TFA is about "phishing" which is slightly different from "spam" even though both use bulk email methods.
The first problem with blocking "spam" is that there is so much of it (80%+ of all email is spam) that just about any stupid idea will result in a decrease in total spam received. Suppose you refuse to accept any email on odd-numbered dates. Since 80%+ of the email coming in was spam anyway, you've reduced your total spam message count... while only increasing your legit email rejection count a slight bit. You are "winning" against spam. Or it appears that way.
The second problem is that an approach that works for ONE sub-category will NOT work on a different sub-category.
Example, spam from Gmail is not stopped by greylisting even though greylisting is fairly effective at blocking spam zombies.
Will Domain Keys block spam? No. Domain Keys will only help against a specific sub-category and only when configured correctly and verified correctly.
Bruce also wrote about "attack trees". Having long passwords ONLY helps if the attacker has unlimited access to crack them. A simple WordNumberWord combination can give you enough security as long as each login attempt is noted and tracked.
If there is a 15 minute delay between every 3 attempts to login, and a HUMAN reviews the logs every work day, your online security should be sufficient.
You only need the 1024bit security when the attacker can download the file and crack it at his leisure. But then, the failure is that you did not prevent the attacker from downloading that file.
There will ALWAYS be some risk. What's to stop the attacker from kidnapping your CEO's daughter and demanding that he let the attackers use his laptop to access your databases? The key is REDUCING the threat. If 99.99% of the attackers out there are not skilled enough or motivated enough to get through your security, are you "secure"?
But he's confusing ATTACKING a specific company with INFECTING various machines.
They are not the same. The defenses are not the same. There may be overlap (a workstation at a company gets infected and sends out spam vs a workstation at a company gets cracked and is used to crack other boxes at that company) but that is all.
All in all, he's 100% backwards on his comments. Just what you'd expect from someone trying to push a specific product from a specific company.
The HHH Comic Series is a daily web comic that adapts tech stories from actual IT Professionals and Developers - a web comic that reflects the real lives of IT Hero's such as you.
A large portion of the solutions revolve around editing the registry. The third chapter of the book deals solely with the registry. How it works, how to navigate within it and how to alter it. For some people this could be a great route to take, for many it could lead to much more serious problems than they had in the first place.
There are really only two options.
#1. Run a utility that makes the Registry changes for you. Where are you going to find that?
#2. Edit the Registry by hand. At least the option is there.
No matter what is in the published specification... the ONLY implementation of OOXML that will matter will be the "de facto" standard that is whatever Microsoft is shipping at that moment.
You can be 100% compliant with the published spec... but if you aren't 100% compliant with what Microsoft apps produce, your product is not an option.
Do you understand the company and the business? Not just IT.
An IT manager is NOT just someone who manages IT. You have to be able to explain to the other business people how you plan to help them achieve the business goals.
"Google has records that could help in a cyber-investigation, he said," Wright adds. "Giorgio warned me, 'We have a saying in this business: 'Privacy and security are a zero-sum game.'"
So, that would mean that the societies with the most surveillance were the most secure, right?
Download some malware, pop-up a fake window when the user does something to get the password, sudo with the password, install whatever else you want and setup init scripts, done!
Okay, that first part "Download some malware". How?
With Windows it is easy to explain. ActiveX.
With Linux/Apple, it's not so easy.
With old versions of Windows/Outlook, you could just mass mail the exploit and hope that enough people hadn't patched Outlook NOT to auto-run some executables.
Or that they hadn't configured their security zones correctly.
Microsoft is getting better. But they're still focused on adding layers of "security" instead of taking the simple option and just not installing so many services that the user will probably never use. So if there's any flaw in the various layers, you can still be cracked.
Ever see a computer that is used by a teen? Ever clean the malware off a computer used by the average teen?
Yes I have. Many times.
I find it funny that you think it is reasonable to trust a students opinion on what programs should or should not be installed on a PC?
Where did I say that?
I said that the teacher did not behave in a mature, responsible fashion.
I said that if the teacher HAD behaved in a mature, responsible fashion, that this would never have been an issue.
I am frequently required to inform our users that the software they want to run on the company computers does NOT meet the criteria that I developed. But because I am able to do so in a mature fashion, this does not become a problem.
It's as simple as that. Treat them with respect and they'll treat you with respect.
If the teacher did not know what Firefox was, the teacher is hardly competent to teach any class that utilizes a browser.
Blow it out your ass. Just because someone is in charge, in this case a teacher in charge of the classroom, doesn't mean that the school is fascist.
And who said that it did? No one?
Guess that means that you've just attacked a "straw man" of your own devising. Good for you!
Should the students be allowed to install and run anything they want on school computers?
Well it seems that he WAS allowed to. Since he managed to do it. Now it might have been against POLICY.
Can you do that at YOUR job?
Why do you care? That is a job. If you do not agree with the policies where you work, you can find a different job which has policies that you do agree with.
School doesn't have the same options.
The teacher failed to act in a manner consistent with a responsible, mature adult. That's it.
Uh, no. I expect Authority to be... well, in charge.
One day you may learn that being "in charge" is NOT the same as ordering people around.
This is an example of a teacher who may never have encountered FF before and so didn't recognize it as a suitable technology to be used in the assignment.
And when said teacher was informed by the student that it WAS "suitable technology", what did the mature, responsible teacher do?
His/Her actions certainly do NOT fit the criteria for "mature" or "responsible" (nor "teacher" unless you count this as the lesson).
The entire incident could have been a non-issue if the TEACH had acted like an ADULT instead of as an immature child with authority.
And because it is fraud, ANY system of identifying the person will be subject to abuse.
So don't worry about identifying the person. That's too difficult to secure. Instead, focus on validating/authenticating the transaction. That way the resources can more easily be focused.
The "Bill of Rights" is the name given to the Amendments to The Constitution. If another Amendment is passed, it too will be placed on the Bill of Rights.
If nothing in the Constitution says that the government can, say, search my house, why bother specifically saying that the government can NOT search my house?
Because in certain circumstances the duly authorized agents of the government need to search your home.
Therefore, The Constitution (and the Bill of Rights) needs to EXPLICITLY state WHAT is happening and WHY and what the checks and balances are.
What's the point?
I've explained that. And it would not take much in the way of mental effort to understand it.
Slashdot Mirror
Consensual in the bedroom if fine.
The problem starts when the cult practices brainwashing and attacking anyone who disagrees with them.
That is what Scientology does.
It may START consensual, but it is a FIGHT to get out.
TFA is about "phishing" which is slightly different from "spam" even though both use bulk email methods.
... while only increasing your legit email rejection count a slight bit. You are "winning" against spam. Or it appears that way.
The first problem with blocking "spam" is that there is so much of it (80%+ of all email is spam) that just about any stupid idea will result in a decrease in total spam received. Suppose you refuse to accept any email on odd-numbered dates. Since 80%+ of the email coming in was spam anyway, you've reduced your total spam message count
The second problem is that an approach that works for ONE sub-category will NOT work on a different sub-category.
Example, spam from Gmail is not stopped by greylisting even though greylisting is fairly effective at blocking spam zombies.
Will Domain Keys block spam? No.
Domain Keys will only help against a specific sub-category and only when configured correctly and verified correctly.
They choose the OS to run the apps they want on the hardware they want.
So Linus seems to still be completely accurate in his opinion.
This page intentionally left blank.
Rule #6 - If violence wasn't your last resort, you failed to resort to enough of it.
http://www.schlockmercenary.com/d/20050313.html
http://www.schneier.com/paper-attacktrees-ddj-ft.html
Bruce also wrote about "attack trees". Having long passwords ONLY helps if the attacker has unlimited access to crack them. A simple WordNumberWord combination can give you enough security as long as each login attempt is noted and tracked.
If there is a 15 minute delay between every 3 attempts to login, and a HUMAN reviews the logs every work day, your online security should be sufficient.
You only need the 1024bit security when the attacker can download the file and crack it at his leisure. But then, the failure is that you did not prevent the attacker from downloading that file.
There will ALWAYS be some risk. What's to stop the attacker from kidnapping your CEO's daughter and demanding that he let the attackers use his laptop to access your databases? The key is REDUCING the threat. If 99.99% of the attackers out there are not skilled enough or motivated enough to get through your security, are you "secure"?
But he's confusing ATTACKING a specific company with INFECTING various machines.
They are not the same. The defenses are not the same. There may be overlap (a workstation at a company gets infected and sends out spam vs a workstation at a company gets cracked and is used to crack other boxes at that company) but that is all.
All in all, he's 100% backwards on his comments. Just what you'd expect from someone trying to push a specific product from a specific company.
Since these ID's will be "official" for just about anything ...
Find someone involved in issuing them who has a gambling / drug / sex / whatever problem who can be bought / blackmailed.
The whole system breaks down when it depends upon the honesty of people.
Ummmm, isn't that Scott Adams' shtick?
There are really only two options.
#1. Run a utility that makes the Registry changes for you. Where are you going to find that?
#2. Edit the Registry by hand. At least the option is there.
No matter what is in the published specification ... the ONLY implementation of OOXML that will matter will be the "de facto" standard that is whatever Microsoft is shipping at that moment.
... but if you aren't 100% compliant with what Microsoft apps produce, your product is not an option.
You can be 100% compliant with the published spec
Do you understand the company and the business? Not just IT.
An IT manager is NOT just someone who manages IT. You have to be able to explain to the other business people how you plan to help them achieve the business goals.
So, that would mean that the societies with the most surveillance were the most secure, right?
Like Soviet Russia.
Okay, that first part "Download some malware". How?
With Windows it is easy to explain. ActiveX.
With Linux/Apple, it's not so easy.
With old versions of Windows/Outlook, you could just mass mail the exploit and hope that enough people hadn't patched Outlook NOT to auto-run some executables.
Or that they hadn't configured their security zones correctly.
Microsoft is getting better. But they're still focused on adding layers of "security" instead of taking the simple option and just not installing so many services that the user will probably never use. So if there's any flaw in the various layers, you can still be cracked.
Yes I have. Many times.
Where did I say that?
I said that the teacher did not behave in a mature, responsible fashion.
I said that if the teacher HAD behaved in a mature, responsible fashion, that this would never have been an issue.
I am frequently required to inform our users that the software they want to run on the company computers does NOT meet the criteria that I developed. But because I am able to do so in a mature fashion, this does not become a problem.
It's as simple as that. Treat them with respect and they'll treat you with respect.
If the teacher did not know what Firefox was, the teacher is hardly competent to teach any class that utilizes a browser.
Except I did not say that. Whomp on that straw man!
Well, if you think so, that's your opinion.
I'd say that the teacher is the one who implements the school's policies in the classroom. But you can disagree with that if you want to.
I also say that the teacher failed to implement those policies in the fashion of a mature, responsible adult.
I'd say your view of school is more that slightly twisted. Why do you believe that such should have been allowed?
Why do you believe that that is okay?
Fascinating. Is that how you were raised?
It seems that you cannot accept the fact that the teacher FAILED to act as a responsible, mature ADULT in the situation.
Therefore, any and all actions should be acceptable.
Why?
And who said that it did? No one?
Guess that means that you've just attacked a "straw man" of your own devising. Good for you!
Well it seems that he WAS allowed to. Since he managed to do it. Now it might have been against POLICY.
Why do you care? That is a job. If you do not agree with the policies where you work, you can find a different job which has policies that you do agree with.
School doesn't have the same options.
The teacher failed to act in a manner consistent with a responsible, mature adult. That's it.
One day you may learn that being "in charge" is NOT the same as ordering people around.
And when said teacher was informed by the student that it WAS "suitable technology", what did the mature, responsible teacher do?
His/Her actions certainly do NOT fit the criteria for "mature" or "responsible" (nor "teacher" unless you count this as the lesson).
The entire incident could have been a non-issue if the TEACH had acted like an ADULT instead of as an immature child with authority.
Deal with it.
Greeks knew the world was round.
The Church declared that it was flat. Despite the obvious fact that it was round.
This is fraud.
And because it is fraud, ANY system of identifying the person will be subject to abuse.
So don't worry about identifying the person. That's too difficult to secure. Instead, focus on validating/authenticating the transaction. That way the resources can more easily be focused.
The Bill of Rights is only the first 10 Amendments.
Please pay particular attention to Amendment IX and X.
The "Bill of Rights" is the name given to the Amendments to The Constitution. If another Amendment is passed, it too will be placed on the Bill of Rights.
Because in certain circumstances the duly authorized agents of the government need to search your home.
Therefore, The Constitution (and the Bill of Rights) needs to EXPLICITLY state WHAT is happening and WHY and what the checks and balances are.
I've explained that. And it would not take much in the way of mental effort to understand it.
That you refuse shows that you are trolling.
Here's a free clue.
The Constitution is not about listing the "Freedoms" a citizen has.
The People have ALL the Freedoms. Inherently.
The Constitution defines under what conditions the government can infringe upon those Freedoms.
You have it 180 degrees BACKWARDS.
You write program A ... eventually you refactor it and turn parts of it into cleaner modules.
You can then use those modules in other programs.
The spammers are still sending the spam. They aren't giving up.
But the filters are getting good enough to filter most of it so the users do not have to see it.
But the spammers are still sending it.