While you can't argue with the laws of physics with respect to mass, engineers can (and have) done an amazing amount of work to ensure the energy is absorbed slowly and evenly.
The first instruction of the jury is always "do not research or discuss the case outside the courtroom". 40 years ago this meant not to watch the evening news or read the morning paper.. now it means not to read wikipedia or tweet about it.
I suppose the real difference here is it's a lot easier for the defense to find out about later and win an appeal ("your honor, Juror #6 tweeted X about Y during the trial") whereas 40 years ago you could just say "I made my wife get the paper".
At the time, the dissent was based on "through the wall" versus "off the wall". Heat (it was argued in the dissent) was "off the wall" insofar as it was passively emitted. Use of technologies that go "through the wall" (your aforementioned terahertz imaging, et.al.) would seem to run afoul even of the dissenting justices in the above case.
1. they would be lawfully present (it's a public waterway).
2. they lawfully accessed the evidence (saw it in plain view with the unaided eye**).
3. the incriminating nature was immediately apparent (river of blood).
** When it comes to fancy technology, the current precedent is Kyllo v. United States, 533 U.S. 27 (2001) although it was a close (5-4) decision, the premise being the police used "technology not generally available to the public".
Clearly A/C has never had to do an enterprise deployment.
The reason for going "all $vendor" (be it Cisco or Microsoft) is because our business is not about finding the absolute lowest line-item cost for every piece of IT gear.
Our business is doing something ELSE, and IT is just in support of that.
Could Cisco's technology be replicated with a bunch of WRT54GLs and a room full of grad students?.. probably, but who's going to support that long term?.
Trust me, the "fun" of making two random things work together wanes real fast when you've got a job to do.
Like always, the question you have to ask is "who am I hiding it from"?
TOR works well, but is neither anonymous or private (meaning TOR traffic is easy to identify at entry, so the ISP will know you're doing it). At exit, the traffic is the same as it entered.. so unless your transport itself is encrypted, it's game over if the exit op is malicious.
Paid proxies are good for casual "don't want the boss seeing it", and many of these are plain HTTPS so they're harder to spot. Teathering your personal phone also works here.
If you're doing something illegal, the safest bet is probably long-range wifi (to somebody else's equipment) + proxy (tor, VPS with stolen CC, etc.) and even then you've got to move around a bit.
Here's a tip (and I work on a campus with thousands of these, btw)
When we go looking for miscreants, the guy with the Yagi (or pringles can, or patch antenna, or anything that isn't a regular laptop without external cabling) sticks out pretty clearly.
Many TOR nodes are run for malicious purposes (a few have resorted to 'wall of sheep' sort of tactics' to reinforce this fact). TOR gives you anonymity but NOT privacy.
Cisco's WLSE has APs dedicated to TDOA and cleanair.. you can upload a CAD drawing of the building and pinpoint where exactly your TDOA aps are at and it will show you exactly where (on a virtual drawing) the rouge AP or client is.
When this technology matures to include ceramics and sintered metals that can be fired to produce an object OTHER than red plastic, I can imagine a lot more sinister uses.. guns for example.
I'd complain about that.. if there are meter closets with dozens of meters, there's no reason the utility can't install automated reading systems directly in the building (versus the drive-around-in-a-van variety). Failing that, ask the superintendent to install a PTZ webcam in the meter room accessible to residents.
Alternatively, sign up for "budget billing" which makes your bill the same each month based on rolling 12 month pattern.
It's wireless, so it's not as straightforward as you'd like to think.
Your GSM/UTMS/HSDPA/whatever signal uses a defined amount of spectrum, which is shared (to what extent depends on the modulation scheme and a lot of other variables like tower spacing and channel reuse). The towers (leases, power, etc.) and bandwidth (FCC auctions) all cost money, and have to serve everyone more-or-less equally.
To use the time-honored car analogy.. think of how tolls are calculated based on number of axles (which is directly proportional to weight). Heavy trucks cause faster wear on roads, hence higher tolls.
unless the police can argue "inevitable discovery" (ie: "we would have found it eventually anyway).. any evidence derived from that which is obtained in an illegal search, is also illegal.
For example : illegal wiretap discovers drug operation. Search for drugs based on poisoned warrant discovers guns and cash. Unless the government can reasonably argue that the guns and cash would have been found without the poisoned warrant, they too are inadmissible.
That is a rather large stick to disincentive police misconduct.. their entire case can get thrown out for sloppy work up front.
Of course, this all depends on the quality of your lawyer, which itself is largely a matter of funding. This is also why plea agreements are so common.
Depends on the judge (I do a lot of subpoena work, on boths sides).
I have seen some that are "rubber stamped" with only a vague description of what they're after (eg: "computer equipment").. I have seen some where the judge says "Apartment #3 is not sufficient to identify the residence" and "Computer equipment does not sufficiently identify the property sought" and the police had to go back and get permission (from the landlord) to take a picture of the door and go back to the judge along with serial numbers and such of the devices.
The judge in the 2nd case is doing it right.. because what if the police work is sloppy and the stolen computer is serial number AB123456 and you have a computer that's DE78910 but the same exact model.. guess which defendant is getting their stuff back.
No, because of the exclusionary rule. (see Silverthorne Lumber Co. v. United States, 251 U.S. 385 (1920)).
The courts have held (rightfully so) that the law itself is more important that ultimate justice. To hold otherwise just encourages misconduct.
As the "security" person, what you suggests makes sense until you realize that the hammer/drill method takes a unskilled grunt less than a minute to do, and the "wipe with zeros" method takes hours, even for a single pass, and a skilled technician to do.
I have about 400 pounds of hard drives (many of them 100+gb FC disks out of an EMC SAN) that are all headed to the bandsaw. We have done the math on this many times.. the additional revenue from selling the 4-5 year old unit intact with disk - the time invested to render that disk "safe" for sale does not come out to more than we get for selling it all as scrap.
It's not an "impulsive instinct to destroy", it's a business economics decision.
Sure, we've had plenty of organizations say "give it to us, we'll send a guy to sit there and wipe them for you", but as a business, you can't trust them to *really* do it, and supervising that it got done loops back to the same time=money problem.
Hence.. policy states "all storage devices, including those in printers, copiers, and networking devices, will be physically destroyed before sent for recycling or disposed as scrap".
Slashdot Mirror
Here's a good (albeit dated) example : Mini Cooper vs F-150. http://paultan.org/2005/11/08/mini-cooper-vs-ford-f-150-crash-test/
While you can't argue with the laws of physics with respect to mass, engineers can (and have) done an amazing amount of work to ensure the energy is absorbed slowly and evenly.
The first instruction of the jury is always "do not research or discuss the case outside the courtroom". 40 years ago this meant not to watch the evening news or read the morning paper .. now it means not to read wikipedia or tweet about it.
I suppose the real difference here is it's a lot easier for the defense to find out about later and win an appeal ("your honor, Juror #6 tweeted X about Y during the trial") whereas 40 years ago you could just say "I made my wife get the paper".
The technical arguments are here (older case) : http://en.wikipedia.org/wiki/Kyllo_v._United_States
At the time, the dissent was based on "through the wall" versus "off the wall". Heat (it was argued in the dissent) was "off the wall" insofar as it was passively emitted. Use of technologies that go "through the wall" (your aforementioned terahertz imaging, et.al.) would seem to run afoul even of the dissenting justices in the above case.
The Horton test applies here.
1. they would be lawfully present (it's a public waterway).
2. they lawfully accessed the evidence (saw it in plain view with the unaided eye**).
3. the incriminating nature was immediately apparent (river of blood).
** When it comes to fancy technology, the current precedent is Kyllo v. United States, 533 U.S. 27 (2001) although it was a close (5-4) decision, the premise being the police used "technology not generally available to the public".
The difference is I only have to get lucky once.
Clearly A/C has never had to do an enterprise deployment.
.. probably, but who's going to support that long term?.
The reason for going "all $vendor" (be it Cisco or Microsoft) is because our business is not about finding the absolute lowest line-item cost for every piece of IT gear.
Our business is doing something ELSE, and IT is just in support of that.
Could Cisco's technology be replicated with a bunch of WRT54GLs and a room full of grad students?
Trust me, the "fun" of making two random things work together wanes real fast when you've got a job to do.
Like always, the question you have to ask is "who am I hiding it from"?
.. so unless your transport itself is encrypted, it's game over if the exit op is malicious.
TOR works well, but is neither anonymous or private (meaning TOR traffic is easy to identify at entry, so the ISP will know you're doing it). At exit, the traffic is the same as it entered
Paid proxies are good for casual "don't want the boss seeing it", and many of these are plain HTTPS so they're harder to spot. Teathering your personal phone also works here.
If you're doing something illegal, the safest bet is probably long-range wifi (to somebody else's equipment) + proxy (tor, VPS with stolen CC, etc.) and even then you've got to move around a bit.
Here's a tip (and I work on a campus with thousands of these, btw)
When we go looking for miscreants, the guy with the Yagi (or pringles can, or patch antenna, or anything that isn't a regular laptop without external cabling) sticks out pretty clearly.
Many TOR nodes are run for malicious purposes (a few have resorted to 'wall of sheep' sort of tactics' to reinforce this fact). TOR gives you anonymity but NOT privacy.
Cisco's WLSE has APs dedicated to TDOA and cleanair .. you can upload a CAD drawing of the building and pinpoint where exactly your TDOA aps are at and it will show you exactly where (on a virtual drawing) the rouge AP or client is.
When this technology matures to include ceramics and sintered metals that can be fired to produce an object OTHER than red plastic, I can imagine a lot more sinister uses .. guns for example.
Actually those are done pretty similarly, but in reverse. Blocks of PBX are CNC machined to achieve the precise geometry required for an implosion.
I'd complain about that .. if there are meter closets with dozens of meters, there's no reason the utility can't install automated reading systems directly in the building (versus the drive-around-in-a-van variety). Failing that, ask the superintendent to install a PTZ webcam in the meter room accessible to residents.
Alternatively, sign up for "budget billing" which makes your bill the same each month based on rolling 12 month pattern.
You can prevent an "estimated bill" by just calling in the reading yourself.
It usually says how to do that right on the gas/electric bill, along with what weeklong window you have to do it and the phone number to call.
Here in Ohio, it's a simple IVR system that asks for account number and the current 5 digit reading.
It's wireless, so it's not as straightforward as you'd like to think.
.. think of how tolls are calculated based on number of axles (which is directly proportional to weight). Heavy trucks cause faster wear on roads, hence higher tolls.
Your GSM/UTMS/HSDPA/whatever signal uses a defined amount of spectrum, which is shared (to what extent depends on the modulation scheme and a lot of other variables like tower spacing and channel reuse). The towers (leases, power, etc.) and bandwidth (FCC auctions) all cost money, and have to serve everyone more-or-less equally.
To use the time-honored car analogy
This is in Federal court .. civil contempt charges are limited to 18mos.
unless the police can argue "inevitable discovery" (ie: "we would have found it eventually anyway) .. any evidence derived from that which is obtained in an illegal search, is also illegal.
.. their entire case can get thrown out for sloppy work up front.
For example : illegal wiretap discovers drug operation. Search for drugs based on poisoned warrant discovers guns and cash. Unless the government can reasonably argue that the guns and cash would have been found without the poisoned warrant, they too are inadmissible.
That is a rather large stick to disincentive police misconduct
Of course, this all depends on the quality of your lawyer, which itself is largely a matter of funding. This is also why plea agreements are so common.
re (2) : these exist. http://www.starchase.com/
Depends on the judge (I do a lot of subpoena work, on boths sides).
.. I have seen some where the judge says "Apartment #3 is not sufficient to identify the residence" and "Computer equipment does not sufficiently identify the property sought" and the police had to go back and get permission (from the landlord) to take a picture of the door and go back to the judge along with serial numbers and such of the devices.
.. because what if the police work is sloppy and the stolen computer is serial number AB123456 and you have a computer that's DE78910 but the same exact model .. guess which defendant is getting their stuff back.
I have seen some that are "rubber stamped" with only a vague description of what they're after (eg: "computer equipment")
The judge in the 2nd case is doing it right
No, because of the exclusionary rule. (see Silverthorne Lumber Co. v. United States, 251 U.S. 385 (1920)). The courts have held (rightfully so) that the law itself is more important that ultimate justice. To hold otherwise just encourages misconduct.
As the "security" person, what you suggests makes sense until you realize that the hammer/drill method takes a unskilled grunt less than a minute to do, and the "wipe with zeros" method takes hours, even for a single pass, and a skilled technician to do.
.. the additional revenue from selling the 4-5 year old unit intact with disk - the time invested to render that disk "safe" for sale does not come out to more than we get for selling it all as scrap.
.. policy states "all storage devices, including those in printers, copiers, and networking devices, will be physically destroyed before sent for recycling or disposed as scrap".
I have about 400 pounds of hard drives (many of them 100+gb FC disks out of an EMC SAN) that are all headed to the bandsaw. We have done the math on this many times
It's not an "impulsive instinct to destroy", it's a business economics decision.
Sure, we've had plenty of organizations say "give it to us, we'll send a guy to sit there and wipe them for you", but as a business, you can't trust them to *really* do it, and supervising that it got done loops back to the same time=money problem.
Hence
Nothing personal.