I'm at a loss here so I might as well ask cowardly and anonymously.
Why do we need women in tech so bad? Seriously, why? Is there something I'm missing that makes women super heroes at programming?
I'm not even trying to troll at this point, I can do that much easier on other sites and get way better reactions.
This is the thing the story completely misses. About half of the audience insists that there is no problem, since women "just don't want to be in tech so we shouldn't make them" and therein lies the actual reason nothing has changed in the past 30 years.
The reason that level-headed people want to diversify their organizations, is that if you draw your talent from one pool and ignore another pool you are at a competitive disadvantage. There is nothing concrete to suggest that women just "don't want to be in tech" and there is nothing to suggest that they are any less apt at excelling in tech. To the contrary, there is plenty of evidence that suggests women do want to belong in tech, and can be every bit as good in tech as men. Therefore, if there are two talent pools, and you are drawing at best 20% from one pool and 80% from the other, you are going to overlook a lot of talented women (they don't just naturally float to the top) and on the flipside you are going to hire a lot of undertalented men that you don't need to if you were able to find the talented women that are out there. This leads to a suboptimal team. If your competitor cracks the nut of hiring equality, they are going to have an easier time assembling a better team than you. This is why you should care. If you ignore it and continue to think the status quo is OK, you are going to get burned by the orgs that know they can do better.
And the USPS does, in fact, have a pretty solid metadata look inside most businesses, since they know the destination of pretty much every package and letter sent or received in the USA.
How does the USPS see all the Fedex and UPS shipping data? They are the ones doing all the work, the USPS carries a slim share (a sixth) of packages in the US.
I'm wondering if they'll have a "Here comes the Boss" button that suddenly pops up a spreadsheet.
It's facebook, for work... Your org will have to opt in. When they do, the "boss button" will be in the spreadsheet app, and it will bring up facebook. Welcome to the future. Let's get some shit done!
As if having to replace keyboard-batteries every 6 months wasn't reason enough.
The batteries thing was one reason why I like my Logitech wireless keyboard as it is powered by solar cells - no battery changing at all.
But now.. hmm.. I totally didn't think about sniffing the keyboard.
Logitech is actually out in front when it comes to encryption. Their 2.4ghz wireless keyboards going back almost 10 years have used 128 bit AES. Unless someone has leaked the pre-generated key algorithm, your chat history is safe and sound.
So if I understand the summary correctly (I give myself a 50/50 chance on this), they're basically sampling random noise off of a CCD and claim that eventually it will produce the Mona Lisa? A version of the million monkeys at typewriters producing Shakespeare?
I would tell you but you would fall from superposition, and I don't want to be liable for that.
Everyone's talking about DR saying that a server has mysteriously gone offline or some disk has gotten corrupted and we need to restore to the last known backup point.
No-one seems to be thinking of a real disaster: 50' tidal surge, earthquake, or a fire destroying the entire IT setup.
Backups? Onto what, pray? Use the cloud? There is no connectivity here. Rig some borrowed PCs? Powered by what, exactly?
Unless you have a duplicate datacenter a long way away from your personal Ground Zero, no amount of drill on earth is going to prepare you for a real disaster. You'll be too busy shooting the guys who have come to take your food and fuel.
You make a good point, but indeed most medium-sized and up orgs do keep some sort of hot-spare facility at a distance, whether it's a privately owned building, colocation space, or cloud service. Traditional localized disasters (5 alarm blaze, earthquake, tornado, etc) are planned and drilled for, sometimes specifically down to which disaster has struck. If the entire eastern seaboard gets wiped out by a "real disaster", chances are your customers aren't going to be keen on getting online anyway, and everyone important to your org will be running scared for their lives, so presence of some sort of IT backup will be irrelevant.
I think it would make a ton of sense for every organization to do a DR "drill" periodically where they attempt to actually use their DR plan (restore a group of servers, reload a switch configuration, etc).
This just seems like a sensible part of that.
What worries me, though, is how they will know when to actually implement a security plan and deal with the consequences. A lot of security breaches are subtle, and you don't know they've happened or at least not always with a definitive sign like a defacement page, etc.
I would assume a "real" security response would be something akin to putting a lot of resources "in lockdown" -- shutting down servers, cutting network links, etc, which could have major business consequences. I can see where uncertainty about a breech and hesitancy to isolate key systems (perhaps necessary to contain a breech) could lead to a real clusterfuck.
I think a key part of developing the plan is deciding when you know there is a real breach and making sure that the responses are well-known ahead of time to avoid a lot of head-scratching and internal conflict.
Treat it just like a DR exercise. The first phase would be confirming the breadth and depth of the incident. Your IDS goes off, or a department reports some missing/vandalized files, or notices some logs with audit warnings that are out of place, and raises the red flag. Next, you need to gather forensic information from every last piece of equipment in your entire organization, quickly, and move it to a sterile location. Whether that is possible or not will determine your ability to move forward strategically or to deploy the airbags and EPO the datacenter before it gets worse. It's really not as mystic as most commentators here make it out to be. Come up with a plan, then hire a pen test firm to do a number on you. Don't tell your front line techs about it (in fact keep it as secret as possible) and wait for the results to come in. If your incident response plan is executed, even in part, you are on the right track. If not, regroup and try again in 6 months, and hire/contract someone to beef up the plan.
The Sony hack was a wake up call to every company that doesn't have actual money on the line in IT, to realize that sometimes you will get fucked just for the sake of getting fucked. There isn't a single profitable venture left in the western world that succeeds without IT.
Everyone else just knows that having a bulletproof IT team would be an eye-watering outlay(that would spend most of its time twiddling its thumbs and swappping the occasional toner cartridge until something actually happens), while having an adequate-for-daily-use IT team is markedly cheaper and you can always claim that you 'followed industry best practices' if something goes pear shaped.)
The same reason that small and medium businesses don't have full time lawyers, but aren't totally fucked if they do get into a scrape with the law: You find a good one, start a working relationship, and keep them on retainer for a fraction of the cost of hiring them to work full time when you only need them three days a year. Security/risk firms, that will do everything from forensics to auditing to physical penetration testing and "fire drills", are out there. Find one you like, give them a contract to get your security and DR shit in order, and keep them on speed dial for when the Big One hits.
Voter shows ID to election worker. Worker checks the box on the voter rolls. Voter goes into booth and votes.
Both auditable AND secret!
I just don't understand what problem people have with that!
How a check-box from a barely trained, barely paid poll worker constitutes audit-ready data would escape even the most experienced Arthur Andersen associate. Here's a hint: after you get home and you see the results on the news that Candidate ABC got 2 votes and Candidate XYZ got 0 votes (its a tiny town), how would you go about demonstrating that the ballot you cast in support of Candidate XYZ actually pushed the tally higher? OOPS! Audit fail.
Wrong answer. What can the carrier do to block the sending of DDoS, not keep up customers being DDoS'd? Customers participating in DDoS attacks should be disconnected. Anything else is negligence by the carriers. But ISPs make more money leaving them on and defending from attacks, rather than stopping the attacks. It's criminal, and should be treated as such.
If only it were as easy. DDoS attacks come from botnets. Botnets don't come from somewhere, they come from *everywhere*. If they played the "cut off the offenders" game they would need one hell of a huge IP-level blacklist, or they would cut off literally every link they had since compromised hosts are everywhere. If you are going to say "just force the end ISP to disconnect them" then again it's amazingly complicated since an ISP in Georgia (the country) isn't going to listen to some twat in the UK or US complain about a certain group of hosts that are participating in a DDoS, just like ISPs in those countries wouldn't listen to some ahole in Georgia complain about a DDoS host since he might just want to take it offline for political reasons and there isn't nearly enough international cooperation to keep up good relationships between all the concerned parties. Moving up a tier, there is too much good traffic coming from any given ISP to simply write it off as blocking the whole thing.
So now they've opened the door to a new idea, reapplication of Geigers, here's the pitch, are you and your other crime bosses planning something huge and you're worried about leo's using Doppler to break up your plans, buy my LEO-way Geiger counters and know when law enforcement targets your group.
LOLwut. Geiger counters are for alpha, beta, or gamma ionizing radiation (they count how often stray ionizing particles hit the collector). You won't find any ionizing particles when radar-band transmission is used.
You probably meant to say "use an off the shelf car radar detector".
Sure. The problem is, in the absence of an impartial referee everyone can submit to without losing face, things tend to get out of hand. You think someone's been unjust to you? Retaliate! Someone might be planning to attack? Attack them first! Someone's getting dangerously powerful? Take them down while you still can!
Just look at world politics: areas with functioning hegemons, even completely impotent ones like the EU, have issues settled through legal battles, while areas without them, like Africa, have an endless supply of militant groups. The hegemon doesn't necessarily have to be a Leviathan, to produce obedience through fear of themselves, they just need to have general recognition as the legitimate ruler so that anyone willing to defect over any particular issue is put back into line by the others for fear of anarchy.
More importantly, the article mentions using "overseas locations" to retaliate. Really all this is (or would be) doing is dirtying the water to make it harder to find out who the real malicious actors are. Better to spend your resources tracing down the exact source, or better yet on public awareness campaigns about malware (since all DDoS "attacks", and a lot of other attacks, come from compromised bystanders). Otherwise, you are just going to push your attackers on to a different group of hosts and will get hit again before too long.
And yet I was called a North Korean and other things for saying what is obvious.
Love the internet. So fuck you all. I was right and you FBI/President believing dumb fucks are wrong, again.
As I said before, the USA owes the NK a big fucking apology.
So some information comes out that it might be someone outside of NK or sponsored by NK (at least based on this little bit of information that isn't really even classifiable as evidence) and you are ready to beat your chest about how right you were? Sounds like you are exactly as right as everyone who said it was NK last week. I would start a slow clap, but...
Looks like the hotels are claiming this is security and performance related.
Mobile hotspots can be used to “launch an attack against [a hotel] operator’s network or threaten its guests’ privacy” by gaining access to credit card numbers or other personal data, the hotel group said in its petition.
Maybe. If the mobile hotspot is called "Marriot Free Wi-Fi" but is operated by someone collecting information on anyone who connects. Then again, this could happen anywhere. This is why you don't connect to strange wi-fi networks. If you must connect to your hotel's wi-fi network, make sure you're connecting to the right one, not just one with the same name. The solution here is guest education (post signs about which Wi-Fi network to connect to, etc), not running a jammer to block everyone else's Wi-Fi signals.
Multiple outside Wi-Fi hotspots operating in a meeting room or convention center can hurt the performance of a hotel’s Wi-Fi network, the group said.
My off-the-shelf router handles multiple wi-fi networks just fine. I connect to my Wi-Fi and my performance isn't degraded because my neighbors run Wi-Fi networks of their own. A hotel should be able to invest in the infrastructure to provide their own Wi-Fi that will work regardless of whether or not I turn my phone's Wi-Fi hotspot on.
The "security" and "performance" claims are garbage. The real reason is that they want to be able to sell you their Wi-Fi service for a ton of cash and it's hard to do this when you can bring your own Wi-Fi network in with you. As gurps_npc pointed out, if we let them do this, how long until they block all cell phone signals because it interferes with the "security and performance" of their phone system?
Educate? The users? Asking users to only connect to "The REAL Marriott wifi" is all kinds of nuts. You might as well issue them a 802.1x username/password since they are as likely to get all that shit right as they are to tell the difference between "Marriott" and "Marriot" and "Marriott Wifi" (and know which one is legitimate). Your best hope is that you are able to give them a unique WPA2 key that would fail when connecting to anything but the right AP. Even then you have to impress on the importance of actually putting the key in and not just connecting to whatever pops up and doesnt require a key, and since users follow the path of least resistance this option is bound to fail as well. A signed certificate for Wi-Fi SSIDs is hugely overdue, and the fact that we have gone through so many iterations (b, g, a, n, ac) and haven't even taken a crack at it is very disappointing.
While I don't think Marriott, etc should be allowed to do this (since it is clearly in violation of the ISM rules) it's sensible since it was clearly effective (otherwise they wouldn't have lost that judgement).
Okay, not an open port, but if you request a time update wouldn't an attacker be able to respond with a spoofed malicious packet? By sending out a request, the (stateful) firewall will usually allow a response back. I'm not an expert, so I'd be interested to see if someone more knowledgeable could explain that in more detail.
From the description of the bugs, they are related to a server being queried and not related to the expected response. So, only when running ntpd as an internet-facing daemon do you have a problem. It's also a much more convoluted attack to spoof a response from a time server, assuming the attacker hasn't used the vulnerability to take control of the one you happen to be using. Since these vulnerabilities are not in a configuration a reputable time server is likely to use (i.e. the NIST servers) the general public is pretty safe.
They were hardly cavalier with the information. Our own government allowed a contracted network admin total access to everything... now that's being cavalier.
He had a top secret clearance and worked as a system administrator on some of the lowest level pieces of the NSA's infrastructure (backup systems, etc) meaning that for him to do his job they had no choice but to give him at least some possible paths to get at the data. Whether or not he used stolen credentials to facilitate the access that let him download all the documents is a question still open.
That provision only covers money made from the information itself, and not the money made from how the information got divulged, nor information about the information.
It's a subtle but significant difference.
That's presuming that Citizen Four is about simply how the leaks took place, and does not mention any of the material in them. Given the completely cavalier attitude adopted by the central figures (Snowden, Poitras, Greenwald, etc) toward sharing the information, I doubt that this is the case.
His secret — taking human growth hormone (HGH) every day, a special Paleo diet, and a cure for cancer within ten years. "[HGH] helps maintain muscle mass, so you're much less likely to get bone injuries, arthritis," says Thiel. "There's always a worry that it increases your cancer risk but — I'm hopeful that we'll get cancer cured in the next decade [...] a modern nutritional diet designed to emulate, insofar as possible using modern foods, the diet of wild plants and animals eaten by humans during the Paleolithic era. [...] investing in a number of biotechnology companies to extend human lifespans, including Stem CentRx Inc., which uses stem cell technology for cancer therapy. [...] plans to launch a floating sovereign nation in international waters, freeing him and like-minded thinkers to live by libertarian ideals with no welfare, looser building codes, no minimum wage, and few restrictions on weapons.
If anyone played those games and thought "well how could all this batshit stuff all happen in the same place?" now you have your answer.
They may have done more AFTER the scripts gave them access. But it appears that the scripts gave them the initial access.
Where did it actually say that? They know the credentials given to Fazio were used to access the Target systems as the point of entry, but they don't know how the miscreants came into possession of them. The most likely method was a spear phishing attack that allowed a keylogger on to one of the PCs at Fazio. It's simply too far fetched to think that someone trolling with a script happened across Fazio, then just realized they could use it as a backdoor into Target, and then also be in possession of some very sophisticated malware that, oh gee look, matches the Target POS systems exactly down to the firmware rev number.
He is phrasing it incorrectly. The attacks are scripted and BLIND. They don't attack X and skip Y if X is vulnerable. Or attack Y if X is not vulnerable. They attack A - Z regardless of the success or failure of any single attack.
That's not entirely true. It's not clear how many other targets the miscreants who hit Home Depot, Target, etc had, but they did a lot more than scripted attacks (they used social reconnaissance, then spear phishing, then multiple point-of-entry probes, for starters) in order to get inside, and once inside they put a hell of a lot of work into pulling off their attack, and mixed that with a ton of luck in order to actually succeed. The Target hack actually would have been dead from the start if Target trusted their FireEye consultants who tried to warn them of the impending data theft.
"Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September"
While a big deal, Shellshock was very limited in scope and the large scale exploit implications were stamped out very quickly through updates to vulnerable web front-ends (which was just about the only exploitable path, despite so many proclamations that the sky was falling and every internet-connected linux device will get rooted in a matter of days). If this is as severe as Shellshock, I will take notice but at the same time sigh that it's not going to be very bad at all.
A true smartwatch would provide both in addition to time based on UTC. I find it amazing that a purely mechanical watch, albeit those that cost upwards of a quarter of a million dollars can do both (provided you set the cams inside for proper longitude and latitude) but a watch with a computer inside that can do these calculations is unavailable.
Or just buy 3 $10-dollar watches, and save almost 99.99% of your money.
Sidereal timekeeping is done to the absolution rotation of Earth as opposed to the rotation relative to the sun (which changes as we orbit) so a Sidereal hour is shorter than a solar hour. You would need to find a $10 watch that drifts at exactly +0.275% which is not impossible but rather hard to do on the first try.
Part of writing a good ticket is being specific about your use case and not presupposing the solution. From what you've written, the problem is not technical and has nothing to do with a smart watch. The problem is you are forgetful.
If you can be specific about what you are actually doing with your phone, we can give you solutions that may or may not involve a smart watch.
This is it exactly. The solutions to the problem of not having phone-like features attached to your wrist (where you can't forget them) are either a: purchase a several hundred dollar bit of tech that you clearly dont know suits your needs, or b: tie your phone to your fucking wrist.
Slashdot Mirror
one of the greatest communities to ever grace the Web.
lolwut
He's only 26-ish. He has no idea how elegant and wondrous the contributors of alt.barney.dinosaur.die.die.die were.
I'm at a loss here so I might as well ask cowardly and anonymously.
Why do we need women in tech so bad? Seriously, why? Is there something I'm missing that makes women super heroes at programming?
I'm not even trying to troll at this point, I can do that much easier on other sites and get way better reactions.
This is the thing the story completely misses. About half of the audience insists that there is no problem, since women "just don't want to be in tech so we shouldn't make them" and therein lies the actual reason nothing has changed in the past 30 years.
The reason that level-headed people want to diversify their organizations, is that if you draw your talent from one pool and ignore another pool you are at a competitive disadvantage. There is nothing concrete to suggest that women just "don't want to be in tech" and there is nothing to suggest that they are any less apt at excelling in tech. To the contrary, there is plenty of evidence that suggests women do want to belong in tech, and can be every bit as good in tech as men. Therefore, if there are two talent pools, and you are drawing at best 20% from one pool and 80% from the other, you are going to overlook a lot of talented women (they don't just naturally float to the top) and on the flipside you are going to hire a lot of undertalented men that you don't need to if you were able to find the talented women that are out there. This leads to a suboptimal team. If your competitor cracks the nut of hiring equality, they are going to have an easier time assembling a better team than you. This is why you should care. If you ignore it and continue to think the status quo is OK, you are going to get burned by the orgs that know they can do better.
And the USPS does, in fact, have a pretty solid metadata look inside most businesses, since they know the destination of pretty much every package and letter sent or received in the USA.
How does the USPS see all the Fedex and UPS shipping data? They are the ones doing all the work, the USPS carries a slim share (a sixth) of packages in the US.
I'm wondering if they'll have a "Here comes the Boss" button that suddenly pops up a spreadsheet.
It's facebook, for work... Your org will have to opt in. When they do, the "boss button" will be in the spreadsheet app, and it will bring up facebook. Welcome to the future. Let's get some shit done!
As if having to replace keyboard-batteries every 6 months wasn't reason enough.
The batteries thing was one reason why I like my Logitech wireless keyboard as it is powered by solar cells - no battery changing at all.
But now .. hmm .. I totally didn't think about sniffing the keyboard.
Logitech is actually out in front when it comes to encryption. Their 2.4ghz wireless keyboards going back almost 10 years have used 128 bit AES. Unless someone has leaked the pre-generated key algorithm, your chat history is safe and sound.
When I go to the space station, I'm planning to take a 4 centimeter long toy shark, and then I'll jump over it.
You are going to want to watch your head when you try that in microgravity.
So if I understand the summary correctly (I give myself a 50/50 chance on this), they're basically sampling random noise off of a CCD and claim that eventually it will produce the Mona Lisa? A version of the million monkeys at typewriters producing Shakespeare?
I would tell you but you would fall from superposition, and I don't want to be liable for that.
Everyone's talking about DR saying that a server has mysteriously gone offline or some disk has gotten corrupted and we need to restore to the last known backup point.
No-one seems to be thinking of a real disaster: 50' tidal surge, earthquake, or a fire destroying the entire IT setup.
Backups? Onto what, pray?
Use the cloud? There is no connectivity here.
Rig some borrowed PCs? Powered by what, exactly?
Unless you have a duplicate datacenter a long way away from your personal Ground Zero, no amount of drill on earth is going to prepare you for a real disaster. You'll be too busy shooting the guys who have come to take your food and fuel.
You make a good point, but indeed most medium-sized and up orgs do keep some sort of hot-spare facility at a distance, whether it's a privately owned building, colocation space, or cloud service. Traditional localized disasters (5 alarm blaze, earthquake, tornado, etc) are planned and drilled for, sometimes specifically down to which disaster has struck. If the entire eastern seaboard gets wiped out by a "real disaster", chances are your customers aren't going to be keen on getting online anyway, and everyone important to your org will be running scared for their lives, so presence of some sort of IT backup will be irrelevant.
I think it would make a ton of sense for every organization to do a DR "drill" periodically where they attempt to actually use their DR plan (restore a group of servers, reload a switch configuration, etc).
This just seems like a sensible part of that.
What worries me, though, is how they will know when to actually implement a security plan and deal with the consequences. A lot of security breaches are subtle, and you don't know they've happened or at least not always with a definitive sign like a defacement page, etc.
I would assume a "real" security response would be something akin to putting a lot of resources "in lockdown" -- shutting down servers, cutting network links, etc, which could have major business consequences. I can see where uncertainty about a breech and hesitancy to isolate key systems (perhaps necessary to contain a breech) could lead to a real clusterfuck.
I think a key part of developing the plan is deciding when you know there is a real breach and making sure that the responses are well-known ahead of time to avoid a lot of head-scratching and internal conflict.
Treat it just like a DR exercise. The first phase would be confirming the breadth and depth of the incident. Your IDS goes off, or a department reports some missing/vandalized files, or notices some logs with audit warnings that are out of place, and raises the red flag. Next, you need to gather forensic information from every last piece of equipment in your entire organization, quickly, and move it to a sterile location. Whether that is possible or not will determine your ability to move forward strategically or to deploy the airbags and EPO the datacenter before it gets worse. It's really not as mystic as most commentators here make it out to be. Come up with a plan, then hire a pen test firm to do a number on you. Don't tell your front line techs about it (in fact keep it as secret as possible) and wait for the results to come in. If your incident response plan is executed, even in part, you are on the right track. If not, regroup and try again in 6 months, and hire/contract someone to beef up the plan.
The Sony hack was a wake up call to every company that doesn't have actual money on the line in IT, to realize that sometimes you will get fucked just for the sake of getting fucked. There isn't a single profitable venture left in the western world that succeeds without IT.
Everyone else just knows that having a bulletproof IT team would be an eye-watering outlay(that would spend most of its time twiddling its thumbs and swappping the occasional toner cartridge until something actually happens), while having an adequate-for-daily-use IT team is markedly cheaper and you can always claim that you 'followed industry best practices' if something goes pear shaped.)
The same reason that small and medium businesses don't have full time lawyers, but aren't totally fucked if they do get into a scrape with the law: You find a good one, start a working relationship, and keep them on retainer for a fraction of the cost of hiring them to work full time when you only need them three days a year. Security/risk firms, that will do everything from forensics to auditing to physical penetration testing and "fire drills", are out there. Find one you like, give them a contract to get your security and DR shit in order, and keep them on speed dial for when the Big One hits.
It's really very easy.
Voter shows ID to election worker. Worker checks the box on the voter rolls. Voter goes into booth and votes.
Both auditable AND secret!
I just don't understand what problem people have with that!
How a check-box from a barely trained, barely paid poll worker constitutes audit-ready data would escape even the most experienced Arthur Andersen associate. Here's a hint: after you get home and you see the results on the news that Candidate ABC got 2 votes and Candidate XYZ got 0 votes (its a tiny town), how would you go about demonstrating that the ballot you cast in support of Candidate XYZ actually pushed the tally higher? OOPS! Audit fail.
Wrong answer. What can the carrier do to block the sending of DDoS, not keep up customers being DDoS'd? Customers participating in DDoS attacks should be disconnected. Anything else is negligence by the carriers. But ISPs make more money leaving them on and defending from attacks, rather than stopping the attacks. It's criminal, and should be treated as such.
If only it were as easy. DDoS attacks come from botnets. Botnets don't come from somewhere, they come from *everywhere*. If they played the "cut off the offenders" game they would need one hell of a huge IP-level blacklist, or they would cut off literally every link they had since compromised hosts are everywhere. If you are going to say "just force the end ISP to disconnect them" then again it's amazingly complicated since an ISP in Georgia (the country) isn't going to listen to some twat in the UK or US complain about a certain group of hosts that are participating in a DDoS, just like ISPs in those countries wouldn't listen to some ahole in Georgia complain about a DDoS host since he might just want to take it offline for political reasons and there isn't nearly enough international cooperation to keep up good relationships between all the concerned parties. Moving up a tier, there is too much good traffic coming from any given ISP to simply write it off as blocking the whole thing.
So now they've opened the door to a new idea, reapplication of Geigers, here's the pitch, are you and your other crime bosses planning something huge and you're worried about leo's using Doppler to break up your plans, buy my LEO-way Geiger counters and know when law enforcement targets your group.
LOLwut. Geiger counters are for alpha, beta, or gamma ionizing radiation (they count how often stray ionizing particles hit the collector). You won't find any ionizing particles when radar-band transmission is used.
You probably meant to say "use an off the shelf car radar detector".
Sure. The problem is, in the absence of an impartial referee everyone can submit to without losing face, things tend to get out of hand. You think someone's been unjust to you? Retaliate! Someone might be planning to attack? Attack them first! Someone's getting dangerously powerful? Take them down while you still can!
Just look at world politics: areas with functioning hegemons, even completely impotent ones like the EU, have issues settled through legal battles, while areas without them, like Africa, have an endless supply of militant groups. The hegemon doesn't necessarily have to be a Leviathan, to produce obedience through fear of themselves, they just need to have general recognition as the legitimate ruler so that anyone willing to defect over any particular issue is put back into line by the others for fear of anarchy.
More importantly, the article mentions using "overseas locations" to retaliate. Really all this is (or would be) doing is dirtying the water to make it harder to find out who the real malicious actors are. Better to spend your resources tracing down the exact source, or better yet on public awareness campaigns about malware (since all DDoS "attacks", and a lot of other attacks, come from compromised bystanders). Otherwise, you are just going to push your attackers on to a different group of hosts and will get hit again before too long.
And yet I was called a North Korean and other things for saying what is obvious.
Love the internet. So fuck you all. I was right and you FBI/President believing dumb fucks are wrong, again.
As I said before, the USA owes the NK a big fucking apology.
So some information comes out that it might be someone outside of NK or sponsored by NK (at least based on this little bit of information that isn't really even classifiable as evidence) and you are ready to beat your chest about how right you were? Sounds like you are exactly as right as everyone who said it was NK last week. I would start a slow clap, but...
Looks like the hotels are claiming this is security and performance related.
Maybe. If the mobile hotspot is called "Marriot Free Wi-Fi" but is operated by someone collecting information on anyone who connects. Then again, this could happen anywhere. This is why you don't connect to strange wi-fi networks. If you must connect to your hotel's wi-fi network, make sure you're connecting to the right one, not just one with the same name. The solution here is guest education (post signs about which Wi-Fi network to connect to, etc), not running a jammer to block everyone else's Wi-Fi signals.
My off-the-shelf router handles multiple wi-fi networks just fine. I connect to my Wi-Fi and my performance isn't degraded because my neighbors run Wi-Fi networks of their own. A hotel should be able to invest in the infrastructure to provide their own Wi-Fi that will work regardless of whether or not I turn my phone's Wi-Fi hotspot on.
The "security" and "performance" claims are garbage. The real reason is that they want to be able to sell you their Wi-Fi service for a ton of cash and it's hard to do this when you can bring your own Wi-Fi network in with you. As gurps_npc pointed out, if we let them do this, how long until they block all cell phone signals because it interferes with the "security and performance" of their phone system?
Educate? The users? Asking users to only connect to "The REAL Marriott wifi" is all kinds of nuts. You might as well issue them a 802.1x username/password since they are as likely to get all that shit right as they are to tell the difference between "Marriott" and "Marriot" and "Marriott Wifi" (and know which one is legitimate). Your best hope is that you are able to give them a unique WPA2 key that would fail when connecting to anything but the right AP. Even then you have to impress on the importance of actually putting the key in and not just connecting to whatever pops up and doesnt require a key, and since users follow the path of least resistance this option is bound to fail as well. A signed certificate for Wi-Fi SSIDs is hugely overdue, and the fact that we have gone through so many iterations (b, g, a, n, ac) and haven't even taken a crack at it is very disappointing.
While I don't think Marriott, etc should be allowed to do this (since it is clearly in violation of the ISM rules) it's sensible since it was clearly effective (otherwise they wouldn't have lost that judgement).
Okay, not an open port, but if you request a time update wouldn't an attacker be able to respond with a spoofed malicious packet? By sending out a request, the (stateful) firewall will usually allow a response back. I'm not an expert, so I'd be interested to see if someone more knowledgeable could explain that in more detail.
From the description of the bugs, they are related to a server being queried and not related to the expected response. So, only when running ntpd as an internet-facing daemon do you have a problem. It's also a much more convoluted attack to spoof a response from a time server, assuming the attacker hasn't used the vulnerability to take control of the one you happen to be using. Since these vulnerabilities are not in a configuration a reputable time server is likely to use (i.e. the NIST servers) the general public is pretty safe.
They were hardly cavalier with the information. Our own government allowed a contracted network admin total access to everything... now that's being cavalier.
He had a top secret clearance and worked as a system administrator on some of the lowest level pieces of the NSA's infrastructure (backup systems, etc) meaning that for him to do his job they had no choice but to give him at least some possible paths to get at the data. Whether or not he used stolen credentials to facilitate the access that let him download all the documents is a question still open.
That provision only covers money made from the information itself, and not the money made from how the information got divulged, nor information about the information.
It's a subtle but significant difference.
That's presuming that Citizen Four is about simply how the leaks took place, and does not mention any of the material in them. Given the completely cavalier attitude adopted by the central figures (Snowden, Poitras, Greenwald, etc) toward sharing the information, I doubt that this is the case.
His secret — taking human growth hormone (HGH) every day, a special Paleo diet, and a cure for cancer within ten years. "[HGH] helps maintain muscle mass, so you're much less likely to get bone injuries, arthritis," says Thiel. "There's always a worry that it increases your cancer risk but — I'm hopeful that we'll get cancer cured in the next decade [...] a modern nutritional diet designed to emulate, insofar as possible using modern foods, the diet of wild plants and animals eaten by humans during the Paleolithic era. [...] investing in a number of biotechnology companies to extend human lifespans, including Stem CentRx Inc., which uses stem cell technology for cancer therapy. [...] plans to launch a floating sovereign nation in international waters, freeing him and like-minded thinkers to live by libertarian ideals with no welfare, looser building codes, no minimum wage, and few restrictions on weapons.
If anyone played those games and thought "well how could all this batshit stuff all happen in the same place?" now you have your answer.
From what I've read, the Target crack was funnelled through a 3rd party HVAC company that did not secure their systems sufficiently.
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
They may have done more AFTER the scripts gave them access. But it appears that the scripts gave them the initial access.
Where did it actually say that? They know the credentials given to Fazio were used to access the Target systems as the point of entry, but they don't know how the miscreants came into possession of them. The most likely method was a spear phishing attack that allowed a keylogger on to one of the PCs at Fazio. It's simply too far fetched to think that someone trolling with a script happened across Fazio, then just realized they could use it as a backdoor into Target, and then also be in possession of some very sophisticated malware that, oh gee look, matches the Target POS systems exactly down to the firmware rev number.
He is phrasing it incorrectly. The attacks are scripted and BLIND. They don't attack X and skip Y if X is vulnerable. Or attack Y if X is not vulnerable. They attack A - Z regardless of the success or failure of any single attack.
That's not entirely true. It's not clear how many other targets the miscreants who hit Home Depot, Target, etc had, but they did a lot more than scripted attacks (they used social reconnaissance, then spear phishing, then multiple point-of-entry probes, for starters) in order to get inside, and once inside they put a hell of a lot of work into pulling off their attack, and mixed that with a ton of luck in order to actually succeed. The Target hack actually would have been dead from the start if Target trusted their FireEye consultants who tried to warn them of the impending data theft.
"Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September"
While a big deal, Shellshock was very limited in scope and the large scale exploit implications were stamped out very quickly through updates to vulnerable web front-ends (which was just about the only exploitable path, despite so many proclamations that the sky was falling and every internet-connected linux device will get rooted in a matter of days). If this is as severe as Shellshock, I will take notice but at the same time sigh that it's not going to be very bad at all.
A true smartwatch would provide both in addition to time based on UTC. I find it amazing that a purely mechanical watch, albeit those that cost upwards of a quarter of a million dollars can do both (provided you set the cams inside for proper longitude and latitude) but a watch with a computer inside that can do these calculations is unavailable.
Or just buy 3 $10-dollar watches, and save almost 99.99% of your money.
Sidereal timekeeping is done to the absolution rotation of Earth as opposed to the rotation relative to the sun (which changes as we orbit) so a Sidereal hour is shorter than a solar hour. You would need to find a $10 watch that drifts at exactly +0.275% which is not impossible but rather hard to do on the first try.
need access to my smart-phone for various reasons
[...]
various sorts of data access
Part of writing a good ticket is being specific about your use case and not presupposing the solution. From what you've written, the problem is not technical and has nothing to do with a smart watch. The problem is you are forgetful.
If you can be specific about what you are actually doing with your phone, we can give you solutions that may or may not involve a smart watch.
This is it exactly. The solutions to the problem of not having phone-like features attached to your wrist (where you can't forget them) are either a: purchase a several hundred dollar bit of tech that you clearly dont know suits your needs, or b: tie your phone to your fucking wrist.