Slashdot Mirror


User: Jeremiah+Cornelius

Jeremiah+Cornelius's activity in the archive.

Stories
0
Comments
6,917
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,917

  1. Something actually USEFUL to you on Writing Permission Forms for Network Analysis? · · Score: 5, Informative
    Jeesh, guys!

    The guy is asking a question here!

    You will find most of what you want to know at the SANS Reading Room site. This is an invaluable resource for your line of work.

    SANS briefly used an obnoxious password scheme to access this archive, but this has been - thankfully - removed.

    Specific to your needs is a "waiver" style document, to be signed by the technical and management authorities resposible for the network you are testing. It defines the behaviors to expect from a consultant and the expectation of impact by the client. A good example, by GIAC candidate Nancy Simpson, is provided here: PENETRATION TEST SAMPLE RULES OF BEHAVIOR .

    This is in the Reading Room, under the section Penetration Testing.

    You can adapt some of this to your needs - keeping a Lawyer on retainer is a bit steep for a single, independant contractor these days, with contracts like provebial hen's teeth. Insurance isn't probably a bad idea though.

  2. Re:Yay Evil Monopoly Of Doom! on Tim Bray on Microsoft Office · · Score: 4, Insightful
    I don't beleive any of this crap is goingto happen from MS. Not for a New York second.

    You'll be DMCA'd out of the loop for trying, and the format will validate itself with 'Palladium' features in software, or some such.

    However, the mind reels at the idea of managing PowerPoint and Excel files from emacs!

  3. RSYNC!!! on Calling for Smaller Kernel Sources? · · Score: 5, Informative
    You need rsync.

    It was devised to combat just the problem you cite.

    rsync://rsync.kernel.org/pub/[wherever you want to go]

    Thank you, TRIDGE!

  4. EFF Analysis of USA-PATRIOT on Former FBI Chief Keeps Up Anti-Crypto Campaign · · Score: 2
    Executive Summary
    Chief Concerns
    The EFF's chief concerns with the USAPA include:

    Expanded Surveillance With Reduced Checks and Balances. USAPA expands all four traditional tools of surveillance -- wiretaps, search warrants, pen/trap orders and subpoenas. Their counterparts under the Foreign Intelligence Surveillance Act (FISA) that allow spying in the U.S. by foreign intelligence agencies have similarly been expanded.
    This means:

    Be careful what you put in that Google search.
    The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation. The person spied on does not have to be the target of the investigation. This application must be granted and the government is not obligated to report to the court or tell the person spied up what it has done.

    Nationwide roving wiretaps.
    FBI and CIA can now go from phone to phone, computer to computer without demonstrating that each is even being used by a suspect or target of an order. The government may now serve a single wiretap, FISA wiretap or pen/trap order on any person or entity nationwide, regardless of whether that person or entity is named in the order. The government need not make any showing to a court that the particular information or communication to be acquired is relevant to a criminal investigation. In the pen/trap or FISA situations, they do not even have to report where they served the order or what information they received. The EFF believes that the opportunities for abuse of these broad new powers are immense. For pen/trap orders, ISPs or others who are not named in the do have authority under the law to request certification from the Attorney General's office that the order applies to them, but they do not have the authority to request such confirmation from a court.

    ISPs hand over more user information.
    The law makes two changes to increase how much information the government may obtain about users from their ISPs or others who handle or store their online communications. First it allows ISPs to voluntarily hand over all "non-content" information to law enforcement with no need for any court order or subpoena. sec. 212. Second, it expands the records that the government may seek with a simple subpoena (no court review required) to include records of session times and durations, temporarily assigned network (I.P.) addresses; means and source of payments, including credit card or bank account numbers. secs. 210, 211.

    New definitions of terrorism expand scope of surveillance.
    One new definition of terrorism and three expansions of previous terms also expand the scope of surveillance. They are 1) 802 definition of "domestic terrorism" (amending 18 USC 2331), which raises concerns about legitimate protest activity resulting in conviction on terrorism charges, especially if violence erupts; adds to 3 existing definition of terrorism (int'l terrorism per 18 USC 2331, terrorism transcending national borders per 18 USC 2332b, and federal terrorism per amended 18 USC 2332b(g)(5)(B)). These new definitions also expose more people to surveillance (and potential "harboring" and "material support" liability, 803, 805).

    Overbreadth with a lack of focus on terrorism.
    Several provisions of the USAPA have no apparent connection to preventing terrorism. These include:

    Government spying on suspected computer trespassers with no need for court order. Sec. 217.

    Adding samples to DNA database for those convicted of "any crime of violence." Sec. 503. The provision adds collection of DNA for terrorists, but then inexplicably also adds collection for the broad, non-terrorist category of "any crime of violence."

    Wiretaps now allowed for suspected violations of the Computer Fraud and Abuse Act. This includes anyone suspected of "exceeding the authority" of a computer used in interstate commerce, causing over $5000 worth of combined damage.

    Dramatic increases to the scope and penalties of the Computer Fraud and Abuse Act. This includes: 1) raising the maximum penalty for violations to 10 years (from 5) for a first offense and 20 years (from 10) for a second offense; 2) ensuring that violators only need to intend to cause damage generally, not intend to cause damage or other specified harm over the $5,000 statutory damage threshold; 3) allows aggregation of damages to different computers over a year to reach the $5,000 threshold; 4) enhance punishment for violations involving any (not just $5,000) damage to a government computer involved in criminal justice or the military; 5) include damage to foreign computers involved in US interstate commerce; 6) include state law offenses as priors for sentencing; 7) expand definition of loss to expressly include time spent investigating, responding, for damage assessment and for restoration.

    Allows Americans to be More Easily Spied Upon by US Foreign Intelligence Agencies. Just as the domestic law enforcement surveillance powers have expanded, the corollary powers under the Foreign Intelligence Surveillance Act have also been greatly expanded, including: General Expansion of FISA Authority. FISA authority to spy on Americans or foreign persons in the US (and those who communicate with them) increased from situations where the suspicion that the person is the agent of a foreign government is "the" purpose of the surveillance to anytime that this is "a significant purpose" of the surveillance.

    Increased information sharing between domestic law enforcement and intelligence. This is a partial repeal of the wall put up in the 1970s after the discovery that the FBI and CIA had been conducting investigations on over half a million Americans during the McCarthy era and afterwards, including the pervasive surveillance of Martin Luther King in the 1960s. It allows wiretap results and grand jury information and other information collected in a criminal case to be disclosed to the intelligence agencies when the information constitutes foreign intelligence or foreign intelligence information, the latter being a broad new category created by this law.

    FISA detour around federal domestic surveillance limitations; domestic detour around FISA limitations. Domestic surveillance limits can be skirted by the Attorney General, for instance, by obtaining a FISA wiretap against a US person where "probable cause" does not exist, but when the person is suspected to be an agent of a foreign government. The information can then be shared with the FBI. The reverse is also true.

  5. Re:Bureaucratic filth on Striving for HIPAA Compiance? · · Score: 5, Informative
    Part of the problem with HIPAA is the earnest attempt to create a standard for Information Security controls, without a requirement for implementation specifics on individual security controls. The aim is admirable - do not specify technologies which could be tied to a vendor, or rendered obsolete within the decade. Also, do not make assumptions about the specific sensitivity of individual data elements in the custody of various regulated entities.

    The unfortunate consequence is that the resulting guidelines are very general, and require a continuous lifecycle process for evaluation, iplementation, audit and compliance. The healthcare industry must now involve itself in a regieme of regulatory overhead analogous to that of Securities or banking.

    I don't think this is bad, per se. There is no history here for an emergence of industry best practices, etc. Expect it to be messy for a while.

  6. Re:This sounds familiar on Jaguar Free for K-12 Teachers · · Score: 2
    A company can declared to be a monopoly in one market while having plenty of competition in another (ie. Windows 95% desktop, ~35% (?) server). Apple holds about 20% of the education market which means that Microsoft can't be said to have a monopoly in that market. The difference, of course, is context.
    Monopoly power is considered pernicious, especially when leveraging a Monopoly in one area, to try and extend itself in another.

    This is the fundamental argument about Netscape. MS had desktop dominance, and used it to achieve browser dominance.

    One needn't have a monopoly in one given area, to provoke a legal need for restriction on one's activities in another.

    Ironic how you gave that helpful explanation of context, yet failed to understand it completely.
    I wonder if you have any basic understanding of the existing legislation, and the rationale for constraints that have been sought on MS behavior... It appears you are more pleased by being contrary, than by thinking a little.
  7. Re:This sounds familiar on Jaguar Free for K-12 Teachers · · Score: 5, Insightful
    There is a juvinile aspect to your argument, that is common when someone on Slashdot contrasts an action by Microsoft, with one by another player - such as Apple or Corel.

    There is a magic concept at work here: CONTEXT

    What makes an action by MS reprehensible or not, is not the actual sequence of events, but the context in which they occur. This is in fact, the determining factor about anti-trust law. A legitimate form of promotion by one entity becomes a prohibited leverage of dominance in the market by a monopoly player.

    MS has been determined - in unquestionable legal language - to be a Monopoly player.

    Now, make your crack - is MS the Shoe, Top Hat or the Scottie Dog...

  8. Re:excuse me? on System Adminstration and Corporate Ethics? · · Score: 2
    Hmmmm.... Remove by age?

    This is a job for...

    P R O C M A I L ! ! !

    Really, this thing is amazing, and it's probably already installed by your distro on Linux. On BSD it's in ports - and you can build source for Solaris, etc. If procmail needs help, it comes with formail, and both play well with sed in a script.

    BTW: an answer to a very similar question from the procmail list. YMMV.

  9. Re:excuse me? on System Adminstration and Corporate Ethics? · · Score: 5, Insightful
    The admin would have been required to look through his mail to find the mail and then remove it.
    He'd have to look through what?

    Cat the mailbox, pipe through grep. awk/sed scripts for trimming/whacking mailspool come for the asking.

    BTW. In the U.S. there is no guarantee of privacy for corporate e-mail systems. Period. End-of-question. This is until another court decieds otherwise.

    If you want something private, use your disks, "your" wires, and your crypto.

  10. Re:Link or Mirror? on Build Your Own Carnival Ride · · Score: 0, Redundant
    Yeah...

    Slashdot tuned their server into a "Dark Ride."

  11. Re:Red Herring, and LIES on Former FBI Chief Keeps Up Anti-Crypto Campaign · · Score: 2
    You might try examining the USA_PATRIOT act. I do not expect to modify your point-of-view with argument or example. I beleive that an attempt to do so, would be regarded as an attack on your psychological identity - as you have even sought to name yourself NeoCon in this forum!

    I suppose this will be a case of "to each his own."

  12. Re:Red Herring, and LIES on Former FBI Chief Keeps Up Anti-Crypto Campaign · · Score: 3, Insightful
    Actually, the record shows that despite a lot of lobbying by the Clinton administration, spearpointed by Freeh himself, our representatives made the right choice, and said no to key escrow.

    In other words, despite the efforts of those like Freeh, the system's worked pretty well at safeguarding people's rights...

    Right, you are!

    As they say, "That was then, this is now." Personally, I wouldn't expect the same kind of result in the post 9/11 period of hysteria, coupled with the kind of assaults mounted by the Bush administration.

    But,
    I do hope you continue to be correct...

  13. Red Herring, and LIES on Former FBI Chief Keeps Up Anti-Crypto Campaign · · Score: 5, Insightful
    The man is a disingenous fraud, a good politician, and an incompetant in the fields of security and intelligence.

    Freeh needs to find a whipping boy for the failures of correlating the various peices intelligence datum, which occurred on his watch. Restricting legal access to crypto will only assist in the illicit observation of constitutionally protected speech by private individuals, and destroy what little competitive advantage is enjoyed by U.S. software industries over their counterparts in Israel and India.

    The algorithms and the source will not go "back in the can."

    Louis Freeh is responsible, in a large part, for the biggest intelligence failure in modern recollection. None of the failure in this effort was for lack of access to encrypted communications, but from standard failures of organization and communications within the concerned agencies.

    The Heritage Foundation - not normally critical of the FBI's mission - has this to say:

    But what if FBI intelligence fails to collect, analyze and share this information? This could happen, the commission found, because "the guidelines under which FBI agents operate ... are badly written and confusing. These are guidelines that set out the terms under which the FBI can open a preliminary inquiry against somebody who may be suspected of being a terrorist. All of us read them (they run to about 42 pages) and we had a number of current and former FBI agents testify that they found them confusing."

    The commission recommended that then Attorney General Janet Reno and former FBI Director Louis Freeh rewrite the guidelines into "more easily understood English."

    Moreover, the FBI had no procedure for disseminating useful information for analysis within the agency or sharing it with other government agencies.

    Information which was obtained, in Los Angeles, for example, but did not immediately apply to the case at hand, would simply not leave the regional office, even though it might provide important clues for another investigation, says Ambassador L. Paul Bremer, Ambassador at Large for Counterintelligence during the Reagan Administration and former Managing Director of Kissinger Associates.

    Encryption wasn't used in this instance. No evidence for it has ever been found. Freeh has a broader, more insidious agenda here, involving free speech and civil liberties. Unfortunately, the record shows that deep, analytical thinking about these issues is outside the grasp of the majority of America's elected representatives.
  14. Re:Not just Commiez... SPAIN too! on Vietnam Requires Gov't Vetting of Business Websites · · Score: 3, Interesting
    Well, Ashcroft's statements are easy enough to find. This is related to the Child-Pr0n bugbear.

    It's all about the children

    More astonishing precedent is set by the confiscation of web servers at raisethefist.com .

    If I am to accept what I beleive to be your criteria, then it's pretty clear in the light of recent developments, that the U.S. is not a liberal democracy, and is quickly moving away from any reasonable description of a Republic.

  15. Not just Commiez... SPAIN too! on Vietnam Requires Gov't Vetting of Business Websites · · Score: 5, Informative
    The Reg just had an article this morning, about a similar law - called LSSI- in Spain.

    ISPs and sites are being held accountable for "illicit" content.

    Stop your red-baiting on the thread, you trolls! It's happening in "western, liberal-democracies", too!

    U.S. is mere motions away from this. If recent precedent carries over to Net space, "Justice" Department will exercise this authority without consultation from the legislature.

  16. Re:Why is it? on Ask Donald Becker · · Score: 1, Offtopic
    Sorry!

    You even linked...

    But really, I've been thinking this for years!

  17. Why is it? on Ask Donald Becker · · Score: 3, Insightful
    Why is is that the Slashdot crew --and the Open Source world in general-- seem largely oblivious to your acheivements as a musician, composer and arranger?

    It would be nice to have an anecdote or two about your years with Steely Dan - or even the solo projects from the '80's.

  18. Re:point WARNING -OFF TOPIC on RMS Weighs In On BitKeeper · · Score: 2

    Why do people hate?

  19. Re:EULA changes? on New "Secure" Xbox Cracked In Under A Week · · Score: 2
    PS - Wasn't there something about Intel's customers (like the DoD) wanting a second source supplier for the x86 line as well?
    Yeah, you're right... This was one of Intel's motivations for the tech transfer with AMD. IIRC, it was the removal of second-source restrictions that encouraged Intel to try and back away from the agreements as AMD saw them.

    Dude, watch out for the fireclown. He doesn't like you very much.
    I beleive him to be as diminished as myself in this continuum... He sits out front of the Starbucks by the Pacific Stock Exchange, these days. Sad, really. I give him change.
  20. Re:In the real world... on Are Colleges Helping to Maintain the Microsoft Monopoly? · · Score: 2
    Re:In the real world... (Score:1)
    by Trusty Penfold on Saturday October 12, @09:54PM (#4439547)
    (User #615679 Info)
    You also get what you pay for.
    Is it possible to mod -1 Inane?

    Also just patently false...

  21. Re:EULA changes? on New "Secure" Xbox Cracked In Under A Week · · Score: 5, Informative
    AMD didn't reverse engineer Intel's CPUs. They used to work together on processors
    Well, I wouldn't say "work together"... :-P

    AMD had some fantastic processes for -- at the time -- incredibly fine micron CMOS fabrication. Intel had dink to show in the fab department. In order to build a 386 faster than 16 MHz, that wouldn't require raised-floor equipment to keep cool, they needed a license on AMD's fabrication technology.

    AMD exchanged this license, in exchange for a license on 286 and future technologies. The grounds for what these future technologies were comprised of were the grounds for the Intel/AMD legal battles of the '90's. The courts agreed this was inclusive of the i386 microcode, and the rest... is history

  22. Re:I think we're stretching things a bit... on Why Human Rights Requires Free Software · · Score: 4, Informative
    When we now consider the right to Free software a basic human right, I think we are all starting to take ourselves a little too seriously
    Well...
    You begin a good "straw man" attack.

    The notion that software expressed in source code is a form of speech has been established in U.S. courts, at least. An attack on the "right" to free software is an attack against a category of free speech, and would represent an erosion of the entire category of free speech rights.

    It's not like someone is trying to outlaw the writing of Free software, or suppress the Free software movement
    No?
    Maybe not in the U.S.,
    maybe not right now.

    In the recent past, the idea of free software was seriously threatened by a number of high-profile cases, mostly around the topic of encryption. There are many pending and emerging cases involving patents, so-called 'intellectual property' and Digital Rights. All of these represent an effort by various established interests to classify free software as an infrigement on their rights.

    Nobody expected Habeus Corpus to come under attack in the United States, 18 months ago. Surprising and drastic things happen in a very short time.

    Free software is good. But that doesn't mean that all software should be Free.
    The artical in question does not even advance a claim like this.

    It is proposed that all software used by Human Rights workers in the field should be free software (Software Libre,) wherever it is at all possible.

    It is also advanced that there are inherent inequalities in the control and trust relationships with proprietary vendors - which might be acceptable parts of a social contract for home use or doing business. Nonetheless this is a repugnant situation and represent an unacceptable risk to the mission of the workers and the well-being of subjects in Human Rights field-work.

  23. Oh, Cthulu! on Spherical Keyboards? · · Score: 3, Funny

    Man, I havn't had my tentacles on a shperical keyboard since Randall Carter was alive!

  24. Re:how about.... on BSD Still Won't Run on IBM ThinkPads? · · Score: 2
    BSD experience is much more useful for someone with commercial UNIX aspirations.
    That's why Berkeley init.rc is present on Solaris, Tru64, HP/UX, AIX and SCo...
  25. Re:Better List of Mirrors on Red Hat 8.0 Released · · Score: 2
    I've been running NULL for a couple of weeks.

    Remembered this morning the 8.0 release was today, and did a quick peek online, before deciding that trying to FTP new .iso images would be a time-wasting exercise in frustration - especially in the midst of studies.

    I made a jump over to rpmfind.net, to look for an apt-get package, and try my luck this way.

    BINGO!

    The first hit is a new package, dated yesterday, from FreshRPMs.net.

    apt-0.5.4cnc7-fr1

    RPM for i386 This includes an /etc/apt/sources.list file for RedHat 8.0.

    More on this HERE...