I know this is inevitable and a nifty advancement, but it creeps me out. It's bad enough to have low-resolution cameras that can point in your general direction and maybe zoom in if they want to be extra nosy; now they'll have ultra high-resolution cameras with a 120 degree field of view that can identify you two blocks away.
They already have cameras that can identify which brand of cigarette you're smoking from 80 miles away. Look up sometime. The problem isn't that the government has this technology, the problem is what they do with it.
I have to question the accuracy of this submission; If they're directed to YouTube and that is the source of the drive-by infection, then that means that everyone who uses YouTube globally would be vulnerable to this, not just Syrian dissidents. It would also require the cooperation of Google; Which in turn means this is tandamount to an admission that the US government is helping Syria track down it's political dissidents. Historically, we have invested a lot of intelligence resources to help those dissidents destabilize that government. It seems unlikely we'd reverse that trend now.
So it is more likely that either the Syrian government is hijacking requests destined for YouTube to its own servers via one of a dozen or so possible attack vectors (BGP poisoning, man in the middle attack, etc.), or the site is a lookalike that isn't YouTube.
Seriously? I'm not here to defend Bush or Obama or....well...the U.S. government in general. But calling the events of September 11th "our sand castles getting kicked over" is just infuriating. Three thousand innocent people were murdered. You can debate whether it was all the fault of U.S. foreign policy or religion or whatever. But please don't equate the death of 3,000 innocents to a bully kicking over a sand castle.
Spare me your moral indignation. Five times that number are killed yearly by drunk drivers. More than that die in workplace accidents. They kicked over a sand castle. Get over yourself.
Oh, and the reason you're not curb stomping Iran is because you can't. It took 10 years to make Iraq into something manageable, with Iraq being a far less prepared and formidable enemy than Iran.
Well, I personally can't crush a small country by myself. I'm not a CEO. However, the United States has nukes. Push one button, and there's a big crater where that country used to be. So no, it doesn't take 10 years to do it... it takes 10 years to do it without killing millions of innocents.
I mean seriously? Who else besides the Israelis a) hate Iran and b) have the technical chops to do it?
Believe it or not, we're not the most technologically sophisticated country. China has more honor students than we have students. Most of Europe has a more developed telecommunications infrastructure than we do; internet, mobile phones, cable tv, you name it. We are not number 1.
As to who else hates Iran and has the capability to do something about it... it should be pointed out we don't hate Iran. We hate any country who tries to acquire nuclear weapons. Something the size of a suitcase can destroy a major city... it's why we worked so damn hard with the Russians to disarm as many of them as we could. Not every country will play nice: Some of them will do whatever it takes to beat their enemies, even if that means killing themselves in the process. Unfortunately, all the countries currently working on making nuclear weapons fall into that category, including Iran.
The only reason we're fucking around with 'cyber' warfare instead of curb stomping them is it's an election year and our economy is in ruins thanks to fighting two unnecessary wars based on our President deciding to finish what his daddy started rather than leave well enough alone, and our country having a momentary fit of stupidity where we had to kill everyone and everything wearing a funny hat because a couple of our sand castles got kicked over by a bully.
However I would like to take this further. Humans tend to be irrational. Humans tend to be selfish evil creatures. Our natural tendencies imply that we must try harder to overcome them. Because we tend to fall into irrationality, we must fight to be rational. Because we tend to be selfish and shallow means that we must try our best to nurture "the better angels in our nature". We will never "win" this battle.
You just fell into a nasty logic trap. It has nothing to do with human nature per se, and everything to do with selective evolutionary pressures. I can fix the problem -- Just stop allowing women to have sex with men who display anti-social qualities and the problem will sort itself out within a couple generations. The reason we have all those issues is because 'society' (ie, women) reward men who engage in antisocial behaviors with reproductive success. See also: "The Bad Boy appeal".
(Not that I would support this position from a moral standpoint, I'm merely pointing out that the cause cannot be won because of a moral, rather than natural, barrier)
"We are being asked to continue to let these companies violate the law without being punished or prosecuted. We are being asked to change our morality and principals to match what I think are immoral and unethical business models.'"
Er, they changed the law. What they do is legal. If you think legality should follow morality, you should probably move to another country not run by the Ferrengi.
Er, they changed the law. What they do is legal. If you think legality should follow morality, you should probably move to another country not run by the Ferrengi.
"Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."
Yeah, because it's terribly difficult to see the finger smear left on the display after the unlock code is entered.... o_o Hmm, it looks like a backwards Z! Actually, in studies of it, they've discovered people tend to make geometric shapes or reversed alphabet characters as their unlock code... There's a fairly good chance that if you try the top 20, you'll unlock the phone. So there's that too...
The commander in chief of the most powerful army, navy, and air force in the world has a list of people he wants dead? STOP THE PRESSES! Targeting specific people is not news... it's war. People die when they're killed. Derp.
No, actually, they want both. They just realize that actual control allows them to start charging for it.
The power to tax is the power to destroy... true dat. Well, I'd probably be looking for an alternative tax base if I was the UN too... they're pretty much international beggars and can only do what their member states are willing to fund... which means it's basically a corporation with supranational powers, and every meetup is really just a shareholders' meeting; Those with the most gold direct the company.
I view this as a thinly-veiled attempt to make slanderous and libelous comments towards me, president and CEO of Long Slashdot Posts Inc. By implying that people who have elevated themselves to high positions have merely risen to their own level of incompetence, and then stating that I overestimate my own abilities, you CLEARLY and WITH MALICE have decided to slander myself, a proud and noble member of self-important citizentry.
I demand 250,000 shillings ØÙÙ (Somali currency) per infraction, payable immediately!*
Never put sensitive data on a computer connected to the internet, unless it absolutely must be there.
o_O Not very realistic when we live in an "always on / always connected" world. Everything is merging into the network and stand alone devices are a minority.
Never keep sensitive data that you don't need, overwrite it, then delete.
Also, you should burn all the clothes you haven't worn in over a week (you obviously don't need that many clothes), not have a junk drawer, and while you're at it, delete any data on your system with an access time older than 3 months. Also, delete sarcasm.sys...
Never put confidential data into any computer system, networked or not. If you must, do so only if it's encrypted and secured by strong authentication at all times.
Confidential, defined: Everything that isn't out on the curb with a big sign that says "Free" on it. Also, you should stop using the internet since most of it isn't secured and uses strong authentication... there's never a reason to use plain-text data exchanges. I mean, I don't even leave the house without my PGP key, and when I hangout with my friends, we use finger signs that are one-way encrypted... because otherwise someone might understand us and that would be bad.
Use all practical forms of security, firewalls, strong authentication, multiple networks with isolation, IDS, AV/anti-malware, no running as Admin/root, separate accounts for every user with appropriate access restrictions, including separate accounts for any services running on your servers, whole disk encryption, etc.
Basically, throw everything you can at the problem and hope something stops the attacker, and if you frustrate everyone who has to use the system because it requires 30 character long passwords rotated every 15 minutes, 9 levels of encryption, and a sample of hair, blood, finger print scan, iris scan, and ass cheek measurements... it might not be secure enough to protect grandma's secret goolash recipe.
The first 3 are what I call the "Mr Miyagi" approach, "Best defense, no be there." Item 4 is what most companies focus on, but it's not nearly as useful if you haven't used 1-3.
I take a somewhat simpler approach to security: Build it so that breaking it costs more than the value of what you're protecting. There is no perfect security. All of it can be hacked. Your only responsibility, professionally, ethically, morally, is to make it cost them as much or more to break through than whatever is being guarded. Criminals are just as rational as anyone else: They go for the low hanging fruit, the most gain for the least effort. I call it the "Mr. Bear Grylls" approach, 'You only have to run faster than the guy next to you when escaping a lion."
You know celebrity marriages never last. What are we going to call the bastard child offspring of this unholy union? Erla Flow? No... sounds like a personal problem. Lang Open? No... that won't do either.
Screw it, let's just call it "Forever In Beta", since most parents name their children based on their hope for their future. -_-
This is ridiculous, I use to do risk assessments and anti-terrorism work in the aviation sector protecting airport assets and I see no practical reason for listening in on conversations.
The logic is straightforward; Threats aren't often detected until after some damage has been caused. Without such a drag net, you have no visibility into what was going on prior to the time the threat is identified.
For example, let's say you have a suicide bombing. You'll have the forensics (how and what went boom), and probably some surveillance footage of the area up until the moment of detonation. Now since the guy has been rendered into human hamburger, he can't tell you anything about his motivations, if he had friends, if he was part of an organized cell, if he planted bombs elsewhere, etc. It's a lot of work to piece this together, and it takes time. All intelligence loses value over time, some much more dramatically than others; If you already have all the evidence collected and tagged (digitally), it can dramatically close that gap and thus improves accuracy and responsiveness from both an investigative and intelligence perspective.
I have no doubt that having a massive surveillance network which accurately records everything an individual does, says, who they interact with, etc., in concert with complex statistical analysis, genetic algorithms, guided by human training and experience would vastly improve homeland security and the overall effectiveness of law enforcement assets. But that may not be sufficient justification. Such pervasive surveillance may improve public safety, but it may very well destroy the very things we're trying to protect: Personal liberty.
They're in a pre-evacuation phase. Smoke on the horizon and all that. Not to worry, the local sheriff department will kick people out long before there is a problem. They've done this before. Like every year in the past decade.
I'm aware. However, that's no excuse for waiting until the knock on the door before considering your data recovery options. If you're going to make an effort at protecting your data, don't half-ass it.
If someone is actively hacking you then hacking them back isn't a crime (or it shouldn't be) its just self defense. And if you have to hire some firm to do it I don't see how it is any different than hiring armed security guards or private detectives.
Real world thinking doesn't apply here. In the real world, if someone attacks you, you can beat them up and claim self-defense because you know it was them. In the digital world, very likely the person you are targeting is innocent. If a computer DDoS' your network, you don't DDoS them back, you block that IP address -- because criminals don't use their own computers to conduct attacks, and neither do they sign every packet with their name, address, and phone number. So when you unload on who you think is attacking you, then (by your own logic) they have every right to retaliate against you! At that point you've created the digital equivalent of a bar room brawl, but with weapons of mass destruction. And with every response by either party comes the increased risk of drawing another person into the conflict.
If everyone, or even a substantial minority, follows this logic it leads to the internet becoming lawless war zone where business simply cannot be conducted anymore because the network's reliability has been shot to hell. And let me be clear: You're not above screwing up. Even major name security researchers from businesses that specialize in this routinely get the names of the people involved wrong. Often. Open wifi, proxies, bot nets, the number of ways you can appear to be someone other than yourself is dizzying. Hell, I'm posting this through Tor... good luck even finding out who I am. Criminals have access to much better security than that... what do you think the odds are of figuring out who they are if you can't even figure out who I am when I'm making no special effort to hide my real identity?
The "best" way to evacuate a data center is to already have off-site back-up for your data in place, drop a fresh copy to portable media, and walk out. The hardware should be insured. The life of your and your people (at least some of whom should probably be helping their families evacuate) are far more valuable than a few months of making your insurer pay for rented hardware until your new machines show up.
Well, it's obvious the poster here was handed the job of preparing a disaster recovery plan and has no professional experience doing so... probably was given the assignment by his manager who had no idea the complexities of the task. If the OP is in that position, then it's also likely they won't see any benefit to offsite backup, or they'll blunder by putting the offsite backups in the boss' house which is three miles downwind... assuming he can even convince them to budget for it.
In that case, I'd say buy some quick-disconnect drive enclosures (the kind where you lift a lever and a harddrive is now dangling in your hand), write a formal letter of protest outlining exactly why you're not responsible for the company being wiped out, what mitigation steps you'd recommend with a proper budget, and keep a copy in a safety deposit box or some 'cloud' service far, far away from you... because yeah. -_-
Story time! I worked for a Fortune 500 company that connected consumer-grade 300watt rated UPS to racks of equipment... they were unaware of the risk of fire until I explained to them that with 2,000+ store locations and about 50 distribution centers, and 3 corporate headquarters, while the odds of any one of them failing catastrophically due to current overload was low, each one of those buildings experiences a 'power loss event' an average of a dozen times a year... so it became very likely that they would fail and cause a fire, which wouldn't be covered by insurance. Management tried to ignore it, but somehow (wink, wink) legal found out about it, and forced the Board to fix the problem post-haste to avert having to pay 50 million plus to rebuild the burned out husk of a store after the fire chief finds the flash point was a piece of equipment that was massively under-rated for the job.
Disaster planning requires a good understanding of probabilities and statistics. That understanding is surprisingly rare in the business world, despite what most people think.
Pack what's critical first. Servers. Critical networking gear. Workstations. Ignore the phones, printers and wireless gear unless you've got extra time. And good luck.
Quick-disconnect hard drives. Everything else can be replaced by insurance, but your data can't. With what you've got listed above, I could hike out with your company in my backpack. The other thing is, consider the health and safety in your disaster recovery plan -- you should not expect, nor ask, your employees to stay until the last possible moment packing in equipment. Equipment can be replaced... lives cannot. Nobody should ever risk their life for an inanimate object in a business environment.
The other thing is, you should have a disaster recovery plan that includes regular backups to an offsite facility. Any disaster plan should be able to cope with "and then a giant foot appeared above the building and squished it flat." Yours should be no different. It might not be a wild fire that threatens your servers... it could be a UPS that shorts out, or a tornado, flood, a failed fire suppression unit, or simple human incompetence (Yes, I've seen stupidity kill buildings).
Any plan that relies on people staying in danger to save your business unethical, immoral, and probably illegal. So save what you can reasonably and without risk take, in descending order of importance... but recognize that there may be situations in which the only solution is to exit the building at a dead run and not look back.
Silk Road? Bath Salts? Snail mail would also become an attractive method of communication amongst bad guys if the internet surveillance bill goes through (and it probably will).
Well, mail service only verifies the delivery address, and if that fails, attempts to verify and return it to the source address. My point was that establishing a source/destination registry is not reliable like it is within a packet-switched network. The entire message is contained within a single packet, and there is no handshake or anything else in the exchange to verify the source. So the only part of the registry of high reliablity would be the destination and the size/weight of the package.
And even that's easy enough for a criminal to forge; You don't have to deliver stolen goods to your address. Any address will do for a drop shipment. So this bill is really only for the surveillance of average people, who are probably not criminals, but who might need to become criminals if they became, say, politically active.
Potential Terrorist 391,496, mail log:
Received junk mail from Direct Marketing Alliance.
Received junk mail from Insurance company
Received junk mail from Direct Marketing Alliance.
Received junk mail from "V14GR4 4 U"
Received junk mail from Derp's Amazing Electronics.
Received copy of Harry Potter 4 via Netflix.
...
Well, on one hand, a warrant should be needed for any kind of surveillance. Monitoring activity pre-warrant shouldn't be legal. That said... snail mail is dying. It's mostly just junk mail, bills, and packages ordered online. I can't see how this would have much intelligence value.... Especially since, at least in the US, if you simply reverse the sender and receiver and leave off the stamp, it'll happily go to its destination as long as it's in the same geographic area. Oh wait... was that helping the terrorists? My bad.
Slashdot Mirror
I know this is inevitable and a nifty advancement, but it creeps me out. It's bad enough to have low-resolution cameras that can point in your general direction and maybe zoom in if they want to be extra nosy; now they'll have ultra high-resolution cameras with a 120 degree field of view that can identify you two blocks away.
They already have cameras that can identify which brand of cigarette you're smoking from 80 miles away. Look up sometime. The problem isn't that the government has this technology, the problem is what they do with it.
So it is more likely that either the Syrian government is hijacking requests destined for YouTube to its own servers via one of a dozen or so possible attack vectors (BGP poisoning, man in the middle attack, etc.), or the site is a lookalike that isn't YouTube.
So, which is it?
.....Roseanne Barr beaver shot at an exquisite level of detail is technically possible!
Just because a thing is possible doesn't mean it should be done. Also, eeeeeeeeeeewww.....
Seriously? I'm not here to defend Bush or Obama or....well...the U.S. government in general. But calling the events of September 11th "our sand castles getting kicked over" is just infuriating. Three thousand innocent people were murdered. You can debate whether it was all the fault of U.S. foreign policy or religion or whatever. But please don't equate the death of 3,000 innocents to a bully kicking over a sand castle.
Spare me your moral indignation. Five times that number are killed yearly by drunk drivers. More than that die in workplace accidents. They kicked over a sand castle. Get over yourself.
Oh, and the reason you're not curb stomping Iran is because you can't. It took 10 years to make Iraq into something manageable, with Iraq being a far less prepared and formidable enemy than Iran.
Well, I personally can't crush a small country by myself. I'm not a CEO. However, the United States has nukes. Push one button, and there's a big crater where that country used to be. So no, it doesn't take 10 years to do it... it takes 10 years to do it without killing millions of innocents.
I mean seriously? Who else besides the Israelis a) hate Iran and b) have the technical chops to do it?
Believe it or not, we're not the most technologically sophisticated country. China has more honor students than we have students. Most of Europe has a more developed telecommunications infrastructure than we do; internet, mobile phones, cable tv, you name it. We are not number 1.
As to who else hates Iran and has the capability to do something about it... it should be pointed out we don't hate Iran. We hate any country who tries to acquire nuclear weapons. Something the size of a suitcase can destroy a major city... it's why we worked so damn hard with the Russians to disarm as many of them as we could. Not every country will play nice: Some of them will do whatever it takes to beat their enemies, even if that means killing themselves in the process. Unfortunately, all the countries currently working on making nuclear weapons fall into that category, including Iran.
The only reason we're fucking around with 'cyber' warfare instead of curb stomping them is it's an election year and our economy is in ruins thanks to fighting two unnecessary wars based on our President deciding to finish what his daddy started rather than leave well enough alone, and our country having a momentary fit of stupidity where we had to kill everyone and everything wearing a funny hat because a couple of our sand castles got kicked over by a bully.
However I would like to take this further. Humans tend to be irrational. Humans tend to be selfish evil creatures. Our natural tendencies imply that we must try harder to overcome them. Because we tend to fall into irrationality, we must fight to be rational. Because we tend to be selfish and shallow means that we must try our best to nurture "the better angels in our nature". We will never "win" this battle.
You just fell into a nasty logic trap. It has nothing to do with human nature per se, and everything to do with selective evolutionary pressures. I can fix the problem -- Just stop allowing women to have sex with men who display anti-social qualities and the problem will sort itself out within a couple generations. The reason we have all those issues is because 'society' (ie, women) reward men who engage in antisocial behaviors with reproductive success. See also: "The Bad Boy appeal".
(Not that I would support this position from a moral standpoint, I'm merely pointing out that the cause cannot be won because of a moral, rather than natural, barrier)
"We are being asked to continue to let these companies violate the law without being punished or prosecuted. We are being asked to change our morality and principals to match what I think are immoral and unethical business models.'"
Er, they changed the law. What they do is legal. If you think legality should follow morality, you should probably move to another country not run by the Ferrengi.
Er, they changed the law. What they do is legal. If you think legality should follow morality, you should probably move to another country not run by the Ferrengi.
"Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."
Yeah, because it's terribly difficult to see the finger smear left on the display after the unlock code is entered.... o_o Hmm, it looks like a backwards Z! Actually, in studies of it, they've discovered people tend to make geometric shapes or reversed alphabet characters as their unlock code... There's a fairly good chance that if you try the top 20, you'll unlock the phone. So there's that too...
The commander in chief of the most powerful army, navy, and air force in the world has a list of people he wants dead? STOP THE PRESSES! Targeting specific people is not news... it's war. People die when they're killed. Derp.
No, actually, they want both. They just realize that actual control allows them to start charging for it.
The power to tax is the power to destroy... true dat. Well, I'd probably be looking for an alternative tax base if I was the UN too... they're pretty much international beggars and can only do what their member states are willing to fund... which means it's basically a corporation with supranational powers, and every meetup is really just a shareholders' meeting; Those with the most gold direct the company.
Not that I would ever nitpick on /.
I view this as a thinly-veiled attempt to make slanderous and libelous comments towards me, president and CEO of Long Slashdot Posts Inc. By implying that people who have elevated themselves to high positions have merely risen to their own level of incompetence, and then stating that I overestimate my own abilities, you CLEARLY and WITH MALICE have decided to slander myself, a proud and noble member of self-important citizentry.
I demand 250,000 shillings ØÙÙ (Somali currency) per infraction, payable immediately!*
That would result in new fees to local governments and less access to traffic from U.S. "originating" companies such as Google, Facebook and Apple.
Ah, the truth wins out. They don't want to control the internet... they just want to tax the hell out of it.
Never put sensitive data on a computer connected to the internet, unless it absolutely must be there.
o_O Not very realistic when we live in an "always on / always connected" world. Everything is merging into the network and stand alone devices are a minority.
Never keep sensitive data that you don't need, overwrite it, then delete.
Also, you should burn all the clothes you haven't worn in over a week (you obviously don't need that many clothes), not have a junk drawer, and while you're at it, delete any data on your system with an access time older than 3 months. Also, delete sarcasm.sys ...
Never put confidential data into any computer system, networked or not. If you must, do so only if it's encrypted and secured by strong authentication at all times.
Confidential, defined: Everything that isn't out on the curb with a big sign that says "Free" on it. Also, you should stop using the internet since most of it isn't secured and uses strong authentication... there's never a reason to use plain-text data exchanges. I mean, I don't even leave the house without my PGP key, and when I hangout with my friends, we use finger signs that are one-way encrypted... because otherwise someone might understand us and that would be bad.
Use all practical forms of security, firewalls, strong authentication, multiple networks with isolation, IDS, AV/anti-malware, no running as Admin/root, separate accounts for every user with appropriate access restrictions, including separate accounts for any services running on your servers, whole disk encryption, etc.
Basically, throw everything you can at the problem and hope something stops the attacker, and if you frustrate everyone who has to use the system because it requires 30 character long passwords rotated every 15 minutes, 9 levels of encryption, and a sample of hair, blood, finger print scan, iris scan, and ass cheek measurements... it might not be secure enough to protect grandma's secret goolash recipe.
The first 3 are what I call the "Mr Miyagi" approach, "Best defense, no be there." Item 4 is what most companies focus on, but it's not nearly as useful if you haven't used 1-3.
I take a somewhat simpler approach to security: Build it so that breaking it costs more than the value of what you're protecting. There is no perfect security. All of it can be hacked. Your only responsibility, professionally, ethically, morally, is to make it cost them as much or more to break through than whatever is being guarded. Criminals are just as rational as anyone else: They go for the low hanging fruit, the most gain for the least effort. I call it the "Mr. Bear Grylls" approach, 'You only have to run faster than the guy next to you when escaping a lion."
You know celebrity marriages never last. What are we going to call the bastard child offspring of this unholy union? Erla Flow? No... sounds like a personal problem. Lang Open? No... that won't do either.
Screw it, let's just call it "Forever In Beta", since most parents name their children based on their hope for their future. -_-
This is ridiculous, I use to do risk assessments and anti-terrorism work in the aviation sector protecting airport assets and I see no practical reason for listening in on conversations.
The logic is straightforward; Threats aren't often detected until after some damage has been caused. Without such a drag net, you have no visibility into what was going on prior to the time the threat is identified.
For example, let's say you have a suicide bombing. You'll have the forensics (how and what went boom), and probably some surveillance footage of the area up until the moment of detonation. Now since the guy has been rendered into human hamburger, he can't tell you anything about his motivations, if he had friends, if he was part of an organized cell, if he planted bombs elsewhere, etc. It's a lot of work to piece this together, and it takes time. All intelligence loses value over time, some much more dramatically than others; If you already have all the evidence collected and tagged (digitally), it can dramatically close that gap and thus improves accuracy and responsiveness from both an investigative and intelligence perspective.
I have no doubt that having a massive surveillance network which accurately records everything an individual does, says, who they interact with, etc., in concert with complex statistical analysis, genetic algorithms, guided by human training and experience would vastly improve homeland security and the overall effectiveness of law enforcement assets. But that may not be sufficient justification. Such pervasive surveillance may improve public safety, but it may very well destroy the very things we're trying to protect: Personal liberty.
They're in a pre-evacuation phase. Smoke on the horizon and all that. Not to worry, the local sheriff department will kick people out long before there is a problem. They've done this before. Like every year in the past decade.
I'm aware. However, that's no excuse for waiting until the knock on the door before considering your data recovery options. If you're going to make an effort at protecting your data, don't half-ass it.
If someone is actively hacking you then hacking them back isn't a crime (or it shouldn't be) its just self defense. And if you have to hire some firm to do it I don't see how it is any different than hiring armed security guards or private detectives.
Real world thinking doesn't apply here. In the real world, if someone attacks you, you can beat them up and claim self-defense because you know it was them. In the digital world, very likely the person you are targeting is innocent. If a computer DDoS' your network, you don't DDoS them back, you block that IP address -- because criminals don't use their own computers to conduct attacks, and neither do they sign every packet with their name, address, and phone number. So when you unload on who you think is attacking you, then (by your own logic) they have every right to retaliate against you! At that point you've created the digital equivalent of a bar room brawl, but with weapons of mass destruction. And with every response by either party comes the increased risk of drawing another person into the conflict.
If everyone, or even a substantial minority, follows this logic it leads to the internet becoming lawless war zone where business simply cannot be conducted anymore because the network's reliability has been shot to hell. And let me be clear: You're not above screwing up. Even major name security researchers from businesses that specialize in this routinely get the names of the people involved wrong. Often. Open wifi, proxies, bot nets, the number of ways you can appear to be someone other than yourself is dizzying. Hell, I'm posting this through Tor... good luck even finding out who I am. Criminals have access to much better security than that... what do you think the odds are of figuring out who they are if you can't even figure out who I am when I'm making no special effort to hide my real identity?
If you've been involved in such an action, how did it work out for you?
I have, and let me tell you, it was... hey, hold that thought for just a second, someone's knocking at the door...
The "best" way to evacuate a data center is to already have off-site back-up for your data in place, drop a fresh copy to portable media, and walk out. The hardware should be insured. The life of your and your people (at least some of whom should probably be helping their families evacuate) are far more valuable than a few months of making your insurer pay for rented hardware until your new machines show up.
Well, it's obvious the poster here was handed the job of preparing a disaster recovery plan and has no professional experience doing so... probably was given the assignment by his manager who had no idea the complexities of the task. If the OP is in that position, then it's also likely they won't see any benefit to offsite backup, or they'll blunder by putting the offsite backups in the boss' house which is three miles downwind... assuming he can even convince them to budget for it.
In that case, I'd say buy some quick-disconnect drive enclosures (the kind where you lift a lever and a harddrive is now dangling in your hand), write a formal letter of protest outlining exactly why you're not responsible for the company being wiped out, what mitigation steps you'd recommend with a proper budget, and keep a copy in a safety deposit box or some 'cloud' service far, far away from you... because yeah. -_-
Story time! I worked for a Fortune 500 company that connected consumer-grade 300watt rated UPS to racks of equipment... they were unaware of the risk of fire until I explained to them that with 2,000+ store locations and about 50 distribution centers, and 3 corporate headquarters, while the odds of any one of them failing catastrophically due to current overload was low, each one of those buildings experiences a 'power loss event' an average of a dozen times a year... so it became very likely that they would fail and cause a fire, which wouldn't be covered by insurance. Management tried to ignore it, but somehow (wink, wink) legal found out about it, and forced the Board to fix the problem post-haste to avert having to pay 50 million plus to rebuild the burned out husk of a store after the fire chief finds the flash point was a piece of equipment that was massively under-rated for the job.
Disaster planning requires a good understanding of probabilities and statistics. That understanding is surprisingly rare in the business world, despite what most people think.
Pack what's critical first. Servers. Critical networking gear. Workstations. Ignore the phones, printers and wireless gear unless you've got extra time. And good luck.
Quick-disconnect hard drives. Everything else can be replaced by insurance, but your data can't. With what you've got listed above, I could hike out with your company in my backpack. The other thing is, consider the health and safety in your disaster recovery plan -- you should not expect, nor ask, your employees to stay until the last possible moment packing in equipment. Equipment can be replaced... lives cannot. Nobody should ever risk their life for an inanimate object in a business environment.
The other thing is, you should have a disaster recovery plan that includes regular backups to an offsite facility. Any disaster plan should be able to cope with "and then a giant foot appeared above the building and squished it flat." Yours should be no different. It might not be a wild fire that threatens your servers... it could be a UPS that shorts out, or a tornado, flood, a failed fire suppression unit, or simple human incompetence (Yes, I've seen stupidity kill buildings).
Any plan that relies on people staying in danger to save your business unethical, immoral, and probably illegal. So save what you can reasonably and without risk take, in descending order of importance... but recognize that there may be situations in which the only solution is to exit the building at a dead run and not look back.
Silk Road? Bath Salts? Snail mail would also become an attractive method of communication amongst bad guys if the internet surveillance bill goes through (and it probably will).
Well, mail service only verifies the delivery address, and if that fails, attempts to verify and return it to the source address. My point was that establishing a source/destination registry is not reliable like it is within a packet-switched network. The entire message is contained within a single packet, and there is no handshake or anything else in the exchange to verify the source. So the only part of the registry of high reliablity would be the destination and the size/weight of the package.
And even that's easy enough for a criminal to forge; You don't have to deliver stolen goods to your address. Any address will do for a drop shipment. So this bill is really only for the surveillance of average people, who are probably not criminals, but who might need to become criminals if they became, say, politically active.
Potential Terrorist 391,496, mail log:
Received junk mail from Direct Marketing Alliance.
Received junk mail from Insurance company
Received junk mail from Direct Marketing Alliance.
Received junk mail from "V14GR4 4 U"
Received junk mail from Derp's Amazing Electronics.
Received copy of Harry Potter 4 via Netflix.
...
Well, on one hand, a warrant should be needed for any kind of surveillance. Monitoring activity pre-warrant shouldn't be legal. That said... snail mail is dying. It's mostly just junk mail, bills, and packages ordered online. I can't see how this would have much intelligence value.... Especially since, at least in the US, if you simply reverse the sender and receiver and leave off the stamp, it'll happily go to its destination as long as it's in the same geographic area. Oh wait... was that helping the terrorists? My bad.
"and then give it post-facto legitimacy after the fact." Yeh, that's the best kind of post-facto legitimacy. :)
Well, not everyone knows what post-facto means! I just wanted to be extra clear. :( Slashdot isn't what it used to be.