elders? Or simply a desperately impoverished individual, who has finally gone over the edge and will risk himself for a chance to fill his baby's belly and stop her crying? Or perhaps it's a teenager, ignored by his parents, his schools, his community, persecuted by police based on the cut of his hair or the color of his skin, who has never seen what respect for others is?
If you want to talk about the reasons why we pay for security, we'll have to look at our investments in schools, the way we care for our neighbors, how our law enforcement seeks to build or break communities, and our system of health (especially mental health) care. If you want to figure out who's to blame for crime and its costs, and make them pay the bill, you'll find ultimately that it already works out that way. Those with power to shape society DO. Those without power are either treated with respect and given access to the resources they need to be whole, healthy human beings, or they learn to take what they need without abiding the rules of the powerful.
Insofar as how he did it would be revealed at least in part by the public record of the legal case against McKinnon, and insofar as he may have communicated details of the exploits that are not in the public record to others, the fact that he did breach the system makes it more likely that others would do so, increase the risk:cost profile associated with securing the system against that type of breach, and making it more necessary to protect the systems than it would otherwise have been. So there is at least an argument that protecting at least the particular systems breached against the same type of breach that McKinnon conducted is an expense that is at least in part necessary because of his actions.
And the reciprocal argument is that his success makes it clear that the security measures were necessary BEFORE his breach. They didn't suddenly become necessary because he was the first person to ever discover the particular vulnerabilities. There's tons of prior art for blank admin passwords.
Doesn't matter how good the lock is if they don't use it properly. You might have the best keypad entry system in the world, but if the entry code is 12345 then who's fault is it when someone gets in?
Somehow I think the best keypad entry system in the world requires a sequence of more than five digits....
The one exception to this analogy would be if the hacker published the security holes. In which case you could argue it's like stealing a key and giving away copies--in which case he could reasonably be forced to pay for re-keying the locks he 'broke'.
That doesn't seem to be the issue in this case. TFA quotes an expert witness who was also an insurance adjuster for technology systems, who says that the "damages" include basic IDS and firewall systems that should have been in place to begin with. If he'd hacked *through* such systems, and published the hacks, rendering the systems useless, and then they had to pay to fix the vulnerabilities or replace the systems, you could maybe make the case. That's not the issue here, though.
Your analogy changes though if it's a greased naked man who squeezed through a skylight on the roof and is looking through your sock drawer at 2 am. Now perhaps it is not the mans fault that you have a skylight, and that other people who are willing can do the same thing he did.. but you can see how you might want him to pay to keep others from doing the same thing.
You might want it, but there is nothing anywhere in any code of law that makes *him* responsible for putting bars on your skylight. Yes, you'll do it, and your insurer might even require it if you make a claim for the actual damages he caused (maybe he got grease on a priceless pair of silk stockings that used to belong to Marilyn Monroe?). But there's simply no precedent or code that makes YOUR basic security HIS financial responsibility.
The issue here is that they're charging this guy $700,000 in "damages," and some of those "damages" are the costs of placing intrusion detection and firewall systems that weren't there in the first place and would likely have prevented his hacking. He didn't DISABLE or BREAK them; they just weren't there at all.
Let's get to the heart of the issue here. Maybe I'm feeling particularly crabby this morning, but when will people just start taking responsibility for their actions? Will putting a label on the photo really stop girls from doing harmful things to their bodies in order to imitate what they see in ads?
Maybe not. But it's more feasible to label the ads than to ban the alteration altogether.
There is a *substantial* body of research showing the link between exposure to idealized images and body image-related disorders in adolescents. Most of the research pertains to females, but there's also some evidence that adolescent boys are vulnerable to body-image difficulties that may lead to steroid use or other harmful practices in an attempt to attain an impossible physique.
If you've spent some time working with photographers, you know that moving a light just a tiny bit can dramatically change how much someone appears to weigh. Changing the colour of light - or even the colour of other nearby objects that reflect some light - can change someone from vibrant to sickly. And don't even get started on makeup.
But these things don't just alter *the image*, they alter how the person ACTUALLY appears. Because we've seen for ourselves that our friend who looked a bit ill in the bathroom this morning looks fine when we're out in the sunlight, and that rotating our body a few degrees to the right totally changes how thin or fat we look in the mirror, we can intuitively grasp that the model doesn't really look quite *that* good on average.
That's a different thing than digitally altering the picture in a way that is impossible to reproduce for the naked eye.
Clearly, the problem isn't with the idea, but with the label: it should say which thing contains carcinogens so that you can avoid the problem.
Yes, it should explain that the AIR in the hotel and its parking garage contain chemicals known to the state of California to cause cancer.
All parking garages have the Prop 65 warning, because they're all full of car exhaust. Almost all hotels have them, because they use carcinogenic pesticides.
As it turns out, the labels are accurate, and what you need to avoid is the ENTIRE BUILDING if you don't want to be exposed to carcinogens. OTOH, if you go outside, that's the smoking section...
My employer won't even pay for my health insurance. OTOH, rescuing employees out of a hostage situation *would* probably help keep insurance premiums down...