As an adult with ADD, my experience is the direct opposite: when off the meds, my head is full of random, repetitive thoughts (niggercod, niggercod, niggercod, niggercod, GAAAAAH! o_O). When on the meds, I can actually *think clearly*, and it's much easier to take in information. Being the mental equivalent of a blithering, tentacled chaos-spawn isn't really conductive to actually doing or really thinking anything at all.
I don't care about what the law says - putting someone into financial ruin for such a petty crime is clearly horrendously evil. Nitpicking only serves to obfuscate the basic injustice of it. The law (your law, I don't live in the US) is corrupt.
There was this thing I read a few years ago, and never seemed to be mentioned again, that the TPB operators found that someone had logged into the TPB admin system - from an IP range assigned to the FRA (Swedish signals and computer espionage unit). It was quite surreal, because I also seem to remember the FRA specifically denying that anyone there was an OP at TPB. Or maybe I dreamt the whole thing?
Still childish. There's that weird, unmentionable power component that seems to come into play for computer geeks/nerds whenever hacking/cracking comes into view. Makes people act like idiots becuase they feel threathened. Also, penetrating a system gives you a high like you wouldn't believe - the hacker could have been acting irrationally because of this euphoria. Some people become addicted to this.
I tried to put in something like this into a little "analog-sim" notebook python program I wrote (and use), because I really wanted to use an ordinary notebook but my fine-motor skills preclude that. I couldn't figure out a way to do it efficiently in python without porting to OpenGL (nope, can't draw either). I've tried to find an existing app that does what I want (simulating the "look and feel" of a physical notebook), but it doesn't really seem to exist even though you'd think it would. Anyone have any suggestions?
An encrypted VPN secured with a key, that key itself only existing on the physically secure terminals used to access the systems and the internet-facing routers should be virtually as secure as an encrypted dedicated line. As long as the VPN software isn't faulty in some way, but it'd probably be secure enough. It might even be more secure, because if you've got a dedicated line and a stolen key you just need to tap into a point somewhere along the wire - unlike a VPN, where inbound and outbound traffic might follow different routes (a network engineer/architecht could perhaps kindly fill me in on the probability and topology of this). Or are you suggesting quantum-encrypted single-photon lines to every power plant in the US?
From the article text, it sounds like this means deploying "normal" IDS systems on a per-network basis. "Not persistently monitor the whole system" probably serves to clarify that it won't log, capture or analyze all data; an IDS triggers when it detects something that it's rules/signatures match, much like an antivirus sans emulation/sandboxing unpacking and behaviour monitoring . "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security" sounds like they're forcing them to comply to inspection or testing. Also, they might have wanted to pick a less dr-strangeglove-sounding name. But maybe the NSA geeks have a sense of humour too?
Yeah, maybe. I'm not a US national, but I think that they're ovbiously still in the phase where they're trying to gather the expertise to know what in the hell they're doing - like a 14-year old kid asking people "how to hack." This is a neccessary phase, because they probably don't/didn't even know where to look; the security scene can be confusing.
Most people live in the world of senses, not the gulfs between the stars or in the mathematical models we've scrounged together to explain the eldritch abomination we call "reality". Rewrite it as "The difference is so infinitesmal that it's amazing we've come so far as to care about it." Happy?
When your GPU hardware is lacking, emulation only goes so far, no matter what your processor speed is. You can concieve that someome can be born without an arm or a leg, but not with a crippled/rearranged brain such that intellect is preserved, but a lot of other things is missing or subtly warped?
Yes, I was taking all those things into account under the subject of "blackmail". None of what you listed would be blackmail material for me, not under normal circumstances anyway (if the boss in question is extremely well-connected, or might actually try to extract tangible revenge at me for example). As I see it, showing professionalism in the face of things most people would balk at would make me more in demand, not less. I'm not a shameless sociopath by any stretch, nor am I trying to be an internet tough guy - it's just the way I weigh things.
In what way would mere "drunk photos" be a threat to my job security? And, if something was a direct threat to my job security why on earth would I put it on facebook? The greater risk would be that "friends" uploaded embarrasing photos, but it would take something like me dual-swilling crack and vodka while fucking a pig for it to affect me so much as to be blackmail material. Lastly, do you really think that I would be so inane as to use passwords that could be reasonably predicted from knowing such things? Even more lastly, how do you know that I don't use subtly false information on social networks in order to both defend and keep track of if someone tries to use that information against me in an attack?
Yep, this is how it is. Stupidity and ego does not suddenly cease at some magical level of competence. However, your premise that what you have seen is where the ceiling of cracking skills and techniques lie is false. It's just that most people don't bother going above a certain level, since that level of skill gets them what they want - as with your story about the NT4 tool. It's also true that many very advanced techniques are over a decade old, and are hailed as new, as with other things in computing. Lastly, it's most definetly true that this knowledge isn't presented in any coherent form. If you want some food for thought, scour phrack and packetstormsecurity.org, don't stop if you're faced with stupidity (bring a shovel and just ignore the crap) and you will be rewarded. *enters a menacing pose and strokes his invisible goatee*
If you didn't have the competence in-house, why didn't you hire consultants to help you? Or where you limited in doing so by the security requirements for selling to the US gov?
Or "bob", who got the skillset because he thought breaking into computers was the most fun, ego-boosting and intellectually stimulating activity he could imagine. Fact is, the skills neccessary to find exploits are not that hard to aquire compared to some other things people do for fun. That doesn't mean that it's not hard, in the same way that mathematics is hard, but people do advanced mathematics for fun too.
On the other hand "fix this within 30 days or we drop the bomb" is basically a threat, yes? It's a morally valid threat, if you follow the philosophy that security would stagnate without security researchers providing a steady stream of benign poison to harden the "common pool" of software and security practices. But from the developer company's self-interested view, it certainly is a direct threat.
Slashdot Mirror
As an adult with ADD, my experience is the direct opposite: when off the meds, my head is full of random, repetitive thoughts (niggercod, niggercod, niggercod, niggercod, GAAAAAH! o_O). When on the meds, I can actually *think clearly*, and it's much easier to take in information. Being the mental equivalent of a blithering, tentacled chaos-spawn isn't really conductive to actually doing or really thinking anything at all.
I don't care about what the law says - putting someone into financial ruin for such a petty crime is clearly horrendously evil. Nitpicking only serves to obfuscate the basic injustice of it. The law (your law, I don't live in the US) is corrupt.
There was this thing I read a few years ago, and never seemed to be mentioned again, that the TPB operators found that someone had logged into the TPB admin system - from an IP range assigned to the FRA (Swedish signals and computer espionage unit). It was quite surreal, because I also seem to remember the FRA specifically denying that anyone there was an OP at TPB. Or maybe I dreamt the whole thing?
Still childish. There's that weird, unmentionable power component that seems to come into play for computer geeks/nerds whenever hacking/cracking comes into view. Makes people act like idiots becuase they feel threathened. Also, penetrating a system gives you a high like you wouldn't believe - the hacker could have been acting irrationally because of this euphoria. Some people become addicted to this.
I tried to put in something like this into a little "analog-sim" notebook python program I wrote (and use), because I really wanted to use an ordinary notebook but my fine-motor skills preclude that. I couldn't figure out a way to do it efficiently in python without porting to OpenGL (nope, can't draw either). I've tried to find an existing app that does what I want (simulating the "look and feel" of a physical notebook), but it doesn't really seem to exist even though you'd think it would. Anyone have any suggestions?
A ga maeba, kuwashime yoini keri
A ga maeba, teru tsuki toyomu nari
Yobai ni kami amakudarite,
Yoha ake, nuedori naku,
Tookamiemitame
That you are correct in, of course.
It was just a website hack into a low-security-data backend database. It's not like someone actually subverted any of their products.
If a sensor goes offline, it'd ovbiously be treated as an attack, depending on if it looks like an outage further away from the network edge.
An encrypted VPN secured with a key, that key itself only existing on the physically secure terminals used to access the systems and the internet-facing routers should be virtually as secure as an encrypted dedicated line. As long as the VPN software isn't faulty in some way, but it'd probably be secure enough. It might even be more secure, because if you've got a dedicated line and a stolen key you just need to tap into a point somewhere along the wire - unlike a VPN, where inbound and outbound traffic might follow different routes (a network engineer/architecht could perhaps kindly fill me in on the probability and topology of this). Or are you suggesting quantum-encrypted single-photon lines to every power plant in the US?
From the article text, it sounds like this means deploying "normal" IDS systems on a per-network basis. "Not persistently monitor the whole system" probably serves to clarify that it won't log, capture or analyze all data; an IDS triggers when it detects something that it's rules/signatures match, much like an antivirus sans emulation/sandboxing unpacking and behaviour monitoring . "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security" sounds like they're forcing them to comply to inspection or testing.
Also, they might have wanted to pick a less dr-strangeglove-sounding name. But maybe the NSA geeks have a sense of humour too?
Yeah, maybe. I'm not a US national, but I think that they're ovbiously still in the phase where they're trying to gather the expertise to know what in the hell they're doing - like a 14-year old kid asking people "how to hack." This is a neccessary phase, because they probably don't/didn't even know where to look; the security scene can be confusing.
Most people live in the world of senses, not the gulfs between the stars or in the mathematical models we've scrounged together to explain the eldritch abomination we call "reality". Rewrite it as "The difference is so infinitesmal that it's amazing we've come so far as to care about it." Happy?
On a related note, dyslexia has nothing to do with intelligence.
When your GPU hardware is lacking, emulation only goes so far, no matter what your processor speed is. You can concieve that someome can be born without an arm or a leg, but not with a crippled/rearranged brain such that intellect is preserved, but a lot of other things is missing or subtly warped?
Yes, I was taking all those things into account under the subject of "blackmail". None of what you listed would be blackmail material for me, not under normal circumstances anyway (if the boss in question is extremely well-connected, or might actually try to extract tangible revenge at me for example). As I see it, showing professionalism in the face of things most people would balk at would make me more in demand, not less. I'm not a shameless sociopath by any stretch, nor am I trying to be an internet tough guy - it's just the way I weigh things.
I was trying to joke. ;)
In what way would mere "drunk photos" be a threat to my job security? And, if something was a direct threat to my job security why on earth would I put it on facebook? The greater risk would be that "friends" uploaded embarrasing photos, but it would take something like me dual-swilling crack and vodka while fucking a pig for it to affect me so much as to be blackmail material. Lastly, do you really think that I would be so inane as to use passwords that could be reasonably predicted from knowing such things? Even more lastly, how do you know that I don't use subtly false information on social networks in order to both defend and keep track of if someone tries to use that information against me in an attack?
"Mom, are we there yet!?"
Chewing gum is *the* single thing I truly despise in our free societies.
Your point of view intrigues me. I wish to subscribe to your newsletter.
Yep, this is how it is. Stupidity and ego does not suddenly cease at some magical level of competence. However, your premise that what you have seen is where the ceiling of cracking skills and techniques lie is false. It's just that most people don't bother going above a certain level, since that level of skill gets them what they want - as with your story about the NT4 tool. It's also true that many very advanced techniques are over a decade old, and are hailed as new, as with other things in computing. Lastly, it's most definetly true that this knowledge isn't presented in any coherent form. If you want some food for thought, scour phrack and packetstormsecurity.org, don't stop if you're faced with stupidity (bring a shovel and just ignore the crap) and you will be rewarded.
*enters a menacing pose and strokes his invisible goatee*
If you didn't have the competence in-house, why didn't you hire consultants to help you? Or where you limited in doing so by the security requirements for selling to the US gov?
Or "bob", who got the skillset because he thought breaking into computers was the most fun, ego-boosting and intellectually stimulating activity he could imagine. Fact is, the skills neccessary to find exploits are not that hard to aquire compared to some other things people do for fun. That doesn't mean that it's not hard, in the same way that mathematics is hard, but people do advanced mathematics for fun too.
On the other hand "fix this within 30 days or we drop the bomb" is basically a threat, yes? It's a morally valid threat, if you follow the philosophy that security would stagnate without security researchers providing a steady stream of benign poison to harden the "common pool" of software and security practices. But from the developer company's self-interested view, it certainly is a direct threat.
They are only looking for them to fix the flaw, for the benefit of the public. Noone sane "demands" anything else when reporting security flaws.