SOMEONE has to fix the problems that those other people create. And the best way for them to handle it is to bring you in as a consultant/contractor.
Particularly in the company featured in TFA. Why didn't Kelly know that Doug was taking credit for things he wasn't responsible for?
In an economic downturn, I'd stick with the nice people because they ARE nice. You cannot afford to have them leave and take the business knowledge that is locked in their heads with them.
The employees will know that their boss is a backstabbing bastard and they will react accordingly. The talented ones will look for other jobs. The people-not-in-the-talented-ones-group will remain behind. The company will suffer.
How many times did any of the fighters in any of the books use an attack that caused their swords to burst into flames?
This is a generic fantasy game... with LoTR tacked on in a cynical attempt at differentiating itself and appealing to LoTR fans.
LoTR does not translate well into a FPS. It DOES translate well to an old style board game where you handle the strategy of the various groups. Not the individuals.
Out of interest, how would *you* solve the virus issue? Because its not something you can ever completely solve through OS security alone, when your users still need to do stuff...
We go over this all the time here. Yet some people never seem to read it. So, here they are again. In no particular order.
#1. Understand the difference between a "virus", a "worm" and a "trojan".
#2. Take a hint from Ubuntu and have NO open ports on the DEFAULT installation. That will pretty much wipe out worm attacks. Do NOT depend upon a firewall to do that. The firewall is a SINGLE POINT OF FAILURE that is often disabled because it interferes with legitimate apps that the user wants to run. I can put a default installation of Ubuntu directly on the 'Web and it will NOT be cracked.
#3. Provide a "known good" list of files (names, date/time, multiple checksums) for ALL of the OS files. This way, at least infections can be removed easier. It's easier to find a file that is NOT on the known good and remove it than it is to find a file that MAY be a newly obfuscated version of an old virus.
#4. Keep the OS directories CLEAN. That means that installing MS Office MUST NOT install ANY updated files in the OS directories.
#5. Move to INI files for apps instead of allowing them to edit the registry. If you really must keep the registry, keep it clean.
#6. Consolidate the various temp directories and DUMP them during the boot process.
Remember, viruses, worms and trojans are nothing more than code. They are not magical. Limit how code can be written to the system and you limit how they may spread. Enforce organization and you limit where they may be written.
Once the disinfection rate exceeds the infection rate, the viruses, worms and trojans will die.
To drive the economy, you want the people with the LEAST money to spend MORE money.
The VELOCITY of the money is what drives our tax system. The government gets more taxes if a dollar is used 100 times than if it is used 10 times.
Buying a pizza - taxed. Pizza shop owner pays delivery guy - taxed. Delivery guy goes to dinner with his girlfriend - taxed. Restaurant owner pays cook - taxed. Cook buys muffler for car - taxed.... etc
Pump enough money into the lower economic rungs and more pizza delivery guys will have to be hired to meet the demand for more pizzas.
Give the money to some company that's going to stash it in an off-shore tax haven... the US jobs stagnate.
They'd just modify their password to meet the minimum requirement to avoid your detection. Usually by taking the passwords they already use and prepending or appending whatever will get them past the scan. And then ALWAYS using that same technique.
_9%january _9%february _9%march
Yes, it appears to be more secure... until you realize that you don't have to crack the CURRENT password. You can crack any of the sequence and then have a pretty good idea what the current one is.
People hate passwords and they particularly hate passwords that they have to change every 30 days or so. So they'll find a way to to (unintentionally) break your security just to make their life easier.
Because most of the things in that list fall under "CYA" for the CxO's.
They don't know what information security is. They aren't interested in learning about it. They want to have it provided the same way that electricity and water is provided.
Given that, they'd much rather have a list of checkboxes that their "consultant" can show them (and the auditors) that "proves" that they're doing what is required.
If something happens, they have the list of checkboxes and they'll fire the consultant and get a different one.
They have successfully covered their asses and their jobs are the only things that are secure.
The technology could be exciting for cell phone users as well. Cells phones use radio waves that can travel through walls and be intercepted. That means they cannot be used for sensitive conversations, such as those involving national security or banking transactions.
Light does not travel through walls and the LVX could offer a more secure conversation, Pederson said. He said cell phones already have the technology needed to adapt to LVX. He is looking for a cell phone manufacturer to develop a phone using his technology.
So the cell phones equipped with that would NOT operate with any cell tower that was out of visual range. Doesn't that kind of limit your conversations with your bank to, essentially, being inside the bank building?
"This would be like having fiber optics without the fiber, coming into your hand-held device or telephone," Pederson said. "The security implications are numerous."
No. Because the fiber cable can be punched through walls and such. It does not require line of sight to work. But it works at the speed of light. Which is why it is preferred.
They then look at these cheaters (the ones who are purposefully answer how a "good employee" would answer instead of with their own tendencies) and check their level of job performance.
So they HIRED the cheaters? Why? Aren't those tests supposed to weed out the cheaters?
Oddly enough, there is a correlation - people who pad their responses to look like a "good employee" also tend to have higher job performance ratings, at least as it appears to their supervisors.
What the FUCK?!?
So people who CLAIM to be different then they are... are actually the way they CLAIMED to be... and NOT the way that they are?
Vendors of personality tests include items that "detect" patterns of responses that appear to be due to this kind of cheating.
No. From the claims you've made, it is more likely that they cannot tell "real" responses from "fake" responses... and they have no idea what those responses (real OR fake) say about a person's suitability for a job.
When the guy how LIES on his evaluation to get "graded" as type X does as good or BETTER than someone who answered honestly and was "correctly" "graded" as type X.
Bell curves are perfect for displaying multiple, unrelated, items.
Roll a 6 sided die 100 times. You will NOT get a bell curve.
Roll 10 of them 100 times and you WILL get a bell curve.
Now, take a math test from 5th grade. Give it to some math majors in college. By the "personality test" logic, you'd still see a bell curve. But you wouldn't.
We went through that before in various psychology classes. Just because your "test" results show a regular bell curve does NOT mean that your test is accurate. In fact, it usually means the exact opposite.
Now... understand that there is a huge amount of debate about just what IQ is, and what it is good for, what it predicts... but the accurate and repeatable measuring of it has become something of a science.
The same cannot be said for personality testing.
And the reason for that is that it is possible to have a wrong answer on an IQ test.
But with a "personality test" I keep hearing that there are no wrong answers (except that if you don't answer in a specific pattern then you won't be hired). That is stupid. You cannot judge how someone will act based upon how they CLAIM they will act or what they CLAIM that they believe.
And don't get me started on the FUCKING STUPID questions in the first place. http://www.hartmaninstitute.org/html/HartmanValueProfile.html 36 stupid questions that will tell you everything you need to know about your value system. Yeah. Right. And yet you'll find all kinds of companies that will help you use it to "evaluate" applicants.
Because what you're advocating sounds an awful lot like Scientology. And yes, they do have "studies" that "prove" that their "evaluations" are accurate.
I don't think the primary goal here is capture and prosecution of the controllers, but shutting the botnet down. Shouldn't that be the priority?
I would say that it should be. Why waste time and effort trying to find crackers who will only be replaced by different crackers in different countries if you do manage to prosecute them?
Remove the zombies in your country and the zombie problem is pretty much solved.
But to accomplish that, you need to be able to automate the process and perform it remotely. There just are not enough resources to handle each computer individually.
So a possible infection becomes grounds for the government to seize your property so it can be "cleaned"?
Who said that it would be seized?
The process in the article allows for the system to be remotely identified and remotely cleaned.
If your computer is being used to attack someone else, it is your legal responsibility to stop it.
And how, specifically, would the average computer user know that their machine was a zombie?
If you are an ISP, just disconnect offenders until they can prove they are clean.
What is the financial benefit to the ISP in that case? It's cheaper for them to buy more bandwidth than it is to pay a tech to handle the incoming call from when the customer's machine cannot get to the Internet.
Try to explain that without getting into "pass a law". You'll see why remotely removing the zombie code is the best use of resources.
But instead of individual hackers cleaning up the mess, why not have the government of a country pass a law that machines within its jurisdiction may be cleaned if found to be a zombie?
Then their law enforcement agencies can use the code that the hackers wrote to clean up the machines in their country.
A simple process of identifying the infected boxes, notifying the ISP of those boxes, the ISP notifies the customer in writing and if not cleaned within 30 days then the cops clean it remotely.
The only real problems would be that many of those machines would probably be re-infected soon and the hackers would continually have to reverse engineer the latest zombie upgrades.
Maybe such an approach would finally get the anti-virus companies (and OS vendors) to publicize white lists of code that is known to be okay. Rather than trying to identify all the code that is not okay (and its variants).
The criminals do not care because they were criminals to begin with. This affects the people who are not criminals but who want to clean up the mess made by the criminals.
Now, if the various governments could/would authorize their law enforcement agencies to use this method...
If he finds a buyer (or buyers) for the products that pay enough for those products then SCO gets a lot of money. Some of which could be direct towards himself and the other execs as bonuses or whatever.
Now, if you question whether he can find a buyer willing to pay that much for a dying product, just remember that he has found investors and partners before who seemingly pay millions of dollars for nothing.
At least they do for a certain type of personality.
While you are responsible for EVERYTHING, that means that you get to set up everything the right way. Your way. If there's a problem, you can fix it the right way.
As long as you can put up with the salary and hours, the job should be a cake walk.
Infiltrating these recruiter networks to sow confusion and discord, as suggested in TFA, would be highly effective to curtail recruitment in an anonymous environment where little trust exists to begin with.
Wouldn't you take the opposite approach and encourage trust in your fake user... and then use the logs to track the IP addresses of the other participants... and then tap (legally) their phones... and find the people who have real connections with real terrorist organizations and crack THEM?
This is the kind of intel that our government doesn't get anymore.
And it would be a LOT more effective and efficient then simply trawling through random phone conversations.
Even though I thought it was a stupid idea, it did have one redeeming point. It would have turned a small segment of the population in those countries into producers instead of keeping them as consumers.
When they decided to support Windows, that killed the only positive point I could see in it. They would be kept as consumers.
Slashdot Mirror
SOMEONE has to fix the problems that those other people create. And the best way for them to handle it is to bring you in as a consultant/contractor.
Particularly in the company featured in TFA. Why didn't Kelly know that Doug was taking credit for things he wasn't responsible for?
In an economic downturn, I'd stick with the nice people because they ARE nice. You cannot afford to have them leave and take the business knowledge that is locked in their heads with them.
The employees will know that their boss is a backstabbing bastard and they will react accordingly. The talented ones will look for other jobs. The people-not-in-the-talented-ones-group will remain behind. The company will suffer.
How many times did any of the fighters in any of the books use an attack that caused their swords to burst into flames?
This is a generic fantasy game ... with LoTR tacked on in a cynical attempt at differentiating itself and appealing to LoTR fans.
LoTR does not translate well into a FPS. It DOES translate well to an old style board game where you handle the strategy of the various groups. Not the individuals.
We go over this all the time here. Yet some people never seem to read it. So, here they are again. In no particular order.
#1. Understand the difference between a "virus", a "worm" and a "trojan".
#2. Take a hint from Ubuntu and have NO open ports on the DEFAULT installation. That will pretty much wipe out worm attacks. Do NOT depend upon a firewall to do that. The firewall is a SINGLE POINT OF FAILURE that is often disabled because it interferes with legitimate apps that the user wants to run. I can put a default installation of Ubuntu directly on the 'Web and it will NOT be cracked.
#3. Provide a "known good" list of files (names, date/time, multiple checksums) for ALL of the OS files. This way, at least infections can be removed easier. It's easier to find a file that is NOT on the known good and remove it than it is to find a file that MAY be a newly obfuscated version of an old virus.
#4. Keep the OS directories CLEAN. That means that installing MS Office MUST NOT install ANY updated files in the OS directories.
#5. Move to INI files for apps instead of allowing them to edit the registry. If you really must keep the registry, keep it clean.
#6. Consolidate the various temp directories and DUMP them during the boot process.
Remember, viruses, worms and trojans are nothing more than code. They are not magical. Limit how code can be written to the system and you limit how they may spread. Enforce organization and you limit where they may be written.
Once the disinfection rate exceeds the infection rate, the viruses, worms and trojans will die.
A comparison is useless to you unless you know what your specific, minimum requirements are.
To drive the economy, you want the people with the LEAST money to spend MORE money.
The VELOCITY of the money is what drives our tax system. The government gets more taxes if a dollar is used 100 times than if it is used 10 times.
Buying a pizza - taxed. ... etc
Pizza shop owner pays delivery guy - taxed.
Delivery guy goes to dinner with his girlfriend - taxed.
Restaurant owner pays cook - taxed.
Cook buys muffler for car - taxed.
Pump enough money into the lower economic rungs and more pizza delivery guys will have to be hired to meet the demand for more pizzas.
Give the money to some company that's going to stash it in an off-shore tax haven ... the US jobs stagnate.
They are receiving US GOVERNMENT funds taken from US TAXPAYERS and they're stashing them in foreign tax havens.
This is solely for the benefit of their executives. It will not help rebuild the US economy.
There needs to be a new law passed TODAY (drag Congress back in) that makes that practice illegal.
If you want "bailout" funds, you cannot use a foreign tax haven.
If you use a foreign tax haven, you cannot receive "bailout" funds.
Why should the US taxpayers finance some CEO's retirement villa in Monte Carlo while the economy drags?
They'd just modify their password to meet the minimum requirement to avoid your detection. Usually by taking the passwords they already use and prepending or appending whatever will get them past the scan. And then ALWAYS using that same technique.
_9%january
_9%february
_9%march
Yes, it appears to be more secure ... until you realize that you don't have to crack the CURRENT password. You can crack any of the sequence and then have a pretty good idea what the current one is.
People hate passwords and they particularly hate passwords that they have to change every 30 days or so. So they'll find a way to to (unintentionally) break your security just to make their life easier.
Because most of the things in that list fall under "CYA" for the CxO's.
They don't know what information security is. They aren't interested in learning about it. They want to have it provided the same way that electricity and water is provided.
Given that, they'd much rather have a list of checkboxes that their "consultant" can show them (and the auditors) that "proves" that they're doing what is required.
If something happens, they have the list of checkboxes and they'll fire the consultant and get a different one.
They have successfully covered their asses and their jobs are the only things that are secure.
From TFA:
So the cell phones equipped with that would NOT operate with any cell tower that was out of visual range. Doesn't that kind of limit your conversations with your bank to, essentially, being inside the bank building?
No. Because the fiber cable can be punched through walls and such. It does not require line of sight to work. But it works at the speed of light. Which is why it is preferred.
You are offering a hypothetical situation to a real world example.
Instead, how about just making a reliable test? Multiple servers with multiple OS's and multiple apps (all controlled) over a controlled connection.
The ONLY change should be the client OS's.
It's just basic science.
Who cares about the boxes themselves at this point?
The test FAILS because they're using the Internet instead of a network where they can control the other factors.
So they HIRED the cheaters? Why? Aren't those tests supposed to weed out the cheaters?
What
the
FUCK?!?
So people who CLAIM to be different then they are ... are actually the way they CLAIMED to be ... and NOT the way that they are?
No. From the claims you've made, it is more likely that they cannot tell "real" responses from "fake" responses ... and they have no idea what those responses (real OR fake) say about a person's suitability for a job.
When the guy how LIES on his evaluation
to get "graded" as type X
does as good or BETTER
than someone who answered honestly
and was "correctly" "graded" as type X.
Bell curves are perfect for displaying multiple, unrelated, items.
Roll a 6 sided die 100 times. You will NOT get a bell curve.
Roll 10 of them 100 times and you WILL get a bell curve.
Now, take a math test from 5th grade. Give it to some math majors in college. By the "personality test" logic, you'd still see a bell curve. But you wouldn't.
We went through that before in various psychology classes. Just because your "test" results show a regular bell curve does NOT mean that your test is accurate. In fact, it usually means the exact opposite.
IANAL
As long as it does not discriminate on the basis of age, sex, national origin, etc then it is probably legal to use it to sort applicants.
"Non-discriminatory" is NOT the same as "accurate".
And the reason for that is that it is possible to have a wrong answer on an IQ test.
But with a "personality test" I keep hearing that there are no wrong answers (except that if you don't answer in a specific pattern then you won't be hired). That is stupid. You cannot judge how someone will act based upon how they CLAIM they will act or what they CLAIM that they believe.
And don't get me started on the FUCKING STUPID questions in the first place.
http://www.hartmaninstitute.org/html/HartmanValueProfile.html
36 stupid questions that will tell you everything you need to know about your value system. Yeah. Right. And yet you'll find all kinds of companies that will help you use it to "evaluate" applicants.
Because what you're advocating sounds an awful lot like Scientology. And yes, they do have "studies" that "prove" that their "evaluations" are accurate.
I would say that it should be. Why waste time and effort trying to find crackers who will only be replaced by different crackers in different countries if you do manage to prosecute them?
Remove the zombies in your country and the zombie problem is pretty much solved.
But to accomplish that, you need to be able to automate the process and perform it remotely. There just are not enough resources to handle each computer individually.
Who said that it would be seized?
The process in the article allows for the system to be remotely identified and remotely cleaned.
And how, specifically, would the average computer user know that their machine was a zombie?
What is the financial benefit to the ISP in that case? It's cheaper for them to buy more bandwidth than it is to pay a tech to handle the incoming call from when the customer's machine cannot get to the Internet.
Try to explain that without getting into "pass a law". You'll see why remotely removing the zombie code is the best use of resources.
But instead of individual hackers cleaning up the mess, why not have the government of a country pass a law that machines within its jurisdiction may be cleaned if found to be a zombie?
Then their law enforcement agencies can use the code that the hackers wrote to clean up the machines in their country.
A simple process of identifying the infected boxes, notifying the ISP of those boxes, the ISP notifies the customer in writing and if not cleaned within 30 days then the cops clean it remotely.
The only real problems would be that many of those machines would probably be re-infected soon and the hackers would continually have to reverse engineer the latest zombie upgrades.
Maybe such an approach would finally get the anti-virus companies (and OS vendors) to publicize white lists of code that is known to be okay. Rather than trying to identify all the code that is not okay (and its variants).
That's the problem.
The criminals do not care because they were criminals to begin with. This affects the people who are not criminals but who want to clean up the mess made by the criminals.
Now, if the various governments could/would authorize their law enforcement agencies to use this method ...
If he finds a buyer (or buyers) for the products that pay enough for those products then SCO gets a lot of money. Some of which could be direct towards himself and the other execs as bonuses or whatever.
Now, if you question whether he can find a buyer willing to pay that much for a dying product, just remember that he has found investors and partners before who seemingly pay millions of dollars for nothing.
Right now, his job is to drag this case out.
At least they do for a certain type of personality.
While you are responsible for EVERYTHING, that means that you get to set up everything the right way. Your way. If there's a problem, you can fix it the right way.
As long as you can put up with the salary and hours, the job should be a cake walk.
Wouldn't you take the opposite approach and encourage trust in your fake user ... and then use the logs to track the IP addresses of the other participants ... and then tap (legally) their phones ... and find the people who have real connections with real terrorist organizations and crack THEM?
This is the kind of intel that our government doesn't get anymore.
And it would be a LOT more effective and efficient then simply trawling through random phone conversations.
Once SOMEONE in that "network" performs any terrorist act, the logs would be collected and EVERYONE in that "network" would be discovered.
It wouldn't even take that. Just one of them being investigated for doing something stupid.
If anything, the government should be encouraging this.
Even though I thought it was a stupid idea, it did have one redeeming point. It would have turned a small segment of the population in those countries into producers instead of keeping them as consumers.
When they decided to support Windows, that killed the only positive point I could see in it. They would be kept as consumers.