Virtually all the malware (and there is some drive by stuff happening) attacks people with rooted phones, so installing even a secure "ROM" is probably the worst thing you can do for security.
By looking for software that has gone through the common criteria (assuming that still exists or another similar certification process) you will have some reassurances that it was designed in a secure manner. I would also look for something using other government standards, like FIPS 140-2.
This would really backfire. First the public defenders are already really stretched thin. Yes the system could get exposed, but how many people would end up taking even longer jail sentences because they had a PD who didn't have any time to research the case. Jails would be more overcrowded with people who are probably sentenced for crimes where no one but themselves were harmed.
It might expose a problem, but DA offices have more resources than the poor they are often prosecuting. This wouldn't really work the way the article suggested.
I was in shock that they brushed off SCADA systems too. We don't need BS ideas like moving everything to the cloud (or any other industry lingo), but we do need some real work on some very important systems. User training helps for workstations (and overall), but the threats from nation-states that are highly complex do unfortunately require some serious planning and thought.
The problem is differentiating the snake oil salesmen from the few people with real solutions. The people have problems because they don't understand the threat, and often they also don't have the ability to see through a sales pitch.
The idea that this is a fake threat, as implied by the article is just not in line with reality. This article all but brushes off the threat from SCADA systems which shows a massive logic fail on the part of the author.
Just with Backtrack and a handful of other freely available tools, one would be able to see what scada systems are talking out to the internet at this second in the US. Just because there is a lot of money to be made, doesn't mean the threat isn't real.
We view cyber security as an add on to a computer system after its been completed instead of working it in from the start. We don't take it as a serious problem right now. Worse the people who would need to write legislation about improving it can barely turn on a computer themselves.
That said, ignore the threat of real disaster at your own peril, its real and as we continue to ignore our cyber security its more than likely going to cause real damage in the near future.
Create A VM that only allows access to sites you have approved ahead of time, then get something to track all the traffic like a Netwitness or record it all with Wireshark (save it as a PCAP).
Tell them traffic to unhallowed sites will be investigated for cheating. The idea that you are monitoring their internet traffic will be just as powerful (if not more so) than the monitoring itself.
I have found the best line of reasoning is to show them that the Protocols that make the internet work are "dumb". By dumb I mean that they can't distinguish between those with "benevolent" intentions and those with malicious intentions.
In the world of SOPA like legislation, this means that the bad guys could very easily copy -impersonate the "good" guys and trick the protocols used to attack people.
On the flip side if you make traffic more secure and have it act as its supposed to (ie as an end to end communication without the possibility of breaking or intercepting traffic) then the you have to be willing to accept that the illegal actors will use the same technology. The flip side is that to allow the government to stop copyright infringement, attackers could also redirect our banking and commercial traffic which is of far greater importance.
Note- I used the term bad guys and good guys extremely liberally (past a point I myself would agree with) to simplify the issue and to make it sound more unbiased.
The barbarians will never be able to destroy our empire (Rome 400 AD)
The silly colonies will never be able to overthrow the British Empire (Britain, 1774)
Digital Cameras, who needs them - As CEO of Kodak (Last week).
First,
It goes without saying that it depends on what kind of stuff the end-user is doing. If this is the average company, it would probably be ok to have a secured part of the phone which is completely managed by the company, and the rest of the phone would be controlled by user. This wouldn't be perfect but could provide some level of assurance that email accounts/ company info could be managed in a reasonable manner.
However those dealing with real trade secrets, or other highly sensitive information, should stick to separate devices. Its all based on the risk of data loss/ cell phone compromise.
No where did it say the Judge didn't care about SCOTUS. He is not ignored a previous ruling. When a ruling comes out it will obviously take precident. However until then, the judge should interpret the law and rule accordingly. Decisions can take until early July, and if someone is stealing money, thats a long time to wait.
I pretty much said the same thing in a different post. The fact that this can be used for 'bad' doesn't mean its spyware. Horrible headline choice in my opinion.
Why is this Spyware? Spyware in its traditional sense is something you drop on a computer, not putting professional network management products on your network so you can see all your traffic. Deep Packet Inspection is pretty vital to almost any corporate network. This is almost as bad as people who call the LOIC from anon hacking instead of a DDOS attack. Its one thing to get that from CNN, but I expect more from Slashdot.
Its funny how there is so much concern for the lack of funding that may result from this. But there is 0 concern that the Palestinian organization/ terrorist groups (aka Hamas) that make up their government are not forced to comply with the standards established by the organization. It supposed to support peace, freedom right and understanding. I didn't know supporting suicide bombings was a plus on the application.
The bottom line is just a couple of weeks ago the Palestinians cheered many returned from jail for committing unspeakable acts of murder on civilians and the UN member countries (most of which are run by thuggish dictators) looked the other way. The UN has a long history of antisemitism, from the Durban conference to multiple other examples.
The US foots far too much of the bill for these organizations as it is. If they want to continue in their racist ways, it shouldn't be on our dime.
PS this isn't just for new projects, UNSECO won't get another dime going forward. Other agencies should keep this in mind before supporting a group on multiple terrorist list (Hamas) with a full membership in a international body.
Getting two years of experience right out of school is a great thing, but its easier said than done. A lot of companies would prefer the experience to start, but will look for someone else if you don't have an advanced degree or the experience. Its a tough job market out there and I found that my Master's degree opened up a ton of doors that were otherwise closed. I got numerous job offers because of my degree and your salary will be slightly higher. If you can get it out of the way early, either part time or full time, do it. Master's are the undergrad degree of our parents generation. Everyone has an undergrad degree and to a large part, there now relatively worthless for setting you apart from the field.
Slashdot Mirror
Virtually all the malware (and there is some drive by stuff happening) attacks people with rooted phones, so installing even a secure "ROM" is probably the worst thing you can do for security. By looking for software that has gone through the common criteria (assuming that still exists or another similar certification process) you will have some reassurances that it was designed in a secure manner. I would also look for something using other government standards, like FIPS 140-2.
This would really backfire. First the public defenders are already really stretched thin. Yes the system could get exposed, but how many people would end up taking even longer jail sentences because they had a PD who didn't have any time to research the case. Jails would be more overcrowded with people who are probably sentenced for crimes where no one but themselves were harmed. It might expose a problem, but DA offices have more resources than the poor they are often prosecuting. This wouldn't really work the way the article suggested.
I was in shock that they brushed off SCADA systems too. We don't need BS ideas like moving everything to the cloud (or any other industry lingo), but we do need some real work on some very important systems. User training helps for workstations (and overall), but the threats from nation-states that are highly complex do unfortunately require some serious planning and thought. The problem is differentiating the snake oil salesmen from the few people with real solutions. The people have problems because they don't understand the threat, and often they also don't have the ability to see through a sales pitch.
The idea that this is a fake threat, as implied by the article is just not in line with reality. This article all but brushes off the threat from SCADA systems which shows a massive logic fail on the part of the author. Just with Backtrack and a handful of other freely available tools, one would be able to see what scada systems are talking out to the internet at this second in the US. Just because there is a lot of money to be made, doesn't mean the threat isn't real. We view cyber security as an add on to a computer system after its been completed instead of working it in from the start. We don't take it as a serious problem right now. Worse the people who would need to write legislation about improving it can barely turn on a computer themselves. That said, ignore the threat of real disaster at your own peril, its real and as we continue to ignore our cyber security its more than likely going to cause real damage in the near future.
Create A VM that only allows access to sites you have approved ahead of time, then get something to track all the traffic like a Netwitness or record it all with Wireshark (save it as a PCAP). Tell them traffic to unhallowed sites will be investigated for cheating. The idea that you are monitoring their internet traffic will be just as powerful (if not more so) than the monitoring itself.
I have found the best line of reasoning is to show them that the Protocols that make the internet work are "dumb". By dumb I mean that they can't distinguish between those with "benevolent" intentions and those with malicious intentions. In the world of SOPA like legislation, this means that the bad guys could very easily copy -impersonate the "good" guys and trick the protocols used to attack people. On the flip side if you make traffic more secure and have it act as its supposed to (ie as an end to end communication without the possibility of breaking or intercepting traffic) then the you have to be willing to accept that the illegal actors will use the same technology. The flip side is that to allow the government to stop copyright infringement, attackers could also redirect our banking and commercial traffic which is of far greater importance. Note- I used the term bad guys and good guys extremely liberally (past a point I myself would agree with) to simplify the issue and to make it sound more unbiased.
The barbarians will never be able to destroy our empire (Rome 400 AD) The silly colonies will never be able to overthrow the British Empire (Britain, 1774) Digital Cameras, who needs them - As CEO of Kodak (Last week).
Romney has come out and slammed SOPA today, while many professionals have said Obama will sign it because of the vast money he gets from Hollywood. Romney gets my thumbs up because while there is no perfect candidate, being in favor of SOPA is an automatic disqualification. The fact that Obama has come out in the past and said he will veto bills, but hasn't had the guts to same the same about SOPA/PIPA reflects poorly on his knowledge of the situation. http://www.techdirt.com/articles/20120108/00322817330/did-mitt-romney-just-come-out-against-sopapipa.shtml http://merrimack.patch.com/articles/video-mitt-romney-slams-sopa
First, It goes without saying that it depends on what kind of stuff the end-user is doing. If this is the average company, it would probably be ok to have a secured part of the phone which is completely managed by the company, and the rest of the phone would be controlled by user. This wouldn't be perfect but could provide some level of assurance that email accounts/ company info could be managed in a reasonable manner. However those dealing with real trade secrets, or other highly sensitive information, should stick to separate devices. Its all based on the risk of data loss/ cell phone compromise.
No where did it say the Judge didn't care about SCOTUS. He is not ignored a previous ruling. When a ruling comes out it will obviously take precident. However until then, the judge should interpret the law and rule accordingly. Decisions can take until early July, and if someone is stealing money, thats a long time to wait.
I pretty much said the same thing in a different post. The fact that this can be used for 'bad' doesn't mean its spyware. Horrible headline choice in my opinion.
Why is this Spyware? Spyware in its traditional sense is something you drop on a computer, not putting professional network management products on your network so you can see all your traffic. Deep Packet Inspection is pretty vital to almost any corporate network. This is almost as bad as people who call the LOIC from anon hacking instead of a DDOS attack. Its one thing to get that from CNN, but I expect more from Slashdot.
Its funny how there is so much concern for the lack of funding that may result from this. But there is 0 concern that the Palestinian organization/ terrorist groups (aka Hamas) that make up their government are not forced to comply with the standards established by the organization. It supposed to support peace, freedom right and understanding. I didn't know supporting suicide bombings was a plus on the application. The bottom line is just a couple of weeks ago the Palestinians cheered many returned from jail for committing unspeakable acts of murder on civilians and the UN member countries (most of which are run by thuggish dictators) looked the other way. The UN has a long history of antisemitism, from the Durban conference to multiple other examples. The US foots far too much of the bill for these organizations as it is. If they want to continue in their racist ways, it shouldn't be on our dime. PS this isn't just for new projects, UNSECO won't get another dime going forward. Other agencies should keep this in mind before supporting a group on multiple terrorist list (Hamas) with a full membership in a international body.
Getting two years of experience right out of school is a great thing, but its easier said than done. A lot of companies would prefer the experience to start, but will look for someone else if you don't have an advanced degree or the experience. Its a tough job market out there and I found that my Master's degree opened up a ton of doors that were otherwise closed. I got numerous job offers because of my degree and your salary will be slightly higher. If you can get it out of the way early, either part time or full time, do it. Master's are the undergrad degree of our parents generation. Everyone has an undergrad degree and to a large part, there now relatively worthless for setting you apart from the field.