Knowingly spreading false information is covered in that section. See subsection (a) 2 and 3:
(a) Except as otherwise provided in this section, whoever, in any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States, knowingly and willfully--
(1) falsifies, conceals, or covers up by any trick, scheme, or device[ , ] a material fact;
(2) makes any materially false, fictitious, or fraudulent statement or representation; or
(3) makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry
shall be fined under this title, imprisoned not more than 5 years or,...
The escape hatch for this is if the government is willing to provide the evidence that gives them an actual reason to believe that it is true, or if the false claim is actually only presented as an opinion, and not necessarily founded on any facts at all.
It's all well and good for the government to admit that this is just in their opinion, without having any actual facts to back it up, but doing so would probably have a pretty significant effect on how much people are going to take the government's word for it that the software is dangerous. It may very well be, but nobody's going to be operating under the assumption that the government knows something that nobody else does because they will have had to publicly state it was just an opinion in the first place.
I'm not alleging that they are... I'm only suggesting using the justice system to either force the government to put up or shut up about it. It doesn't matter if they've made stuff up... they are going to either have to present what basis they had for believing the allegation that Kaspersky software cannot be trusted or else they would have say that it is their opinion only (which is, as I said, a valid defense against criminal prosecution for relevant crime). By going on-record that it is only their opinion, they are effectively neutralizing much of their own claims which might otherwise be assumed to be true by virtue of some knowledge that only the US government is supposedly privy to, and they would have to publicly deny that such information even exists in order to say that it is only their opinion.
True... but a private party can bring charges forward by initiating a police report. The justice system still has to press charges, but in thie case there's no lack of evidence to support that that information is being propogated by the US government... they've even admitted that they are stating this. The only thing that is generally left to prove is either that the information is true to the best of the government's knowledge (which would necessitate that they share what their basis for saying this about Kaspersky is), or for the government to claim that this was actually only their opinion, and not based on any factual findings, thereby neutralizing much of their claims against Kaspersky with respect to most people, unless those people wish to blindly trust a government that has *OPENLY STATED* that they don't actually know what they are talking about
It starts with a police report... since knowingly spreading false information about a person or company is actually illegal (and is the entire grounds for which one may be able to claim civil damages, if circumstances warrant it, but that's not what Kaspersky should be after here if they want to make headway). There is no lack of evidence to show that the allegation that Kaspersky Labs cannot be trusted began with the government, so the only thing remaining is to show either that it was true to the best of the US government's knowledge (and thereby present the basis for their claims), to say that it was simply an opinion and not a proclamation of fact, or to admit that they lied. The onus then rests on the government to either prove that what they are saying is true, or to simply admit that this was just in their opinion (since even that would be a justifiable defense for a criminal case). Since the government doesn't seem to want to show or share what basis they have for saying Kaspersky labs can't be trusted, their only recourse then is to go on-record and say that this is their opinion, and not based on any actual findings that would indicate it is true.
Of course, it doesn't really prove that the US government's allegations aren't true... the entire point of such a case would be to force the government to shut up about it, or at least make their claims about Kaspersky something that a person could reasonably choose to ignore by virtue of being public knowledge that it is simply an unfounded allegation that is based on opinion and not facts.
... they'd charge the government with slander/libel.
And I don't mean sue them through civil court for damages, I mean actually file real criminal charges against them. Since the government appears to want to keep being mum about why they are saying this about Kaspersky, their only defense against this would then be to go on-record as saying that this is in their opinion only, and not based on any actual findings.
Of course, none of this would necessarily prove that Kaspersky software can actually be trusted, but it would force the US government to shut up about it, unless they are prepared to reveal exactly *why* they believe the company is less than trustworthy (which I don't think they want to do).
I don't dispute that password managers offer more convenience, but they do *NOT* really offer any more security than well chosen passwords that are difficult or infeasible to crack using known methods in the first place. The ordinary problem with such passwords is that they can be difficult to memorize, but it is entirely possible to come up with a handful of simple rules that you can apply in your head in whatever (fixed) order you want, to generate essentially random-looking passwords from key phrases or other things that *ARE* easily memorizable. (can *YOU* see the pattern in ^e1V#n@-5o#3r3A%t3D%h3, for example, which might be associated with the more easily memorizable key 1-1-1-4p?)
Even if someone figures out or has access to those keys or key phrases, by themselves they are of of no use because they do not know the algorithm that is used to produce the actual password that is needed to access the service. And as I said above, the search domain for possible algorithms which could get used to generate passwords from such keys is actually larger than the entire search space that would have to be scanned to brute force an arbitrarily long password in the first place. If a password does get compromised, you can change your key phrase or key words to some other value that is also easy to memorize and generate a new random-looking password from that.
If you personally do not get attacked, then a password manager offers no additional security at all over choosing individual passwords that are not easy to guess.
And a password does not have to be random to be hard to guess, it only has to be unknown, not contain any common or widely known patterns (and so be subject to a dictionary attack), and be of sufficient length that brute-forcing it would be too time consuming to be worthwhile.
And I never suggested my passwords were random. They are, however, based upon an algorithm that is known only to myself and trying to reverse engineer that algorithm from any data that might be obtainable by anyone is comparable to the notion of being given some real number that is supposed to be the difference between two unknown numbers and trying to guess precisely which two numbers they were. The search domain for solving the problem of simply finding the algorithm is larger than the search space for brute-forcing a password of unknown length. There's nothing particularly magic or special about the algorithm I am using either... it's just a clearly defined set of steps that I can perform easily, and without the aid of any computer to arrive at my password from any key, and the password that it produces is largely indistinguishable from one that a random password generator might produce. For example, given the key 1-1-1-33-4p, using a similar pattern to what I am actually using (slightly modified however), the password for that key would be: ^e1V#n@-5o#3r3A%t3D%h3. That's a 22 character password, and would not be easy for anyone to guess.. It's not easy to memorize either, but the pattern that I used to generate it is actually quite simple for me to do in my head
In actuality, the only thing that might make such a password look random is because nobody else knows how the algorithm that makes it, and any english words which might seem to appear in the text are more of an evidence of pareidolia than an indication of the underlying pattern, because there's no reason for any english words to ever be there at all.
However, passwords remain a weak form of authentication.
They are only weak when people choose weak passwords. Inventing an algorithm that you can perform without using a computer to do it which can generate your passwords for you from some given key can produce passwords which appear no less strong than the unmemorizable passwords that are generated by systems that use random passwords, and are still no easier to guess simply by virtue of there being an algorithm because nobody else actually knows exactly what that algorithm is. The search domain for trying to guess the algorithm is actually larger than the search domain for brute forcing an arbitrarily long password in the first place.
Then the point of greatest vulnerability becomes whatever is protecting whatever keys or passwords that the password manager uses. A password manager adds no additional security by itself, and only is superior to using individual passwords in that it can be more convenient to use, but it is certainly not any more secure (arguably, it may be less secure, because all of your passwords are stored in one place, and if that is compromised, you have to change *ALL* of your passwords).
Anyone can invent their own algorithm that they could peform without a computer for coming up with unique passwords, which might theoretically reduce the search domain for the password for brute-forcing purposes, but would not be of any help to a would-be cracker who does not actually know what sort of algorithm you used to come up with it.
I have such an algorithm for my passwords, where I can (fairly) easily generate what a password is from a given key. I'm the only one who knows the algorithm, so even if the keys were written down in plain text and somebody has access to that, it is not helpful in guessing the passwords. Trying to figure out the algorithm that I use to come up with the passwords from a key is comparable to, for example, being given some number, and trying to guess which specific pair of other numbers have that number as a difference. The search domain for an answer to such a question is far larger than the search domain for any fixed length password itself, so it does not actually reduce the complexity of even brute forcing what is an arbitrarily long password in the first place.
I imagine that would depend on the program. In computer science, for instance, that might cover textbook costs for one semester, but it definitely wouldn't cover an entire year.
How is an employer âoegiving you a raiseâ if you werenâ(TM)t already working for them? While the amount you might receive by starting work for a new employer may represent a large raise for you, as far as the employer is concerned, that is nothing more or less than your starting wage/salary. If itâ(TM)s a raise, itâ(TM)s a raise from $0, because thatâ(TM)s what they were paying you before.
As the lowest pay allowed by law is minimum wage, what youd get is only unqualified applicants unless the job itself required no special training, education, or skills
Again.... I believe I said get as far away *AS YOU CAN*.... obviously if you have no choice, that's not going to do much, but in many cases you do. The article wasn't focusing on the Equifax issue, but simply asked a general question that could be applicable to any number of companies, many of which one *would* have a choice in dealing with, such as an employer, for example.
Please note, I said "as you can".... obviously it would not apply if one has no choice in their affiliation, but it can still often be the case that one will have such a choice.
If they aren't already interested in paying attention to security, pointing out where their security is flawed won't change anything. At best, they'll just think you're acting like some kind of know-it-all, and at worst, they might make your life thereafter somewhat unpleasant.
If a company doesn't pay attention to security, run in the other direction. Get as far away from them as you can.
One thing I've noticed working at a few major companies is that nobody ever really gets bad performance reviews
Here's the thing... people *DO* get bad performance reviews, but those people don't generally stick around for very long afterwards, if they aren't actually fired for not doing their job correctly, or at all.
All correct except for the part about what it puts in the headers.
The "To" field in the header still contains all of the dots that were originally used to address the email, and someone you are telling your gmail address to has no way to tell which, if any, of the dots in your email before the @ sign are actually part of your real email address. The message still makes it way to your real gmail inbox, but because the header "To" field might not contain your exact REAL email address, you can very easily filter it, immediately label it spam, delete it, or whatever.
How big a step is it from deleting Youtube accounts because they don't like what the person says and turning people over to the cops for what they say? It's not a very big step, for they are already acting like they think they are a form of "thought" police when they say who can, and who cannot, communicate based upon what the person has to say.
You ask what is evidently a rhetorical question, but you answered it wrong. It's actually an enormous step, and suggesting that there is some kind of slippery slope by simply being discriminatory in commercial dealings to full-on oppression backed by the government shows a complete lack of any understanding of the latter. While I'd never say that the former was fair, to suggest that it's not far removed from the Orwellian picture you describe is nothing less than absurd.
While I'll agree that it's certainly *possible* to compromise one's safety by having one of these devices in their home, I don't know if there's actually any precedent to show that it would ever, in practice, be the case.
I call BS on that, have you ever run a Linux distribution with KDE?
Yes, I do it all the time.
As I said elsewhere, I've tried using KDE on a modern system with only 8G, and really felt the difference in performance. I haven't used it with 16G, so that might be okay too.
Slashdot Mirror
Knowingly spreading false information is covered in that section. See subsection (a) 2 and 3:
The escape hatch for this is if the government is willing to provide the evidence that gives them an actual reason to believe that it is true, or if the false claim is actually only presented as an opinion, and not necessarily founded on any facts at all.
It's all well and good for the government to admit that this is just in their opinion, without having any actual facts to back it up, but doing so would probably have a pretty significant effect on how much people are going to take the government's word for it that the software is dangerous. It may very well be, but nobody's going to be operating under the assumption that the government knows something that nobody else does because they will have had to publicly state it was just an opinion in the first place.
What you've cited would only protect them from a civil lawsuit. It does not protect them from prosecution for violating an actual federal law
18 U.S.C. SS 1001
I'm not alleging that they are... I'm only suggesting using the justice system to either force the government to put up or shut up about it. It doesn't matter if they've made stuff up... they are going to either have to present what basis they had for believing the allegation that Kaspersky software cannot be trusted or else they would have say that it is their opinion only (which is, as I said, a valid defense against criminal prosecution for relevant crime). By going on-record that it is only their opinion, they are effectively neutralizing much of their own claims which might otherwise be assumed to be true by virtue of some knowledge that only the US government is supposedly privy to, and they would have to publicly deny that such information even exists in order to say that it is only their opinion.
True... but a private party can bring charges forward by initiating a police report. The justice system still has to press charges, but in thie case there's no lack of evidence to support that that information is being propogated by the US government... they've even admitted that they are stating this. The only thing that is generally left to prove is either that the information is true to the best of the government's knowledge (which would necessitate that they share what their basis for saying this about Kaspersky is), or for the government to claim that this was actually only their opinion, and not based on any factual findings, thereby neutralizing much of their claims against Kaspersky with respect to most people, unless those people wish to blindly trust a government that has *OPENLY STATED* that they don't actually know what they are talking about
See 18 U.S.C. SS 1001.
It is, in fact, a federal crime, and people have served time for it in the past... Martha Stewart comes to mind as one prominent recent example.
It starts with a police report... since knowingly spreading false information about a person or company is actually illegal (and is the entire grounds for which one may be able to claim civil damages, if circumstances warrant it, but that's not what Kaspersky should be after here if they want to make headway). There is no lack of evidence to show that the allegation that Kaspersky Labs cannot be trusted began with the government, so the only thing remaining is to show either that it was true to the best of the US government's knowledge (and thereby present the basis for their claims), to say that it was simply an opinion and not a proclamation of fact, or to admit that they lied. The onus then rests on the government to either prove that what they are saying is true, or to simply admit that this was just in their opinion (since even that would be a justifiable defense for a criminal case). Since the government doesn't seem to want to show or share what basis they have for saying Kaspersky labs can't be trusted, their only recourse then is to go on-record and say that this is their opinion, and not based on any actual findings that would indicate it is true.
Of course, it doesn't really prove that the US government's allegations aren't true... the entire point of such a case would be to force the government to shut up about it, or at least make their claims about Kaspersky something that a person could reasonably choose to ignore by virtue of being public knowledge that it is simply an unfounded allegation that is based on opinion and not facts.
And I don't mean sue them through civil court for damages, I mean actually file real criminal charges against them. Since the government appears to want to keep being mum about why they are saying this about Kaspersky, their only defense against this would then be to go on-record as saying that this is in their opinion only, and not based on any actual findings.
Of course, none of this would necessarily prove that Kaspersky software can actually be trusted, but it would force the US government to shut up about it, unless they are prepared to reveal exactly *why* they believe the company is less than trustworthy (which I don't think they want to do).
I don't dispute that password managers offer more convenience, but they do *NOT* really offer any more security than well chosen passwords that are difficult or infeasible to crack using known methods in the first place. The ordinary problem with such passwords is that they can be difficult to memorize, but it is entirely possible to come up with a handful of simple rules that you can apply in your head in whatever (fixed) order you want, to generate essentially random-looking passwords from key phrases or other things that *ARE* easily memorizable. (can *YOU* see the pattern in ^e1V#n@-5o#3r3A%t3D%h3, for example, which might be associated with the more easily memorizable key 1-1-1-4p?)
Even if someone figures out or has access to those keys or key phrases, by themselves they are of of no use because they do not know the algorithm that is used to produce the actual password that is needed to access the service. And as I said above, the search domain for possible algorithms which could get used to generate passwords from such keys is actually larger than the entire search space that would have to be scanned to brute force an arbitrarily long password in the first place. If a password does get compromised, you can change your key phrase or key words to some other value that is also easy to memorize and generate a new random-looking password from that.
If you personally do not get attacked, then a password manager offers no additional security at all over choosing individual passwords that are not easy to guess.
And a password does not have to be random to be hard to guess, it only has to be unknown, not contain any common or widely known patterns (and so be subject to a dictionary attack), and be of sufficient length that brute-forcing it would be too time consuming to be worthwhile.
And I never suggested my passwords were random. They are, however, based upon an algorithm that is known only to myself and trying to reverse engineer that algorithm from any data that might be obtainable by anyone is comparable to the notion of being given some real number that is supposed to be the difference between two unknown numbers and trying to guess precisely which two numbers they were. The search domain for solving the problem of simply finding the algorithm is larger than the search space for brute-forcing a password of unknown length. There's nothing particularly magic or special about the algorithm I am using either... it's just a clearly defined set of steps that I can perform easily, and without the aid of any computer to arrive at my password from any key, and the password that it produces is largely indistinguishable from one that a random password generator might produce. For example, given the key 1-1-1-33-4p, using a similar pattern to what I am actually using (slightly modified however), the password for that key would be: ^e1V#n@-5o#3r3A%t3D%h3. That's a 22 character password, and would not be easy for anyone to guess.. It's not easy to memorize either, but the pattern that I used to generate it is actually quite simple for me to do in my head
In actuality, the only thing that might make such a password look random is because nobody else knows how the algorithm that makes it, and any english words which might seem to appear in the text are more of an evidence of pareidolia than an indication of the underlying pattern, because there's no reason for any english words to ever be there at all.
They are only weak when people choose weak passwords. Inventing an algorithm that you can perform without using a computer to do it which can generate your passwords for you from some given key can produce passwords which appear no less strong than the unmemorizable passwords that are generated by systems that use random passwords, and are still no easier to guess simply by virtue of there being an algorithm because nobody else actually knows exactly what that algorithm is. The search domain for trying to guess the algorithm is actually larger than the search domain for brute forcing an arbitrarily long password in the first place.
Then the point of greatest vulnerability becomes whatever is protecting whatever keys or passwords that the password manager uses. A password manager adds no additional security by itself, and only is superior to using individual passwords in that it can be more convenient to use, but it is certainly not any more secure (arguably, it may be less secure, because all of your passwords are stored in one place, and if that is compromised, you have to change *ALL* of your passwords).
Anyone can invent their own algorithm that they could peform without a computer for coming up with unique passwords, which might theoretically reduce the search domain for the password for brute-forcing purposes, but would not be of any help to a would-be cracker who does not actually know what sort of algorithm you used to come up with it.
I have such an algorithm for my passwords, where I can (fairly) easily generate what a password is from a given key. I'm the only one who knows the algorithm, so even if the keys were written down in plain text and somebody has access to that, it is not helpful in guessing the passwords. Trying to figure out the algorithm that I use to come up with the passwords from a key is comparable to, for example, being given some number, and trying to guess which specific pair of other numbers have that number as a difference. The search domain for an answer to such a question is far larger than the search domain for any fixed length password itself, so it does not actually reduce the complexity of even brute forcing what is an arbitrarily long password in the first place.
I imagine that would depend on the program. In computer science, for instance, that might cover textbook costs for one semester, but it definitely wouldn't cover an entire year.
How is an employer âoegiving you a raiseâ if you werenâ(TM)t already working for them? While the amount you might receive by starting work for a new employer may represent a large raise for you, as far as the employer is concerned, that is nothing more or less than your starting wage/salary. If itâ(TM)s a raise, itâ(TM)s a raise from $0, because thatâ(TM)s what they were paying you before.
As the lowest pay allowed by law is minimum wage, what youd get is only unqualified applicants unless the job itself required no special training, education, or skills
Again.... I believe I said get as far away *AS YOU CAN*.... obviously if you have no choice, that's not going to do much, but in many cases you do. The article wasn't focusing on the Equifax issue, but simply asked a general question that could be applicable to any number of companies, many of which one *would* have a choice in dealing with, such as an employer, for example.
Please note, I said "as you can".... obviously it would not apply if one has no choice in their affiliation, but it can still often be the case that one will have such a choice.
If they aren't already interested in paying attention to security, pointing out where their security is flawed won't change anything. At best, they'll just think you're acting like some kind of know-it-all, and at worst, they might make your life thereafter somewhat unpleasant.
If a company doesn't pay attention to security, run in the other direction. Get as far away from them as you can.
Here's the thing... people *DO* get bad performance reviews, but those people don't generally stick around for very long afterwards, if they aren't actually fired for not doing their job correctly, or at all.
All correct except for the part about what it puts in the headers.
The "To" field in the header still contains all of the dots that were originally used to address the email, and someone you are telling your gmail address to has no way to tell which, if any, of the dots in your email before the @ sign are actually part of your real email address. The message still makes it way to your real gmail inbox, but because the header "To" field might not contain your exact REAL email address, you can very easily filter it, immediately label it spam, delete it, or whatever.
You ask what is evidently a rhetorical question, but you answered it wrong. It's actually an enormous step, and suggesting that there is some kind of slippery slope by simply being discriminatory in commercial dealings to full-on oppression backed by the government shows a complete lack of any understanding of the latter. While I'd never say that the former was fair, to suggest that it's not far removed from the Orwellian picture you describe is nothing less than absurd.
Or, perhaps, and more likely, one's tastes are simply too diverse to be found on just a small set of services.
While I'll agree that it's certainly *possible* to compromise one's safety by having one of these devices in their home, I don't know if there's actually any precedent to show that it would ever, in practice, be the case.
.... are claiming is evidence to substantiate the notion that it the software is dangerous.
Yes, I do it all the time.
As I said elsewhere, I've tried using KDE on a modern system with only 8G, and really felt the difference in performance. I haven't used it with 16G, so that might be okay too.