I don't know. When you are struggling with and nearly holding your own against three cops, I am hard pressed to criticizing them for tasing him the first time. At some point you have to consider that there is a possibility of serious bodily harm to the officers whether or not the suspect is armed.
What you are describing is a "force multiplier". One cop + one taser = 2 cops (effectively).
When you start to see a taser as a way to effectively simulate more cops on the scene is where the problem starts. At that point it becomes easy to justify any usage of the taser.
The standard should be whether the cop would be justified using a gun instead of a taser. And the cops should be held accountable for using a taser as he would for using a gun.
Otherwise, the cops will be justified for using a taser on any person for any reason. Just as we are seeing now.
The taser is a "non-lethal" ALTERNATIVE to deadly force.
That means that the situation MUST be evaluated to see if the cop would be just as justified in shooting the person.
If three cops are holding down a guy and a 4th cop puts a bullet in the guy, would that be "justified"? Not for most people.
And that is the problem. The situations are "evaluated" to see if a taser was "justified" when they SHOULD be evaluated to see if shooting the guy was justified.
Microsoft claims this is not a "security vulnerability" because the machine has to already have been cracked to exploit it.
That is not 100% correct.
It is still a "security vulnerability".
It just cannot be exploited to increase your access on that machine.
That we know of. Today. So the code still needs to be patched. Security is not an "either / or" situation. You have to reduce the effectiveness of threats.
I prefer them for an office environment.
on
Best Home Network NAS
·
· Score: 3, Insightful
But then I also prefer SCSI disks.
That is because I can get them hot-swappable and with lots of nice lights.
I have a new SATA server that has fakeRAID, and the drive lights are not supported and they aren't hot-swappable.
For a home environment where YOU know what you have and how it is configured, I'd say go with whatever you're comfortable with. Just make sure you document what is what and where... just in case it works too well and you don't think about it for the next 6 years.
Since we're discussing ways to make online shopping safer...
Instead of giving your credit card into to a store (when your bank already has it), have the store generate a random string. Copy that string to your bank's website (where you have logged in) and your bank will pay the store for that item(s) in the shopping cart identified by that string.
There. Your credit card info NEVER crosses the wire.
And the bank can keep records of which stores/accounts have complaints and give you some stats. Kind of like eBay's rating system.
That store has a 99%+ positive rating with 1,532 transactions in the past month (1,926,872 total transactions). vs That store has a 25% positive rating with 4 transactions in the past month (4 total transactions).
What is there to wonder about? If your way of life is eat crappy food and never exercise, you're going to get fat.
Nope. There has got to be some magical way where people can eat whatever crap they want and never exercise and still look as good as the models that spend 2 hours a day lifting weights at the gym.
That's what this is all about. People don't WANT reality to be reality.
They WANT "science" to show them how to get everything... without putting in any effort or making any sacrifices.
So the kids us IM now. That means that email is DEAD!
Yeah, whatever. Look at what the kids are sending. Short, light messages. Anything more and they talk in person or talk on the phone. OMG! Just like the adults do!
And the funniest thing is that this article is from a guy who just discovered email in 1996.
IM is great for "lunch?" or "meet 4 pizza".
It's not very useful when you have to discuss Johnny's grades and why he is not turning in any assignments.
It would cost the business more in TIME to open a user's workstation and put those components in than the components themselves cost.
Businesses tend to buy/lease the entire workstation.
That is why they will run what was "new" from 4 years ago. The machine was NOT the latest/greatest when they bought/leased it. That is because they know that the machine will be far less expensive 1 year AFTER those components are released.
Just configuring a basic Dell box with specs close to your's would be over $800. Not counting the Vista license.
Back when I was consulting, one of the other consultants ran into a situation like that.
The problem was that SOMETHING would go wrong with one or more of the machines and they would not get the image. Which really sucked when the user came in in the morning. Those machines had to be manually imaged.
And ever since Win3.1 I've been complaining about variable sized swap files. Come on, Bill!
There's nothing to it. Just save some of the drive space when you install (this is a problem with some "recovery CD's" that grab everything) and format it later. Then add a swap file to it and set the swap file on C:\ to 0 bytes. Reboot and it's set.
This is indeed a mystery. Even back in the 1970's you could designate a device to use for the swap file and it was pre-extended. You even had the option to place it on the middle cylinders of a disk so it was, on average, faster to access.
Do you ever notice that we seem to be re-inventing everything we've learned before? I'd prefer to put the swap drive as close to the outer sectors as possible. That's a bitch with Windows. So it ends up on the inner sectors. I sacrifice speed to reduce fragmentation. But seeing as how the speed would be awful anyway (RAM swapping to even the fastest drive sucks rocks), I'm not bothered by it.
When installing Windows, I make a partition specifically for the swap file and temp files. That way they don't add to the fragmentation mess of the OS partition.
Speaking of which, why does Windows still use a variable sized swap file? I lock it down to 2x RAM or 4GB. Whichever is larger. I do not want fragmentation in the swap file. I'd prefer not to need one, but that's another story.
And how about moving IE's temp files somewhere else? Okay, you can still set permissions on the folder, but get it out of the user's profile.
And I'm tired of seeing C:\WINDOWS\Temp Temp directories do not belong in the OS directory.
Yeah, I'm whining. But I spend 15 extra minutes just getting the directories and swap arranged correctly every time I set up someone's Windows machine.
It isn't possible to determine which from either person's viewpoint. You will ALWAYS think that you're right and that the other person is unreasonable.
Which is why you need criteria for bug escalation. Generating an incorrect response on 1 type of transaction for 1 specific scenario that may pop up once a year is far less important than a bug that corrupts the entire database.
And if your product is considered "mission critical", I would expect a data corruption bug to be fixed within 24 hours. Even if it is nothing more than rolling back the recent patches and re-issuing the previous version.
You are limiting the options to a set that suits your argument - you are assuming the hacker has the same lack of imagination as yourself (note: do not miscontrue that as a personal attack, you are not infinitely imaginative, so you have some lack of imagination, as does everyone else).
Then it should be very easy for you to explain an attack that uses an avenue I have not listed.
But you won't be able to do that.
Of course, I could simplify it further to two routes of attack: 1) Attack the autonomous systems of the computer 2) Attack the user
That shows that you don't know what you're talking about. I was not simplifying anything. I was listing each distinct avenue of attack.
I can put a machine with a default installation of Ubuntu on the Internet without a firewall and it will NOT be cracked. Despite a lot more people having a lot more time to crack it and with access to the source code and a list of exactly what was installed.
Canonical can manage that... but the military cannot... and you think that the military made a good decision.
There are a lot of ways to hack into a system, it varies on the system.
No, there are not. There are very few avenues to crack any system.
#1. Attack the daemon listening on an open port.
#2. Trojans.
#3. Exploiting a vulnerability in an app when fed specific data (IE is a good example).
#4. Viruses that attach themselves to other apps.
The best answer that can be given without more information is simply - they try stuff until they get some indication of the quality of the user, and the OS. At which point, they pick their method and target.
Yeah, you've just repeated yourself without explaining how the firewall is supposed to do anything.
Cracking a Windows box is different from a Linux box which is different from a FreeBSD box which is different from a Solaris box.
No, it is not. They all have the same, limited, avenues of attack. There is nothing "different" about that.
So, now some hacker comes along and wants to observe me. He *could* go after my SSH traffic, and try to decode it, but look! I'm not running a firewall or intrusion detection software. He figures (correctly in most cases), it will probably be easier to hack into my system, and put monitors there.
HOW does he do that?
Does he send you an email with an attachment named "nude girl.jpg.exe" that you open?
Does he send you an HTML email that exploits a vulnerability in Outlooks/IE?
Does he use a worm to attack the vulnerability in your SSH daemon?
Does he leave a floppy disk on the battlefield that you boot to see what's on it?
HOW does he crack your system? And HOW does this firewall prevent that?
It seems the people buying it know that it isn't Windows or they're buying it for friends/family and they'll be providing the support.
And for home users it's all about knowing someone who can fix it when it breaks. With Windows there's usually some neighbor's kid who "knows computers".
There was a play out years ago in the Seattle area called "Star Drek" (or such).
It had the BEST time travel plot. It is TNG time and TNG crew is celebrating "Cpt Kirk Day". Picard is not happy. So Q changes Picard to an ensign and drags Kirk forward in time and drops him in as the captain of TNG Enterprise. It was very funny.
Move from the PAST to the FUTURE is a safe use of time travel.
Slashdot Mirror
Take MOVIES of the stupid things ... and have devices in view that measure the wind speed and the temperature.
Also, build a rock with different measuring devices in it and see if IT moves.
What you are describing is a "force multiplier". One cop + one taser = 2 cops (effectively).
When you start to see a taser as a way to effectively simulate more cops on the scene is where the problem starts. At that point it becomes easy to justify any usage of the taser.
The standard should be whether the cop would be justified using a gun instead of a taser. And the cops should be held accountable for using a taser as he would for using a gun.
Otherwise, the cops will be justified for using a taser on any person for any reason. Just as we are seeing now.
The taser is a "non-lethal" ALTERNATIVE to deadly force.
That means that the situation MUST be evaluated to see if the cop would be just as justified in shooting the person.
If three cops are holding down a guy and a 4th cop puts a bullet in the guy, would that be "justified"? Not for most people.
And that is the problem. The situations are "evaluated" to see if a taser was "justified" when they SHOULD be evaluated to see if shooting the guy was justified.
They WERE being pushed as an ALTERNATIVE to lethal force ("guns").
They WERE being pushed as "cop is in a dangerous situation, he can shoot or he can use a taser".
Now the tasers are the FIRST option. If the person is not IMMEDIATELY respectful and obedient, it's taser (defined: "torture") time!
The school's internal investigation determined that appropriate force had been used.
Translated now: The school determined that the use of torture on a student was appropriate.
We'll see how that plays out.
Microsoft claims this is not a "security vulnerability" because the machine has to already have been cracked to exploit it.
That is not 100% correct.
It is still a "security vulnerability".
It just cannot be exploited to increase your access on that machine.
That we know of. Today. So the code still needs to be patched. Security is not an "either / or" situation. You have to reduce the effectiveness of threats.
But then I also prefer SCSI disks.
... just in case it works too well and you don't think about it for the next 6 years.
That is because I can get them hot-swappable and with lots of nice lights.
I have a new SATA server that has fakeRAID, and the drive lights are not supported and they aren't hot-swappable.
For a home environment where YOU know what you have and how it is configured, I'd say go with whatever you're comfortable with. Just make sure you document what is what and where
Since we're discussing ways to make online shopping safer ...
Instead of giving your credit card into to a store (when your bank already has it), have the store generate a random string. Copy that string to your bank's website (where you have logged in) and your bank will pay the store for that item(s) in the shopping cart identified by that string.
There. Your credit card info NEVER crosses the wire.
And the bank can keep records of which stores/accounts have complaints and give you some stats. Kind of like eBay's rating system.
That store has a 99%+ positive rating with 1,532 transactions in the past month (1,926,872 total transactions).
vs
That store has a 25% positive rating with 4 transactions in the past month (4 total transactions).
Nope. There has got to be some magical way where people can eat whatever crap they want and never exercise and still look as good as the models that spend 2 hours a day lifting weights at the gym.
That's what this is all about. People don't WANT reality to be reality.
They WANT "science" to show them how to get everything
So the kids us IM now. That means that email is DEAD!
Yeah, whatever. Look at what the kids are sending. Short, light messages. Anything more and they talk in person or talk on the phone. OMG! Just like the adults do!
And the funniest thing is that this article is from a guy who just discovered email in 1996.
IM is great for "lunch?" or "meet 4 pizza".
It's not very useful when you have to discuss Johnny's grades and why he is not turning in any assignments.
It would cost the business more in TIME to open a user's workstation and put those components in than the components themselves cost.
Businesses tend to buy/lease the entire workstation.
That is why they will run what was "new" from 4 years ago. The machine was NOT the latest/greatest when they bought/leased it. That is because they know that the machine will be far less expensive 1 year AFTER those components are released.
Just configuring a basic Dell box with specs close to your's would be over $800. Not counting the Vista license.
Ghostbusters
Ghostbusters II
A couple of games.
As from your example, there are LITERALLY CENTURIES of material available.
Yet we seem to keep getting rehashes of the same things. I'm not talking about the same plots. I'm talking movies that were already done.
The movie came out in 1984. It's the end of 2007 now. Are they hurting that badly for material?
Back when I was consulting, one of the other consultants ran into a situation like that.
The problem was that SOMETHING would go wrong with one or more of the machines and they would not get the image. Which really sucked when the user came in in the morning. Those machines had to be manually imaged.
There's nothing to it. Just save some of the drive space when you install (this is a problem with some "recovery CD's" that grab everything) and format it later. Then add a swap file to it and set the swap file on C:\ to 0 bytes. Reboot and it's set.
Do you ever notice that we seem to be re-inventing everything we've learned before? I'd prefer to put the swap drive as close to the outer sectors as possible. That's a bitch with Windows. So it ends up on the inner sectors. I sacrifice speed to reduce fragmentation. But seeing as how the speed would be awful anyway (RAM swapping to even the fastest drive sucks rocks), I'm not bothered by it.
When installing Windows, I make a partition specifically for the swap file and temp files. That way they don't add to the fragmentation mess of the OS partition.
Speaking of which, why does Windows still use a variable sized swap file? I lock it down to 2x RAM or 4GB. Whichever is larger. I do not want fragmentation in the swap file. I'd prefer not to need one, but that's another story.
And how about moving IE's temp files somewhere else? Okay, you can still set permissions on the folder, but get it out of the user's profile.
And I'm tired of seeing C:\WINDOWS\Temp
Temp directories do not belong in the OS directory.
Yeah, I'm whining. But I spend 15 extra minutes just getting the directories and swap arranged correctly every time I set up someone's Windows machine.
Maybe the customer is being unreasonable.
Maybe the developer is being unreasonable.
It isn't possible to determine which from either person's viewpoint. You will ALWAYS think that you're right and that the other person is unreasonable.
Which is why you need criteria for bug escalation. Generating an incorrect response on 1 type of transaction for 1 specific scenario that may pop up once a year is far less important than a bug that corrupts the entire database.
And if your product is considered "mission critical", I would expect a data corruption bug to be fixed within 24 hours. Even if it is nothing more than rolling back the recent patches and re-issuing the previous version.
Then it should be very easy for you to explain an attack that uses an avenue I have not listed.
But you won't be able to do that.
That shows that you don't know what you're talking about. I was not simplifying anything. I was listing each distinct avenue of attack.
I can put a machine with a default installation of Ubuntu on the Internet without a firewall and it will NOT be cracked. Despite a lot more people having a lot more time to crack it and with access to the source code and a list of exactly what was installed.
Canonical can manage that
Since the tanks PROBABLY aren't running fiber or CAT 5 between them ... we're talking radio signals. So yeah, if they can attack TCP/IP or exploit a vulnerability in the transmission itself ...
http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
And as you've noted, a firewall would NOT be much help.
Particularly, as noted in the article, and "off the shelf" firewall.
Yep, if you can get the codes from someone else ... you're in.
...
Which brings up #6. Backdoors and simple passwords. If your tank's system "admin" account has the password of "USA", well
And let's not forget about "debug" accounts and such that are hard coded and NOT mentioned in the documentation.
No, there are not. There are very few avenues to crack any system.
#1. Attack the daemon listening on an open port.
#2. Trojans.
#3. Exploiting a vulnerability in an app when fed specific data (IE is a good example).
#4. Viruses that attach themselves to other apps.
Yeah, you've just repeated yourself without explaining how the firewall is supposed to do anything.
No, it is not. They all have the same, limited, avenues of attack. There is nothing "different" about that.
HOW does he do that?
Does he send you an email with an attachment named "nude girl.jpg.exe" that you open?
Does he send you an HTML email that exploits a vulnerability in Outlooks/IE?
Does he use a worm to attack the vulnerability in your SSH daemon?
Does he leave a floppy disk on the battlefield that you boot to see what's on it?
HOW does he crack your system? And HOW does this firewall prevent that?
It seems the people buying it know that it isn't Windows or they're buying it for friends/family and they'll be providing the support.
And for home users it's all about knowing someone who can fix it when it breaks. With Windows there's usually some neighbor's kid who "knows computers".
So don't expect too many returns on this.
Those with the connections will always be excused. You'll be left with only those who cannot find any way to avoid it.
The all volunteer force is supposed to give us professional, dedicated warriors. But it doesn't seem to work out that way.
There was a play out years ago in the Seattle area called "Star Drek" (or such).
It had the BEST time travel plot. It is TNG time and TNG crew is celebrating "Cpt Kirk Day". Picard is not happy. So Q changes Picard to an ensign and drags Kirk forward in time and drops him in as the captain of TNG Enterprise. It was very funny.
Move from the PAST to the FUTURE is a safe use of time travel.