Why? Because we are humans...silly little bags full of thousands of chemical reactions that manifest themselves as irrational, emotional responses. We can justify and rationalize damned near anything: genocide, war, letting people starve to death, etc. So we look for the plane because through those chemical reactions we feel an emotional connection (empathy/sympathy) to those missing and their loves ones. We want to rescue survivors, recover victims, and give closure to those family members left behind. One can argue the nobility of this. Granted, if those same missing persons were diametrically opposed to "our" political/religious persuasions at the time, we'd be just as likely to bomb them as look for them. Humanity. Go figure. By god, I'm feeling snarky and cynical this Friday!
Disclaimer: I work for a small community bank. In the US, all banks are required to adhere to the Gramm-Leach-Bliley Act (GLBA). See: http://en.wikipedia.org/wiki/G...
As such, banks are required by both their state and federal regulators to follow a series of basic security protocols as laid out in the FFIEC IT Examination Handbook. Google this document for further details.
I'm not sure what recourse she would have, specifically, under GLBA, but if she is truly interested in following up on this mistake by the bank, the place to begin would be consulting an attorney and contacting either the FDIC or the state's Department of Financial Institutions to make a formal complaint. Banks are usually required to have a formal complaint resolution process in place, and they are required to respond to both FDIC and state regulatory complaints as well.
Please take the time to read East of Eden by John Steinbeck. I have yet to read a better novel that captures the "human condition" and just what it means to be human. In a letter to Pascal Covici, editor at Viking Press, Steinbeck himself best sums up this novel: "Dear Pat, You came upon me carving some kind of little figure out of wood and you said, “Why don’t you make something for me?” I asked you what you wanted and you said, “A box.” “What For?” “To put things in.” “What things?” “Whatever you have.” You said. Well here’s your box. Nearly everything I have is in it, and it is not full. Pain and excitement are in it, and feeling good or bad and evil thoughts and good thoughts—the pleasure of design and some despair and the indescribable joy of creation. And on top of these are all the gratitude and love I have for you. And still the box is not full. John"
Working my ass off...fortunately, or unfortunately. It's better than digging ditches or getting shot at, but sometimes I think, "By god, a shovel would feel good in my hands today."
It has very little to do with the fact china is 'communist' and everything to do with how many people they have and how difficult it is to have and enforce laws laws on a population that huge. If anything china is an example of what you have when you have so many people and nowhere near the resources to enforce the law.
I know, I was simply being facetious and wearing out a meme.
Forgive my ignorance, but I've never followed the LCD and/or HDTV market closely, so these may be silly questions with obvious answers. I will assume (correct me if I am wrong) that there's some consolidation in the LCD TV industry and that most "manufacturers" get their panels from only a handful of sources. If that is in fact the case, what variables actually go into determining the quality of a unit? For example, I've read several "rumors" that Samsung once upon a time had a ton of bad caps on some model(s) that gave consumers a lot of grief. Just curious, so thanks for the insight!
I know in our last safety and soundness exam the FDIC looked over our Red Flags program. I'm not saying that is where they spent the majority of their time by any means, though. Right now all the banks are getting hammered on asset quality. The regulatory bodies have written so many MOUs they're having a hard time keeping up.
I work as a network admin for a small community bank, so I have a passing knowledge of these matters. First, fully investigate your rights under Reg E if you are in the US.
There are rules that govern reporting unauthorized transactions and the providing of "provisional credit" by the financial institution. Make sure you read and understand your rights. Hold your institution's feet to the fire, and make sure they act within this framework.
Second, understand that it is difficult to protect your debit card information. It can be stored (and stolen) from so many places. Any online purchase may result in your card info being stored on a server somewhere. Once that server's back end database is compromised, your data is exposed. Or you shop at a store with a POS system that is not well secured. Or your server at the restaurant last night cloned the mag stripe on the card. Ad infinitum.
Now, it's easy to say "make the financial institution liable for all fraud". But keep in mind the sheer volume of ACH payments processed by some of these banks. There's no way in hell that a bank can know for sure, 100%, that you did or did not initiate a particular transaction. However, please know that most banks' core providers have heuristic/behavioral analysis that does in fact look for behaviors that don't match yours. Companies like Fidelity National Information Services (FNIS), for example, actively send out "fraud alerts" that monitor ACH and debit activity on their networks. For example, if your card is used to purchase a product from a country or a domestic location that doesn't match your activity history, your bank can be alerted and the card can be "hot carded". I know it seems like we, as banks, drop the ball a lot, but keep in mind there is a lot going on that customers are not even aware of.
One piece of advice I would give is to just keep enough in the DDA account to which the card is tied to not go into an overdrawn status. Keep the bulk of your funds in a NOW or savings account with nothing electronic tied to it. No debit card, no automatic bill pay, etc.
I realize that you have a relatively insane schedule, but go back and read your comments. They are nearly all self defeating. Working out regularly is like quitting smoking - it's something YOU have to want to do for yourself and your own benefit. You'd be amazed what a simple set of adjustable dumbbells and a weight bench will do when used for only 20 minutes a day 3 to 4 days per week. Throw in some form of cardio on your days off from lifting, and you're doing far better than most of the general public.
Also, if you are truly serious about staying in shape, take a good look at your diet. Years ago I switched my diet from overly processed starches and red meats to include more whole grains, skim milk, water, whole fruits and vegetables, and green tea. My energy levels easily doubled. The amount of time I spent sick dropped.
Seriously, if you truly want to get in shape, you will make time for it. All it takes is making it a habit, which will probably require a 2 month investment on your part, whether you feel like it on a given day or not. There are days when I don't feel 100% like working out, but once I get about 5 minutes into my routine, I am up to the challenge.
This is one of those times where I am reminded that the vast amount of time and distance involved in any event like this make it most difficult to prepare for. Assume for the sake of argument that we know some event like this could truly destroy the human race (or at the very least do something very malicious to the vast majority of us and our environment). Now, how do we, as a species, go about preparing? If the star has already exploded, we'll have no way of knowing until the light has traveled X number of light years. Thus any preparations we might make could very well be in vain and terribly incomplete. Also let us assume we had some way of knowing that the star had not yet exploded. Do we begin the massive (and we'll assume expensive) task of putting some sort of elaborate emergency procedures in place? Assuming we did, who's to say that in 600 years our descendants would be able to take advantage of such countermeasures? Hell, they may have wiped themselves our 200 years earlier because they decided it was finally a good idea to start lobbing nukes at one another! Just another remind (to me) that we're pretty small, insignificant dots floating around at the complete mercy of forces we are just beginning to understand and appreciate.
That's an excellent idea! Though it would be nice if you could use a GPO to make changes "on the fly," so to speak. Our core processor use a certain web based app that simply refuses to work with a couple of GPO settings, and it's nice to be able to turn those on/off without reinstalling any software. But I just don't see MS designing in control for FF.
Part of my day job consists of administering a small Active Directory domain (25 nodes). And of course I can craft all sorts of nifty GPOs to control the behavior of IE on the clients within the domain. So, from that point of view, one might be able to argue that IE is in fact "more secure". Or, more controllable, perhaps.
Now, I'd personally prefer to have FF on all the clients and have FF controlled via a GPO, but to my knowledge that is not possible. If it is, someone please point me in that direction.
Take a minute to peruse through the Federal Financial Institutions Examination Council IT Handbook at http://www.ffiec.gov/ffiecinfobase/html_pages/infosec_book_frame.htm
There's a section on remote access. NOTE: this is for financial institutions, and the information therein may or may not be relevant to your particular organization. But there is some helpful information within.
Great reply. This makes me think of Blade Runner and the Voit-Kampf tests given to the Replicants. They had "human memories," and thus could answer a ton of questions, but it was the emotional side of being human with which they struggled. So, in essence, they too had a huge database of answers from which to pull, but when you threw something odd in there like "why are you letting the turtle bake on its back in the hot sun, Leon?" they couldn't regurgitate an acceptable answer.
Maybe this is where we need to go, testing for emotions?
I work for a small community bank, and we are in the process of developing our program now. The regulations implement sections 114 and and 315 of the FACT Act. Section 114 requires all covered institutions to create and implement a written Identity Theft Prevention Program consisting of four elements:
1. Identification of Red Flags
2. Detection of Red Flags
3. Responding to Red Flags
4. Updating the Program
To be covered, an institution must offer what is called a "covered account." A covered account is (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or (2) any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft.
The regulatory bodies go on to offer guidance on 5 categories of potential Red Flags, including:
1. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services;
2. The presentation of suspicious documents;
3. The presentation of suspicious personal identifying information, such as a suspicious address change;
4. The unusual use of, or other suspicious activity related to, a covered account
5. Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor.
Section 114 also requires the issuer of a debit or credit card to verify the vailidity of an address change followed by the request for a new, additional, or replacement card if requested within 30 days of the address change. In other words, if you receive a request for a new card within 30 days of an address change, you are required to validate the address change with the customer to be sure it is indeed a valid request before mailing the new card.
Section 315 requires the users of consumer reports (i.e., credit reports) to verify the identity of the consumer if the report notes a substantial difference in the address provided by the institution versus the address last on file with the Credit Reporting Agency. This applies only if a continuing relationship is established with the consumer.
One of the ways to comply with Element 2, detecting Red Flags, is to use various software programs (such as those for BSA/AML) or databases to run checks against, but the regulations clearly state that the program must be appropriate for the size of the institution and the scope of its operations. I highly doubt they'll expect mom & pop types institutions to deploy extraordinary measures to verify that Jim Bob is not a terrorist. Now, if you're Bank of American or Fifth Third, for example, you'll be expected to do a little more.
Also note that bank's service providers are required to have a Red Flags program in place. Meaning if I am generating mortgage or auto loans for a financial institution, I'm required to detect and respond to Red Flags, and the bank is required to assess my program. Hope this helps!
Slashdot Mirror
Why? Because we are humans...silly little bags full of thousands of chemical reactions that manifest themselves as irrational, emotional responses. We can justify and rationalize damned near anything: genocide, war, letting people starve to death, etc. So we look for the plane because through those chemical reactions we feel an emotional connection (empathy/sympathy) to those missing and their loves ones. We want to rescue survivors, recover victims, and give closure to those family members left behind. One can argue the nobility of this. Granted, if those same missing persons were diametrically opposed to "our" political/religious persuasions at the time, we'd be just as likely to bomb them as look for them. Humanity. Go figure. By god, I'm feeling snarky and cynical this Friday!
Disclaimer: I work for a small community bank. In the US, all banks are required to adhere to the Gramm-Leach-Bliley Act (GLBA). See: http://en.wikipedia.org/wiki/G...
As such, banks are required by both their state and federal regulators to follow a series of basic security protocols as laid out in the FFIEC IT Examination Handbook. Google this document for further details.
I'm not sure what recourse she would have, specifically, under GLBA, but if she is truly interested in following up on this mistake by the bank, the place to begin would be consulting an attorney and contacting either the FDIC or the state's Department of Financial Institutions to make a formal complaint. Banks are usually required to have a formal complaint resolution process in place, and they are required to respond to both FDIC and state regulatory complaints as well.
Please take the time to read East of Eden by John Steinbeck. I have yet to read a better novel that captures the "human condition" and just what it means to be human. In a letter to Pascal Covici, editor at Viking Press, Steinbeck himself best sums up this novel:
"Dear Pat,
You came upon me carving some kind of little figure out of wood and you said,
“Why don’t you make something for me?”
I asked you what you wanted and you said, “A box.”
“What For?”
“To put things in.”
“What things?”
“Whatever you have.” You said.
Well here’s your box. Nearly everything I have is in it, and it is not full. Pain and excitement are in it, and feeling good or bad and evil thoughts and good thoughts—the pleasure of design and some despair and the indescribable joy of creation.
And on top of these are all the gratitude and love I have for you.
And still the box is not full.
John"
"Urine" for a surprise!
That's a good point. I hadn't stopped digging long enough to realize the shovel could be put to other uses!
Working my ass off...fortunately, or unfortunately. It's better than digging ditches or getting shot at, but sometimes I think, "By god, a shovel would feel good in my hands today."
It has very little to do with the fact china is 'communist' and everything to do with how many people they have and how difficult it is to have and enforce laws laws on a population that huge. If anything china is an example of what you have when you have so many people and nowhere near the resources to enforce the law.
I know, I was simply being facetious and wearing out a meme.
In Communist China, pollution kills you (literally)!
Forgive my ignorance, but I've never followed the LCD and/or HDTV market closely, so these may be silly questions with obvious answers. I will assume (correct me if I am wrong) that there's some consolidation in the LCD TV industry and that most "manufacturers" get their panels from only a handful of sources. If that is in fact the case, what variables actually go into determining the quality of a unit? For example, I've read several "rumors" that Samsung once upon a time had a ton of bad caps on some model(s) that gave consumers a lot of grief. Just curious, so thanks for the insight!
"Urine" for a surprise!
I know in our last safety and soundness exam the FDIC looked over our Red Flags program. I'm not saying that is where they spent the majority of their time by any means, though. Right now all the banks are getting hammered on asset quality. The regulatory bodies have written so many MOUs they're having a hard time keeping up.
I work as a network admin for a small community bank, so I have a passing knowledge of these matters. First, fully investigate your rights under Reg E if you are in the US.
http://www.federalreserve.gov/bankinforeg/regecg.htm
There are rules that govern reporting unauthorized transactions and the providing of "provisional credit" by the financial institution. Make sure you read and understand your rights. Hold your institution's feet to the fire, and make sure they act within this framework.
Second, understand that it is difficult to protect your debit card information. It can be stored (and stolen) from so many places. Any online purchase may result in your card info being stored on a server somewhere. Once that server's back end database is compromised, your data is exposed. Or you shop at a store with a POS system that is not well secured. Or your server at the restaurant last night cloned the mag stripe on the card. Ad infinitum.
Now, it's easy to say "make the financial institution liable for all fraud". But keep in mind the sheer volume of ACH payments processed by some of these banks. There's no way in hell that a bank can know for sure, 100%, that you did or did not initiate a particular transaction. However, please know that most banks' core providers have heuristic/behavioral analysis that does in fact look for behaviors that don't match yours. Companies like Fidelity National Information Services (FNIS), for example, actively send out "fraud alerts" that monitor ACH and debit activity on their networks. For example, if your card is used to purchase a product from a country or a domestic location that doesn't match your activity history, your bank can be alerted and the card can be "hot carded". I know it seems like we, as banks, drop the ball a lot, but keep in mind there is a lot going on that customers are not even aware of.
One piece of advice I would give is to just keep enough in the DDA account to which the card is tied to not go into an overdrawn status. Keep the bulk of your funds in a NOW or savings account with nothing electronic tied to it. No debit card, no automatic bill pay, etc.
I realize that you have a relatively insane schedule, but go back and read your comments. They are nearly all self defeating. Working out regularly is like quitting smoking - it's something YOU have to want to do for yourself and your own benefit. You'd be amazed what a simple set of adjustable dumbbells and a weight bench will do when used for only 20 minutes a day 3 to 4 days per week. Throw in some form of cardio on your days off from lifting, and you're doing far better than most of the general public.
Also, if you are truly serious about staying in shape, take a good look at your diet. Years ago I switched my diet from overly processed starches and red meats to include more whole grains, skim milk, water, whole fruits and vegetables, and green tea. My energy levels easily doubled. The amount of time I spent sick dropped.
Seriously, if you truly want to get in shape, you will make time for it. All it takes is making it a habit, which will probably require a 2 month investment on your part, whether you feel like it on a given day or not. There are days when I don't feel 100% like working out, but once I get about 5 minutes into my routine, I am up to the challenge.
This is one of those times where I am reminded that the vast amount of time and distance involved in any event like this make it most difficult to prepare for. Assume for the sake of argument that we know some event like this could truly destroy the human race (or at the very least do something very malicious to the vast majority of us and our environment). Now, how do we, as a species, go about preparing? If the star has already exploded, we'll have no way of knowing until the light has traveled X number of light years. Thus any preparations we might make could very well be in vain and terribly incomplete. Also let us assume we had some way of knowing that the star had not yet exploded. Do we begin the massive (and we'll assume expensive) task of putting some sort of elaborate emergency procedures in place? Assuming we did, who's to say that in 600 years our descendants would be able to take advantage of such countermeasures? Hell, they may have wiped themselves our 200 years earlier because they decided it was finally a good idea to start lobbing nukes at one another! Just another remind (to me) that we're pretty small, insignificant dots floating around at the complete mercy of forces we are just beginning to understand and appreciate.
That's an excellent idea! Though it would be nice if you could use a GPO to make changes "on the fly," so to speak. Our core processor use a certain web based app that simply refuses to work with a couple of GPO settings, and it's nice to be able to turn those on/off without reinstalling any software. But I just don't see MS designing in control for FF.
Part of my day job consists of administering a small Active Directory domain (25 nodes). And of course I can craft all sorts of nifty GPOs to control the behavior of IE on the clients within the domain. So, from that point of view, one might be able to argue that IE is in fact "more secure". Or, more controllable, perhaps.
Now, I'd personally prefer to have FF on all the clients and have FF controlled via a GPO, but to my knowledge that is not possible. If it is, someone please point me in that direction.
Take a minute to peruse through the Federal Financial Institutions Examination Council IT Handbook at http://www.ffiec.gov/ffiecinfobase/html_pages/infosec_book_frame.htm There's a section on remote access. NOTE: this is for financial institutions, and the information therein may or may not be relevant to your particular organization. But there is some helpful information within.
Great reply. This makes me think of Blade Runner and the Voit-Kampf tests given to the Replicants. They had "human memories," and thus could answer a ton of questions, but it was the emotional side of being human with which they struggled. So, in essence, they too had a huge database of answers from which to pull, but when you threw something odd in there like "why are you letting the turtle bake on its back in the hot sun, Leon?" they couldn't regurgitate an acceptable answer. Maybe this is where we need to go, testing for emotions?
I work for a small community bank, and we are in the process of developing our program now. The regulations implement sections 114 and and 315 of the FACT Act. Section 114 requires all covered institutions to create and implement a written Identity Theft Prevention Program consisting of four elements: 1. Identification of Red Flags 2. Detection of Red Flags 3. Responding to Red Flags 4. Updating the Program To be covered, an institution must offer what is called a "covered account." A covered account is (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or (2) any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft. The regulatory bodies go on to offer guidance on 5 categories of potential Red Flags, including: 1. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services; 2. The presentation of suspicious documents; 3. The presentation of suspicious personal identifying information, such as a suspicious address change; 4. The unusual use of, or other suspicious activity related to, a covered account 5. Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor. Section 114 also requires the issuer of a debit or credit card to verify the vailidity of an address change followed by the request for a new, additional, or replacement card if requested within 30 days of the address change. In other words, if you receive a request for a new card within 30 days of an address change, you are required to validate the address change with the customer to be sure it is indeed a valid request before mailing the new card. Section 315 requires the users of consumer reports (i.e., credit reports) to verify the identity of the consumer if the report notes a substantial difference in the address provided by the institution versus the address last on file with the Credit Reporting Agency. This applies only if a continuing relationship is established with the consumer. One of the ways to comply with Element 2, detecting Red Flags, is to use various software programs (such as those for BSA/AML) or databases to run checks against, but the regulations clearly state that the program must be appropriate for the size of the institution and the scope of its operations. I highly doubt they'll expect mom & pop types institutions to deploy extraordinary measures to verify that Jim Bob is not a terrorist. Now, if you're Bank of American or Fifth Third, for example, you'll be expected to do a little more. Also note that bank's service providers are required to have a Red Flags program in place. Meaning if I am generating mortgage or auto loans for a financial institution, I'm required to detect and respond to Red Flags, and the bank is required to assess my program. Hope this helps!