Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. You're confusing political power with nature. on Surprise Arrest For Online Scientology Critic · · Score: 1

    In this world there is only what you can take and hold, and that which you cannot.

    No. That is force. That is the basis of political power. The government is the police / military.

    What about families? What about the loyalty there? Their force extends beyond the individual. Yet there is nothing forcing them to act so.

    The same with religion. The priest has influence beyond his personal use of force.

    And there is also economic power. Paying people to perform actions for you.

    Rights exist as concepts. The same with Love and Hate.
  2. Or you're paranoid. on New Legislation to Combat Identity Theft · · Score: 5, Insightful

    Really, how many people who haven't been the victims of fraud are going to spend money AND TIME putting these "freezes" on their records?

    Instead, why not "freeze" them by default?

    Then if the customer WANTS to open a new credit account, the fee to "unfreeze" can be rolled into the new account.

    If the customer wants someone to do a credit check on him, the fee can be rolled into the new account OR paid by the organization doing the check.

    Why pass a law that doesn't, by default, protect EVERYONE?

  3. Paris Hilton on Ceiling Height May Affect Problem-Solving Skills · · Score: 0, Troll

    Wealthier individuals with the larger home... does the environment itself produce children who are less restricted in their thinking?

    You tell me.
  4. Mod parent up! on A Foolproof Way To End Bank Account Phishing? · · Score: 1

    Spend $50K to get $500,000? Sure!

    And if they time it right (end of month, beginning of month) they could easily make that much before it was shut down.

    And how would it be shut down? Who would you complain to? Is there a potential for a DDoS attack against other .bank sites?

    Come on people, don't just think how great your idea is. Spend some time thinking about how the bad guys would attack it.

    #1. Just buy in. Who's going to validate you?

    #2. Fake url's. Exploit old browsers.

    #3. DDoS against the other .bank sites so everyone is used to those sites being unavailable and going to .com sites instead.

    #4. DNS compromises.

    #5. Host file attacks. As long as you can get some crapware installed on their computers.

    And I'm sure there are more ways out there. If you REALLY want to solve this, use two channel authorization. If you make any transactions online, the bank will call your phone and ask you to punch 1 for "okay" or 2 for "not okay" or 3 to report a fraudulent transaction.

  5. Infiltration, not purchases. on Massachusetts Joins the Real ID Fight · · Score: 1

    If you put a complete bar on it, then you get no human intelligence.

    Nope. You infiltrate the organization.

    They must NEVER know that they're dealing with law enforcement until AFTER they've been captured.
  6. I won't risk it anyway. on Massachusetts Joins the Real ID Fight · · Score: 1

    Here's my answer- a national ID card does NOT neccessarily imply a single national database. It just means a single primary key that allows us to link tables in disparate databases together to autocorrect such mistakes.

    More likely to auto-replicate the errors.

    A single database is more efficient.

    Eventually, the other departments will just stop maintaining their databases and use the database that has the most information in it. Then you have the one big database with whatever errors anyone has put in.

    Fascism begins when the efficiency of the Government becomes more important than the Rights of the People.
  7. I'm going to code me a mini-van! on Massachusetts Joins the Real ID Fight · · Score: 2, Informative

    They forbade the trading of money for tips and information to those who were significant parts of criminal enterprises, so they couldn't give, say, $50,000 for information on where drug lords were hiding out or $10,000 for a tip on where some shoulder-fired SAMs might be delivered next week if the person telling you might be a drug trafficker or be involved in some jihad-related mayhem himself.

    Yep. When Mafia family A wants to take over some territory from Mafia family B, just call the Feds. They'll do the work for you.

    If you're a little strapped for cash, just offer to sell that old weapons cache for cash!

    You see, the problem is the corruption of the law enforcement agencies. No matter how clean they are to begin with, once they start swapping favours and cash with the bad guys, they become corrupt.

    The final result is cops being paid as hit men. And we've seen that.
  8. And the reason is .... on Massachusetts Joins the Real ID Fight · · Score: 1

    ... that the government always EXPANDS their requirements.

    So, in order to avoid being REQUIRED to have a National ID, you have to go to the extra effort of maintaining (how much effort is that?) a few extra forms.

    Sounds like a great deal to me. But then I'm philosophically opposed to "papers, please" becoming common in the US.

  9. Good vs Bad. on Security Isn't Just Avoiding Microsoft · · Score: 3, Insightful

    Any such system that's tight enough to meet conventional ideas of 'security' is tough to build, and even harder to maintain. The effort and diligence curves are way above what you can expect from the everyday person on the street.

    Possibly. But that doesn't take into account bad security designs.

    As with my Ubuntu example, just having a default install have no open ports is a HUGE step in reducing the threat to that box.

    Security is measured like system uptime: in orders of magnitude. One-nine security (90%) is easier to achieve than two-nines (99%), with each additional nine being harder and more expensive to tack on. It's very unlikely that we'll ever see the general public acquire the knowledge and discipline necessary to maintain overall five-nines security (99.999%), because somebody just won't think the payoff is worth the effort.

    Pretty much. Once you have a good security model, getting it to be MORE effective may take effort that the average person isn't willing to put into it.

    But I never care about "uptime" as a measure of security. The system can be very insecure, but still never crash.

    I prefer looking at data compromised vs data lost. If you maintain your system so well that you lose data more frequently by accidentally deleting it without a backup than the number of times you've been cracked, that's the best you can really hope for.

    Just be so secure that your users (even if that is just you) will do more damage to their data than outside attackers will.
  10. "Security" does not exist! on Security Isn't Just Avoiding Microsoft · · Score: 5, Insightful
    At least, that is what TFA says.

    Networks in a world in which Apple had won the operating systems wars would still be insecure. What's that, you say? The Macintosh has had far fewer bugs reported and patched than Windows? That's true, but it's a consequence of the minuscule market penetration of Mac OS.

    Got that? It's all about market share. There is no such thing as "security".

    If everyone's house had no locks, they would be just as secure as if everyone's house had the best locks on the market.

    If you put computers on a network and open that network to the outside world via the Internet, you're going to have security problems, regardless of whether you're running Windows, Mac OS, Linux or an operating system you created in your spare time.

    I run Ubuntu (Feisty Fawn). By default it has NO open ports. That means that unless a worm can hit the TCP/IP stack, I am invulnerable to them.

    He is an idiot. He doesn't even define "security" before he says that it doesn't exist.

    My definition is: Security is the process of evaluating threats and reducing their effectiveness.

    But once we've done all that, we're left with one unalterable fact: Users will still make errors galore.

    You're an idiot.

    So if we replace Windows with Ubuntu, and the number of cracked machines goes down from 10,000,000 to only 1,000 ... that doesn't mean that Ubuntu is more secure because 99% of the cracked machines would be Ubuntu.

    So, what needs to be done? You must require users to attend formal information security training and awareness programs. No one should be left out.

    Why do I get the feeling that this guy just bought stock in a training company?

    If that approach was effective, we wouldn't have the problem we have today.
  11. Two issues with that. on Utah Anti-Kids-Spam Registry "a Flop" · · Score: 1

    #1. Is it protecting the kids? Is anyone taking any before and after measurements to see whether it is doing anything more than just costing money? I couldn't find anything about that in the article.

    #2. How much money do we want to spend on "protecting the children"? Is a trillion dollars a month too much to spend to prevent one kid from seeing one naked picture?

  12. Why not a computer lab? on Some Schools Ending Laptop Programs · · Score: 2, Insightful

    As I recall, that "something" was "survival in the business world" and the solution was to tech kids how to use Word and Excel.

    Great. But wouldn't it be far more cost effective to teach those apps (or equivalents) in a computer lab or such? Maybe even have a class on "modern business technology"?

    Mandatory car analogy ...

    We don't purchase a car for each student just because we know that they're probably going to need to know how to drive, do we? Instead, we have a "driver's education" class where they get to practice with a few school owned and maintained vehicles.
  13. What problem were the laptops supposed to solve? on Some Schools Ending Laptop Programs · · Score: 5, Insightful

    The real issue with laptops in schools is ... what is the problem that the laptops are supposed to solve?

    Nothing I've read indicates that ANYONE looked at the problem. They decided that the students "needed" laptops to "prepare" the students for ... something.

    Think about it. It's kind of like giving kids a TV. Or a game console. Yes, there may be very specific instances where such would be useful (learning TV repair?) but on the whole, it's a fucking stupid idea.

    Add to that the fact that (as they discovered) laptops are FRAGILE and it just gets worse.

    Instead of focusing on technology, I'd rather see the focus on finding better educational models. We've all heard stories of kids who go from illiterate to college because they moved to a non-traditional school. Why can't we spend a fraction of the tech money seeing if we can find better low-tech (and therefore, more reliable) methods of educating our kids?

    The average laptop probably won't last 4 years in high school. A book can last 20 years.

  14. So he starts a new character and does it again. on Is Virtual Rape a Crime? · · Score: 1

    The proper response was a slap to the face, not a 2000 word post on your blog about the atrocities of "mental rape".

    Yeah, I pretty much agree with that.

    The only issue is what happens when the guy starts another character and does the same thing again? From a different IP address. And so forth.

    Here's a novel concept (I'm being flippant). Why not allow the people in those systems to set their characters to automatically ignore (not see at all) other characters who have not provided some link to their Real World selves? I know this might not be easy, but it's the easiest way for the other users to avoid the harassment from the anonymous griefers.

    Some people like the anonymity offered. Some people don't. Allow the users to choose.
  15. Yeah, not in public. on Is Virtual Rape a Crime? · · Score: 5, Insightful

    So a better example would be ...

    Compare being raped for an hour
      to
    not being able to go to the pizza place on the corner because there's some guy there that the management refuses to kick out who will scream obscenities at you.

    Yeah, yeah, I know. That's the place where you were supposed to meet a new client. So it has to be a crime ... of some kind ... right?

    Which is why we have "civil cases" and "criminal cases". Not everything that happens to you is a crime.

  16. That's overlooked by most of the designers. on Is Virtual Rape a Crime? · · Score: 1

    There should be an in-game mechanism just like there's an in-life mechanism. Have an in-game jail or just simply ban the offender -- this should be decided by the community.

    In the Real World, there are all kinds of mechanisms that the community can employ when an individual breaks the laws, rules, customs or taboos of that community. The individual has a presence 100% of the time.

    Online, those mechanisms do not exist.

    The offender can log off or create a new account. The offender only has a presence when the offender chooses to. Which means that the offender has more power to affect the community than the community has to affect the offender.

    Virtual life sucks. Deal with it. Choose not to play in those systems that don't conform to your standards. It's as simple as that.
  17. Think about that. on Is Virtual Rape a Crime? · · Score: 3, Insightful

    You've just equated it to a denial of service attack and you think that fixes anything?

    Here, let's try an experiment.

    Compare being raped by someone from an hour with not being able to go to the pizza place on the corner for an hour. Damn. And you really wanted pizza.

    Maybe you should get a grip on reality.
  18. Understand your situation. on Would You Install Pirated Software at Work? · · Score: 5, Insightful

    If you don't get it in writing, should anything happen and the company be audited ... YOU will be the one blamed and fired.

    Everyone else will swear that YOU were the loose cannon. That they would NEVER violate a copyright. That they are 100% honest.

    Really. They're already asking you to violate your ethics / principles. Why would you believe that they wouldn't lie about who's idea it was?

  19. Sort of ... but not exactly. on Do We Really Need a Security Industry? · · Score: 5, Insightful
    From TFA:

    If computers were already secure against viruses, there wouldn't be any need for antivirus products. If bad network traffic couldn't be used to attack computers, no one would bother buying a firewall.

    Now, take a default installation of Ubuntu Feisty Fawn. Even if you hook it straight into the Internet WITHOUT an external firewall (or running any firewall software) you'll still be very secure.

    That's because, by default, there aren't any open ports. There's no way for any worms to attack your system. That's just basic security practice.

    Now, there are other ways to crack a default Ubuntu installation. But they require that the admin have done something to make it LESS secure (or you can physically access the box).

    Your example is about the physical world. And the problem there is that physical access is already assumed. We can take steps to REDUCE the physical access, but that still leaves social engineering attacks.

    You will always need police just as you will always need sysadmins who will READ THE SECURITY LOGS. No matter how secure you are.
  20. Mod parent up! on Do We Really Need a Security Industry? · · Score: 4, Insightful

    Also, do not forget that an Internet connection allows anonymous attackers to assault your systems 24/7/52.

    Having a firewall may not force the workstation software providers to improve their security. But the firewall provides a single point where you can focus intensive monitoring efforts.

    We live in a world where people will trade their password for a bar of chocolate.

    Over time the technology WILL get better. We're already seeing some of that. But in the end, even with perfect software security, we will still have problems because PEOPLE will be using the systems.

  21. Read what I had posted, okay? on Russinovich Says, Expect Vista Malware · · Score: 4, Insightful

    In reality though in any reasonable system quite a number of configuration files have been modified, and the users have stuff in their home directories that does not directly come from any installation CD that could be used for at least a user-level exploit (which makes a root exploit dramatically easier).

    I had already addressed that.

    I had said:
    "Any file that is NOT accounted is suspect and can be individually evaluated. Most of them should be data files that are not executable."

    Again, you should be able to automatically validate the system files, then you manually check the others. Those others include the config files, user files and so on.

    In such a system it is generally quite a bit less work actually to do a reinstall and reconfiguration than combing all the files with the kind of comb you need to catch all things evil.

    If that were correct than your newly installed box would be cracked as soon as those user files were restored.

    And, yes, they will need to be restored.

    So, in EITHER case those files will have to checked for "all things evil".

    But in my scenario, the box is validated FASTER and you can identify the files that were added/replaced.

    More importantly, you can validate whether the box WAS compromised.

    It's like trying to find the proverbial needle in the haystack, except that the needles have been deliberately hidden and you don't know how many there are - and if you miss one, you lose.

    I take it that you don't work on Linux boxes much.

    There are a finite number of files on the box. And EVERYTHING is a file.

    The more of them that you can automatically validate, the smaller the number of files that you have to search through. This isn't magic. It's something called "Computer Science".

    In your scenario, you rebuild the box, restore the users' files ... and you've just been compromised again.
  22. Not necessarily. on Russinovich Says, Expect Vista Malware · · Score: 5, Interesting

    I can boot with a LiveCD and mount the hard drive so that NONE of its files are being run.

    Then I simply match each and every file on the hard drive to the package that it should have come from and validate the md5 checksum.

    Any file that is NOT accounted is suspect and can be individually evaluated. Most of them should be data files that are not executable.

    Remember, in Linux, everything is a file and the boot process is very clearly defined. If something is running on your machine, you can find what it is and why it is running.

    Any system that REQUIRES a complete tear down after ANY vulnerability is exploited is NOT a well designed system. There has to be a way to validate each section of the system.

  23. And ... ? on Russinovich Says, Expect Vista Malware · · Score: 5, Interesting

    So now you know that Vista can be compromised ... what are you doing about it?

    Where's the clean boot disk that I can use to scan a Vista box? How do I validate all the files on it?

    What is your answer to AFTER the box has been cracked?

  24. Mod parent up! on Beryl User Interface for Linux Reviewed · · Score: 5, Insightful

    These "reviews" are stupid.

    #1. Review the distribution with hardware that WORKS WITH IT. You want to review the distribution, right? Not "does it work with Card XYZ123". I know, I know. Finding that hardware is too hard for you. You want to "review" it based upon whatever you have at hand right now. Whether it works or not.

    #2. If you want to review how it has problems with "Card XYZ123" then right your review about that card. That means you try that card with different distributions. Again, I know. You don't want to spend more time or effort than is absolutely necessary to get your "review" out.

    #3. If you're going to review hardware, review hardware. Which cards are supported? How well? Which are not? Why not? Of course we're not going to see many of these because it takes even more time and effort than the other two.

  25. Social hack - use "bullfight" for "speed trap". on Is Your GPS Naive? · · Score: 5, Funny

    If there isn't one specifically for "speed trap", then re-purpose one of the lesser used code. I'd recommend "bullfight" just because there will be very few instances of its legitimate usage.