Vulcan was the name of the hypothetical planet between Mercury and the Sun.
Re:Also decided in favor of restrictive firewalls
on
10 Years After SQL Slammer
·
· Score: 4, Insightful
I'd love to implement great security for every customer we have but it's always up to them and how much "trouble" they want to get through using their network (even if it isn't really).
That's the real problem. It will always be easier to NOT do something than it will be to do something.
And NOT doing something will, 99%+ of the time, will be less expensive than doing something.
It is only when that less-than-1%-of-the-time event hits that "something" gets done. And even then the 'something" is usually a panic reaction and NOT real security.
You'll see all kinds of ancient exploits still being tried by machines around the world.
At one place I worked, the contractors who came in to install the VoIP system also connected one of the Win2K3 servers directly to the Internet so that they could manage the VoIP system "easier". And that was back around 2010.
Never underestimate the power of laziness and stupidity.
There are a LOT of idiots out there who do installations.
At one place I worked, contractors went into a remote office to install a phone system and ended up wiring a Win2003 server directly to the Internet (and the internal network) so that they could log into it to make changes to the phone system.
Will your digital pictures still be as accessible to your grandchildren as your grandmother's photographs are to you?
This is one of those recurring "ask Slashdot" questions. How do I preserve the digital images or recordings so that my grandchildren can see them or hear them?
Physical copies of pictures is still the best solution when you're talking about 50 years later.
Examples include a pacemaker that can be tuned remotely,...
Fear your pacemaker!!! People with heart problems will now have an increased risk of death!!!
Uh. Well you know what I mean. Fear!!!
... an Internet-connected car that can have its control systems altered,...
Why would my car need a two-way comm channel on the Internet? I can possibly see reporting but accepting input? Why?
... or an IV drip that can be shut off with a click of a mouse.
See the comments about the pacemaker above.
So what they're really "predicting" is that some engineer at some medical supply company will get REALLY stupid and build in some back-door-thing that will open the company up to all kinds of lawsuits.
Yeah, I can see that happening. Eventually. Once. And when that company is sued out of existence then, hopefully, we'll all learn that not everything needs access to Facebook.
Should citizens be allowed the same weapons that the government has access to? (therefore assuring we could actually revolt)
That's the wrong question.
The correct question is, if The Revolutionary War was fought with M16's, would our Founding Fathers have been okay with civilians owning them?
Or, phrased another way, is there any weapon that our Founding Fathers would have insisted NOT be allowed to civilians and ONLY be kept by the government?
In your link that was non-Japanese Americans imprisoning Japanese Americans during a war with Japan.
I doubt the military's commitment to imprisoning people who look exactly like they do who are their friends and family. The guys in military come from the same small towns that the people with the guns come from.
They're significantly more innocent than the violent assholes threatening them.
First off, I wouldn't say they were *significantly* more innocent. They attempted intimidation first. They are more innocent than the people threatening them with deadly weapons but that it for that part.
Secondly, they did not just post the names of the people who threatened them. They also posted the names of innocent people who had exercised their 2nd Amendment rights and who have NOT threatened them. They are less innocent than those people.
So the final question should be whether 50%+ of the people they "outed" have threatened them or not. I'm going to guess not. But that's just based upon the people I know who own guns.
They have no right to the privacy of their handgun permit, which, by state law, is public information, which they knew when they applied for said permit.
There is a difference between something being "public information" but requiring specific action to discover and a 3rd party collecting that information and publicly publishing it.
I think that the newspaper did that in an attempt to intimidate those people and anyone thinking of getting a similar permit.
Which is where the "irony" part comes in. Now the newspaper people are the ones intimidated. Now the newspaper people have turned to OTHER armed people (not the government or police force) for protection from the people they attempted to intimidate in the first place.
I agree. I think that the next "Industrial Revolution" will be robotic factories producing robots for other tasks/industries.
Now, will the robotic-built robots be single purpose or general purpose? I don't know. But general purpose robots would lead (I believe) to another "hacker" revolution. The same as the general purpose computer did.
A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.
It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.
While a traditional bug would require an RF sweep to find it - and if it saves up conversations and sends them out in a short burst, it can be nearly impossible to find without constant surveillance.
No reason that could not be done in this situation as well.
The hacked phone sends the communications to a hacked workstation on the same LAN segment. They're stored until later.
Then they're sent out over the next day or so with the regular traffic disguised as an encrypted HTTPS stream.
While I am continuously impressed with what can be done on these devices, I am always cognizant of what *can't* be done on these devices.
Exactly. The interface for a less complicated device (a car) should be different from the interface for a more complicated device (jet airplane).
Even browsing the web becomes cumbersome quickly when you need to *type* anything.
You hope that you are in a place where you can use Siri and that Siri understands what you are saying.
And don't forget the web sites that just suck on a mobile device. Like when you have to scroll and scroll and scroll left to read something.
Forget about doing any actual work on one of these things such as replying to emails or anything that is enhanced by more than one 10" screen.
They are designed for consumption of media. Not for production of anything.
I know there will be people who claim that they use their mobile device for writing thousands of lines of code and composing spreadsheets and documents but even if they are real they are the minority.
I realize that the hardware/software manufacturers love the idea of these portable devices and all of the restrictions (hardware/software locks) contained within, but I like to think that people will not always be content with the lowest common denominator
I think that most people will love their mobile devices for media consumption and many people will like the same interface for their desktop/laptop because that is the way they work (full-screen apps possibly layered over each other but only one being interacted with at any time).
But for me, I want my stupid "Start" button or equivalent. I don't want to have to remember the name of an app to launch it. I want to build the menu tree the way I want to use it.
Because sometimes you want to test the wires that are not connected to a server/workstation.
Get a good hand-held time domain reflectometer. I prefer Fluke but I'm sure that others are just as good.
This will not only tell you that the wires are correct, but if they are broken it will tell you how far away they are broken. VERY handy for hunting down problems.
"When you lose control of cyberspace, you lose control of the physical world," said Eric Bassel, director at the SANS Institute.
Just think about that the next time your Internet connection goes out.
Cyber warriors will be presented with potential real-world attacks; their job is to defend against them. Missions will include fending off attacks on the city's power company, hospital, water system and transportation services.
Disconnect from the Internet or firewall. Firewall. Disconnect from the Internet or firewall. And, finally, firewall.
Advanced training will include finding the wireless access points that idiots have brought in from home so that they can run their iPhones.
Now all you have to do is prove your system wasn't at fault in a court of law--against the sweet old lady who's suing, with the driver testifying that it was your system and not him that caused the accident, and a jury that hates big corporations.
Since you're already putting sensors in the car so that it CAN be driverless, simply hook those sensors to a "black box" and replay the accident in the courtroom.
The car company will probably have to go through that a few times but after that it should be very rare. Particularly if the other guy has to pay court costs and such.
The problem with legislating "security" is that you end up with "compliance" instead. The companies get a checklist and fill it in with the cheapest "solutions" possible that will allow them to check off each item.
It's a start. Right now, most companies have no idea how to handle anything other than "run anti-virus software" on as many machines as can be conveniently handled.
With a £400 transmitter, a laptop and a little knowledge you could bring down an entire city's high-speed 4G network.
came from but it is 100% false (unless you are talking about a very, very small "city".
This "attack" is just broadcasting noise and messing with communication protocols. So the range is limited to the coverage area of the transmitter. Including dead zones where there is too much concrete and steel for the transmitter to get through.
So you should see the same pattern for blocking as you do for regular access. With a similar requirement for blocking as for coverage.
Slashdot Mirror
http://en.wikipedia.org/wiki/Vulcan_(hypothetical_planet)
Vulcan was the name of the hypothetical planet between Mercury and the Sun.
That's the real problem. It will always be easier to NOT do something than it will be to do something.
And NOT doing something will, 99%+ of the time, will be less expensive than doing something.
It is only when that less-than-1%-of-the-time event hits that "something" gets done. And even then the 'something" is usually a panic reaction and NOT real security.
You'll see all kinds of ancient exploits still being tried by machines around the world.
At one place I worked, the contractors who came in to install the VoIP system also connected one of the Win2K3 servers directly to the Internet so that they could manage the VoIP system "easier". And that was back around 2010.
Never underestimate the power of laziness and stupidity.
There are a LOT of idiots out there who do installations.
At one place I worked, contractors went into a remote office to install a phone system and ended up wiring a Win2003 server directly to the Internet (and the internal network) so that they could log into it to make changes to the phone system.
Will your digital pictures still be as accessible to your grandchildren as your grandmother's photographs are to you?
This is one of those recurring "ask Slashdot" questions. How do I preserve the digital images or recordings so that my grandchildren can see them or hear them?
Physical copies of pictures is still the best solution when you're talking about 50 years later.
My biggest problem is that the TSA has not caught a single terrorist yet.
Everything they do and all the money they spend has accomplished NOTHING except to harass regular people.
Even worse than that!!!
Fear your pacemaker!!! People with heart problems will now have an increased risk of death!!!
Uh. Well you know what I mean. Fear!!!
Why would my car need a two-way comm channel on the Internet? I can possibly see reporting but accepting input? Why?
See the comments about the pacemaker above.
So what they're really "predicting" is that some engineer at some medical supply company will get REALLY stupid and build in some back-door-thing that will open the company up to all kinds of lawsuits.
Yeah, I can see that happening. Eventually. Once. And when that company is sued out of existence then, hopefully, we'll all learn that not everything needs access to Facebook.
That's the wrong question.
The correct question is, if The Revolutionary War was fought with M16's, would our Founding Fathers have been okay with civilians owning them?
Or, phrased another way, is there any weapon that our Founding Fathers would have insisted NOT be allowed to civilians and ONLY be kept by the government?
In your link that was non-Japanese Americans imprisoning Japanese Americans during a war with Japan.
I doubt the military's commitment to imprisoning people who look exactly like they do who are their friends and family. The guys in military come from the same small towns that the people with the guns come from.
First off, I wouldn't say they were *significantly* more innocent. They attempted intimidation first. They are more innocent than the people threatening them with deadly weapons but that it for that part.
Secondly, they did not just post the names of the people who threatened them. They also posted the names of innocent people who had exercised their 2nd Amendment rights and who have NOT threatened them. They are less innocent than those people.
So the final question should be whether 50%+ of the people they "outed" have threatened them or not. I'm going to guess not. But that's just based upon the people I know who own guns.
There is a difference between something being "public information" but requiring specific action to discover and a 3rd party collecting that information and publicly publishing it.
I think that the newspaper did that in an attempt to intimidate those people and anyone thinking of getting a similar permit.
Which is where the "irony" part comes in.
Now the newspaper people are the ones intimidated.
Now the newspaper people have turned to OTHER armed people (not the government or police force) for protection from the people they attempted to intimidate in the first place.
It's still stupid on both sides.
Okay, but first you have to tell me who those "government troops" are.
Because they wouldn't be American citizens with their own families here who have Thanksgiving dinner with their uncles and cousins who own guns.
They'd have to be troops who would not have a problem with mass killings of Americans. And there would have to be millions of them.
I agree. I think that the next "Industrial Revolution" will be robotic factories producing robots for other tasks/industries.
Now, will the robotic-built robots be single purpose or general purpose? I don't know. But general purpose robots would lead (I believe) to another "hacker" revolution. The same as the general purpose computer did.
A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.
It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.
If it is even noticed as a "virus".
No reason that could not be done in this situation as well.
The hacked phone sends the communications to a hacked workstation on the same LAN segment. They're stored until later.
Then they're sent out over the next day or so with the regular traffic disguised as an encrypted HTTPS stream.
Seconded.
No one needs to protect speech that does not offend the majority.
And then tax the python farms. You're a genius!
I miss BrÃtchen. Particularly with a Rindswurst and slathered in mustard.
Or with Nutella and coffee for breakfast.
Hundreds of millions of years ago. It's been an unbroken chain ever since.
Exactly. The interface for a less complicated device (a car) should be different from the interface for a more complicated device (jet airplane).
You hope that you are in a place where you can use Siri and that Siri understands what you are saying.
And don't forget the web sites that just suck on a mobile device. Like when you have to scroll and scroll and scroll left to read something.
They are designed for consumption of media. Not for production of anything.
I know there will be people who claim that they use their mobile device for writing thousands of lines of code and composing spreadsheets and documents but even if they are real they are the minority.
I think that most people will love their mobile devices for media consumption and many people will like the same interface for their desktop/laptop because that is the way they work (full-screen apps possibly layered over each other but only one being interacted with at any time).
But for me, I want my stupid "Start" button or equivalent. I don't want to have to remember the name of an app to launch it. I want to build the menu tree the way I want to use it.
Because sometimes you want to test the wires that are not connected to a server/workstation.
Get a good hand-held time domain reflectometer. I prefer Fluke but I'm sure that others are just as good.
This will not only tell you that the wires are correct, but if they are broken it will tell you how far away they are broken. VERY handy for hunting down problems.
Just think about that the next time your Internet connection goes out.
Disconnect from the Internet or firewall.
Firewall.
Disconnect from the Internet or firewall.
And, finally, firewall.
Advanced training will include finding the wireless access points that idiots have brought in from home so that they can run their iPhones.
Since you're already putting sensors in the car so that it CAN be driverless, simply hook those sensors to a "black box" and replay the accident in the courtroom.
The car company will probably have to go through that a few times but after that it should be very rare. Particularly if the other guy has to pay court costs and such.
The problem with legislating "security" is that you end up with "compliance" instead. The companies get a checklist and fill it in with the cheapest "solutions" possible that will allow them to check off each item.
It's a start. Right now, most companies have no idea how to handle anything other than "run anti-virus software" on as many machines as can be conveniently handled.
I don't know what the line:
came from but it is 100% false (unless you are talking about a very, very small "city".
This "attack" is just broadcasting noise and messing with communication protocols. So the range is limited to the coverage area of the transmitter. Including dead zones where there is too much concrete and steel for the transmitter to get through.
So you should see the same pattern for blocking as you do for regular access. With a similar requirement for blocking as for coverage.