"It would seem to me that this would be an argument for a national EMR database"
I totally agree.. and who scored that nonsense up 'interesting'?
"This is why a national requirement for EMR systems isn't a good idea right now. The staffers that have to take care of this (in light of recent events in Virginia) are getting hung out to dry either because they don't have the training, or the budget, or both to pull this of safely"
Look, all it takes is to implement systems that are as secure as possible and some kind of irrevocable auditing capacity, as in you notice the hacking attempt, before it succeeds...
'Hackers have reportedly infiltrated restricted computer databases at the University of California Berkeley, putting the private data of 160,000 students, alumni, and others at risk'
"As a security engineer(CISSP&CSSLP) with several years of experience in C&A and pen testing, I must say that the results aren't a surprise by any means"
Any 'security engineer' who is responsible for such a system should be fired and face criminal charges. The average ISP has better security.
'FreeBSD will happily allow someone to guess 'PASSWORD' as the login password (from TFA: "Software configuration involves setting up a software system for one's particular uses, such as changing a factory-set default password of "PASSWORD" to one less easily guessed.")'
Where does it say they were using FreeBSD
'if you store passwords as plaintext instead of hashes and secure data in plaintext, you will run into problems (TFA: "...hackers had the ability to obtain more than 40,000 FAA user IDs, passwords, and other information used to control a portion of the FAA mission-support network.")'
Where does it say they were using plaintext passwords. According to the FAA report they installed malicious codes and an administrator's password.
"
By taking advantage of FAA's interconnected networks, hackers later stole FAA's enterprise administrator's password in Oklahoma, installed malicious codes with the stolen password, and compromised FAA's domain controller in its Western Pacific Region
"
"Microsoft may not patch in a timely manner, but it doesn't matter what platform you're running if you don't apply the patches.. PHP, JSP, ASP, ASP.NET, Ruby, Perl or whatever, if you program poorly, you're going to have problems"
Where does it say a poorly patched PHP, JSP, Ruby, Perl or whatever app was the cause of the vulnerabilities?
"I set up a logger on my website and asked a big security firm to demo their own automated web assessment tool on my website. I received a report of some hundreds of vulnerabilities. Needles to say not one of them was correct"
What was the name of this big security firm, the name of the web assessment tool and the name of your site. And how does this affect the validity or otherwise of the FAA report?
What 'open source' license is Kumo released under. Does it pass the definition of Open Source at Perens.com, in relation to redistribution, source code, derived works, restrictions, technology-neutral...
Worcester Airport, either 1997 or 1998. The lead investigator told his side of the story at the Microsoft Security Summit in Boston in 2004
If this is it then I say connecting a computer to a modem without dialback is one of the dumbest things you can do.
'The juvenile computer hacker identified the telephone numbers of the modems.. he accessed and disabled both in sequence.
Acting Special Agent in Charge Johnston stated, "This case, with the associated national security ramifications, is one of the most significant computer fraud investigations conducted by the U.S. Secret Service."'
What a load of hogwash. Did they identify who configured the insecure modem. What the f*** would the 'secret service' know about computer security.
"I have connections to someone who accidentally hacked an airport in the 1990s. Back then, the thing that board teenagers did was run programs that would find phone numbers answered by modems"
What was the name of this airport and are their any reports on this incident. Usually, where you have dial-in access to a modem, the modem drops the connection and dials back a particular number. See Dialback Modem Security from a Phrack article of 1988
The solution is obvious, create a network of VPN nodes with multiple redundant routes, that utilize end-to-end encryption and authentication and connect your 'computers' to that. Now don't tell how/why it can't be done, tell me how it can be !
"I'm terrified at the prospect of turning my little girl -- smart and good as she is -- loose on the Internet.. What's going to keep these kids safe? Oh well, I'm probably being naive and alarmist. And maybe for nothing, since the laptops will probably stay at the school anyway"
Going on the requests for how to bypass websence on 'Yahoo Answers', I would assume the school network is locked down to approved sites.
"All these laptops do provide a huge distraction, and I teach a class where we need computers. As I walk around the class I'll notice them closing chat windows or minimizing browsers"
Tell them not to use their laptops while you are teaching..
"Howdy, I do IT work for a fairly rural school district in SC. There are so many problems with this idea I don't know where to start"
Countries in the developing world such as the African nation of Rwanda don't seem to have any such problems. As neither does Brazil.
"it doesn't make much sense that a network closet that 20 computers run back to has 10 brand new switches in it while the school can't afford to retain its current teaching staff"
Retraining FUD..
"All the sudden the room that really only needed power to a TV and maybe 4-5 computers now needs to have the power capabilities to also handle 20-30 laptops as well. This is not to be underestimated"
I thought laptops ran off of batteries:)
"How about network connectivity? Are we going to install network jacks in these classrooms for these laptops or put in WAPs? Who is going to pay for this new equipment/cabling?"
The laptops utilize mesh networking so they can still provide functionality even without a central gateway.
"How about all of the volume licensing agreements? Agreements for OSes, anti-virus clients, patch management systems, etc. are all done by volume. Who is going to pay for the additional licenses for these systems?"
There are no 'volume licensing agreements', the XO isn't susceptible to such things as viruses
It appears to be different strains of flu virus crossing species and undergoing genetic reassortment. Where their is no direct infection route between species 'an intermediate host may be needed for genetic reassortment of human and avian viruses. Pigs are considered a logical candidate for this role because they can be infected by either avian or human viruses'.
As to how it jumps species in the first place, one way is to drink raw avian blood as in Tit Canh. Then infect some tourist who gets on a plane and who coughs infected droplets into air that is recycled for a number of hours.
They just don't get it, we don't want to subscribe to a hundred channels. What we do want is watch what we want when we want and not have to subscribe to half a dozen services on top of our ISP fees.
If the telecoms want to make real money out of IPTV they need to stop subscribing to rights to channels and instead buy up their own material and repackage it for their own subscribers, else all they are doing is relaying terrestrial TV to an audience that can already get on.. Television. I mean, for me, why pay extra to watch television on the Internet ?
If may come as a surprise to the telecoms that IPTV is a bandwidth hog, but not the rest of us. What they need to do is provide a high definition broadcast grid for live video, the rest to be provided in a peering arraignment to the local ISP switching center. The consumer then selects from a list of older tv progs and movies and they are delivered overnight to a DVR or set-top-box.
You pay for what you watch when you watch. Latest movie, ok top dollar, old movie, $1:00 a time. You also pay for online game subscriptions, video telephone, research and reference like the Wolfram|Alpha project.
Of course even 'passive viewing' is old century for the current wired generation, they're more into making and being in their own personal movie..:) It depresses me as to all the innovators can see as to the future of the Internet, television and adverts. Back to the sixties I guess:)
"The NSA got together with the National Institute of Standards and Technology, the Defense Information Systems Agency and the Center for Internet Security.. It then took two years for the Air Force to catalog and test all the software"
How much would it cost the average company to hire on the equivalent of the NSA, the NIoST, the DISA, the CfIS and the US Air Force - and spend TWO YEARS in locking down the network. Anyone care to propose a tender?
What operating systems have FDCC settings?
Currently, FDCC settings are intended for Microsoft Windows XP Professional with Service Pack (SP) 2 or SP 3 and Microsoft Windows Vista Business, Microsoft Windows Vista Enterprise, and Microsoft Windows Vista Ultimate with SP 1.
"Many of the changes were complex and technical, but Gilligan says one of the most important and simplest was an obvious fix to how Windows XP handled passwords. The Air Force insisted the system be configured so administrative passwords were unique, and different from general user passwords, preventing an average user from obtaining administrative privileges. Specifications were added to increase the length and complexity of passwords and expire them every 60 days"
Is there any way of scripting this under Linux so as to equate to this NSA locked down super secure XP
"Cameron himself believes 3D viewing 'is so close to a real experience that it actually triggers memory creation in a way that 2D viewing doesn't' and that stereoscopic (3D) viewing uses more neurons, which would further heighten its impact"
Anyone who has regularly played the current crop of First Person Shooter games experience the cinema as a bit of a lot down. It's not the act of viewing in 3D but interacting with the characters and moving about the landscape, so we are already familiar with the Cameron effect. Now if only they could get the AIs to behave as if they had some real intelligence. It does also get a bit boring blowing away aliens in the underground tunnels of the Black Mesa Research Facility.
Slashdot Mirror
"It would seem to me that this would be an argument for a national EMR database"
.. and who scored that nonsense up 'interesting'?
...
I totally agree
"This is why a national requirement for EMR systems isn't a good idea right now. The staffers that have to take care of this (in light of recent events in Virginia) are getting hung out to dry either because they don't have the training, or the budget, or both to pull this of safely"
Look, all it takes is to implement systems that are as secure as possible and some kind of irrevocable auditing capacity, as in you notice the hacking attempt, before it succeeds
'Hackers have reportedly infiltrated restricted computer databases at the University of California Berkeley, putting the private data of 160,000 students, alumni, and others at risk'
"As a security engineer(CISSP&CSSLP) with several years of experience in C&A and pen testing, I must say that the results aren't a surprise by any means"
Any 'security engineer' who is responsible for such a system should be fired and face criminal charges. The average ISP has better security.
Where does it say they were using FreeBSD
'if you store passwords as plaintext instead of hashes and secure data in plaintext, you will run into problems (TFA: "...hackers had the ability to obtain more than 40,000 FAA user IDs, passwords, and other information used to control a portion of the FAA mission-support network.")'
Where does it say they were using plaintext passwords. According to the FAA report they installed malicious codes and an administrator's password.
"
"
.. PHP, JSP, ASP, ASP.NET, Ruby, Perl or whatever, if you program poorly, you're going to have problems"
"Microsoft may not patch in a timely manner, but it doesn't matter what platform you're running if you don't apply the patches
Where does it say a poorly patched PHP, JSP, Ruby, Perl or whatever app was the cause of the vulnerabilities?
"I set up a logger on my website and asked a big security firm to demo their own automated web assessment tool on my website. I received a report of some hundreds of vulnerabilities. Needles to say not one of them was correct"
What was the name of this big security firm, the name of the web assessment tool and the name of your site. And how does this affect the validity or otherwise of the FAA report?
The solution is obvious
What 'open source' license is Kumo released under. Does it pass the definition of Open Source at Perens.com, in relation to redistribution, source code, derived works, restrictions, technology-neutral ...
If this is it then I say connecting a computer to a modem without dialback is one of the dumbest things you can do.
.. he accessed and disabled both in sequence.
'The juvenile computer hacker identified the telephone numbers of the modems
Acting Special Agent in Charge Johnston stated, "This case, with the associated national security ramifications, is one of the most significant computer fraud investigations conducted by the U.S. Secret Service."'
What a load of hogwash. Did they identify who configured the insecure modem. What the f*** would the 'secret service' know about computer security.
"I have connections to someone who accidentally hacked an airport in the 1990s. Back then, the thing that board teenagers did was run programs that would find phone numbers answered by modems"
What was the name of this airport and are their any reports on this incident. Usually, where you have dial-in access to a modem, the modem drops the connection and dials back a particular number. See Dialback Modem Security from a Phrack article of 1988
The solution is obvious, create a network of VPN nodes with multiple redundant routes, that utilize end-to-end encryption and authentication and connect your 'computers' to that. Now don't tell how/why it can't be done, tell me how it can be !
"I'm terrified at the prospect of turning my little girl -- smart and good as she is -- loose on the Internet .. What's going to keep these kids safe? Oh well, I'm probably being naive and alarmist. And maybe for nothing, since the laptops will probably stay at the school anyway"
Going on the requests for how to bypass websence on 'Yahoo Answers', I would assume the school network is locked down to approved sites.
"All these laptops do provide a huge distraction, and I teach a class where we need computers. As I walk around the class I'll notice them closing chat windows or minimizing browsers"
..
Tell them not to use their laptops while you are teaching
"Howdy, I do IT work for a fairly rural school district in SC. There are so many problems with this idea I don't know where to start"
..
:)
:)
Countries in the developing world such as the African nation of Rwanda don't seem to have any such problems. As neither does Brazil.
"it doesn't make much sense that a network closet that 20 computers run back to has 10 brand new switches in it while the school can't afford to retain its current teaching staff"
Retraining FUD
"All the sudden the room that really only needed power to a TV and maybe 4-5 computers now needs to have the power capabilities to also handle 20-30 laptops as well. This is not to be underestimated"
I thought laptops ran off of batteries
"How about network connectivity? Are we going to install network jacks in these classrooms for these laptops or put in WAPs? Who is going to pay for this new equipment/cabling?"
The laptops utilize mesh networking so they can still provide functionality even without a central gateway.
"How about all of the volume licensing agreements? Agreements for OSes, anti-virus clients, patch management systems, etc. are all done by volume. Who is going to pay for the additional licenses for these systems?"
There are no 'volume licensing agreements', the XO isn't susceptible to such things as viruses
"I'm a FOSS advocate, run nix at home, etc"
You sure sound like it
Get your anti-virus software here and here ..
How about tokenizing commonly used words and sending that, ne byte per word ?
"I am interested in your composite money-time concept and would like to subscribe to your newsletter"
I don't have a newsletter, I reposted it here, feel free to comment
It appears to be different strains of flu virus crossing species and undergoing genetic reassortment. Where their is no direct infection route between species 'an intermediate host may be needed for genetic reassortment of human and avian viruses. Pigs are considered a logical candidate for this role because they can be infected by either avian or human viruses'.
As to how it jumps species in the first place, one way is to drink raw avian blood as in Tit Canh. Then infect some tourist who gets on a plane and who coughs infected droplets into air that is recycled for a number of hours.
They just don't get it, we don't want to subscribe to a hundred channels. What we do want is watch what we want when we want and not have to subscribe to half a dozen services on top of our ISP fees.
.. Television. I mean, for me, why pay extra to watch television on the Internet ?
.. :) It depresses me as to all the innovators can see as to the future of the Internet, television and adverts. Back to the sixties I guess :)
If the telecoms want to make real money out of IPTV they need to stop subscribing to rights to channels and instead buy up their own material and repackage it for their own subscribers, else all they are doing is relaying terrestrial TV to an audience that can already get on
If may come as a surprise to the telecoms that IPTV is a bandwidth hog, but not the rest of us. What they need to do is provide a high definition broadcast grid for live video, the rest to be provided in a peering arraignment to the local ISP switching center. The consumer then selects from a list of older tv progs and movies and they are delivered overnight to a DVR or set-top-box.
You pay for what you watch when you watch. Latest movie, ok top dollar, old movie, $1:00 a time. You also pay for online game subscriptions, video telephone, research and reference like the Wolfram|Alpha project.
Of course even 'passive viewing' is old century for the current wired generation, they're more into making and being in their own personal movie
See also:
Regular columnist Bill Thompson wants it all. And he wants it now.
"the hard part was testing the 1,000s of client applications in use across the network"
What would this cost if factored into the total cost of the project. How many people are involved in the testing. What is the methodology used?
"The NSA got together with the National Institute of Standards and Technology, the Defense Information Systems Agency and the Center for Internet Security .. It then took two years for the Air Force to catalog and test all the software"
How much would it cost the average company to hire on the equivalent of the NSA, the NIoST, the DISA, the CfIS and the US Air Force - and spend TWO YEARS in locking down the network. Anyone care to propose a tender?
How soon will they blame Cameron for 3D cinema induced violence. First Person Shooter
What operating systems have FDCC settings? Currently, FDCC settings are intended for Microsoft Windows XP Professional with Service Pack (SP) 2 or SP 3 and Microsoft Windows Vista Business, Microsoft Windows Vista Enterprise, and Microsoft Windows Vista Ultimate with SP 1.
"Many of the changes were complex and technical, but Gilligan says one of the most important and simplest was an obvious fix to how Windows XP handled passwords. The Air Force insisted the system be configured so administrative passwords were unique, and different from general user passwords, preventing an average user from obtaining administrative privileges. Specifications were added to increase the length and complexity of passwords and expire them every 60 days"
Is there any way of scripting this under Linux so as to equate to this NSA locked down super secure XP
"Cameron himself believes 3D viewing 'is so close to a real experience that it actually triggers memory creation in a way that 2D viewing doesn't' and that stereoscopic (3D) viewing uses more neurons, which would further heighten its impact"
Anyone who has regularly played the current crop of First Person Shooter games experience the cinema as a bit of a lot down. It's not the act of viewing in 3D but interacting with the characters and moving about the landscape, so we are already familiar with the Cameron effect. Now if only they could get the AIs to behave as if they had some real intelligence. It does also get a bit boring blowing away aliens in the underground tunnels of the Black Mesa Research Facility.
The most probable cause of the spread is Air Travel