The fact that someone was able to access and get out of the NSA systems the range of data that Snowden was apparently able to do was a demonstration of a dramatic failure in security compartmentalization in the NSA. For an ultra-high security setup, the systems administrator needs to have file access to move stuff around, but should not have data access to the internals of the databases. The content people -- analysts and the like -- need to have secure db access to those projects and that data appropriate to their roles, but should not have direct copy access to the files.
It sounds like this guy Winter talking about abysmal corporate security would have had a hand in setting up those failed NSA systems. So, is Winter out there talking about how companies should not do as he did?
I recall a friend telling me years ago that when he went to work at Raytheon, he asked why there was a big triangle of the employee parking lot that was unused. It turned out that there was a microwave transmitter pointed that way that was still strong enough in that area that car upholstery and such would break down in just a couple of months of exposure.
Hmmm.
Not exactly "melting" the cars, but I would want to give that a good wide berth.
Some bags are specifically designed for concealed-yet-ready carry. They're essentially holsters with bags in front of them. Oh, sure, that's not the same as a quick-draw open holster, but if you walk down the street with open carry you'll have people questioning you (and getting the police to question you) constantly.
"...not a way to blast your way out of a confrontation with a cartel."
For that, you want something larger than a.22
BFG9000, maybe, though that again gets back to the problem of discreet carry.
It was the North Koreans. Supreme Leader Kim kept getting boned within a few minutes of logging in and, being the most awesomest gamer in the world, instructed his people to take down the whole nest of conspiring cheaters.
But the point of what he was doing appears to be that *he* was providing the "cloud" to *others*. That certainly goes beyond the scope of a "residential" service -- regardless if he was doing it for free or to make money.
Having skimmed through the comments about how the hack is some kind of act of war, and why is this stuff accessible anyway, and blahblahblah, I Googled "National Inventory of Dams".
So, you click on it and there's choices like login or "request new username". To get one, you fill in various identifying information, including what kind of organization you're with and why you need access. I expect that responding differently to the type of organization question gets you different levels of access. I expect that the "hack" was that someone lied in answering one or more of the questions, and whoever set up the access gave the person more than appropriate access because there was insufficient credential checking for a higher level of access, or because the person just setup the account without doing some required check. It looks like there's some level of public access allowed, and there's even an available choice of "foreign government" as organization type.
I picture it as someone, possibly foreign national, possibly Chinese, who has some connection to a US University and said he needed access to engineering-level data for failure analysis. Is that a "hack"? Is that an "act of war"?
Except that more typically, the situation is that the actual hiring manager would "like" to see VB skills (or whatever other buzzword), and it's not really all that critical -- especially since a decent programmer can pick it up as necessary -- but might not ever see the resume for that decent programmer who got filtered out by HR. I've done or modified a few VB programs over the years, continuing that example, but it's really not a core skill so I don't mention it on a resume. Another applicant, possibly with far less ability, might have more demonstrated VB experience, or at least more willingness to claim the skill.
I think the last time I even *had* a debit card was over 20 years ago. I don't want one, and have specifically requested ATM cards that *aren't* debit cards. The only reason I would even consider getting one, is if for some reason I got an account that was online only and for some reason it was an account I needed to get cash from, rather than doing a direct online transfer from account to account.
Oh, wait, having typed that, I realize I do have an account that's online only, and they sent me a debit card. It's been in a drawer since about 30 seconds after I got it in the mail.
I pay (almost everything) by credit card, then direct transfer the monthly payment from my bank.
If there's a problem with a charge on your card, would you rather (a) dispute the charge on your credit card, withholding payment until resolved, or (b) dispute the charge and try to get the debit card company to give you money back?
Would you rather (a) hand over to the minimum-wage drone a credit card with a line into the credit card company's account, or (b) hand over a debit card with a direct line into your account?
And checks? My wife pays by check maybe a couple of things a month to people who still for some reason can't take credit card or direct payment. I can't remember the last time I wrote a check.
ATM fees? I can't remember the last time I got caught short by an unexpected cash purchase or lack of planning that I had to hit an ATM other than at my home bank.
These sorts of fees are bad in that they hit poor people who can least afford it. Too poor to have a couple of weeks pay in their checking accounts, if they have an account at all. Too poor to have a "real" credit card, so they have a debit card or use checks. I don't like the idea that BoA (and other big banks) see little value in retaining such customers unless they can gouge them for direct fees, but I can understand how their cold, hard analyses come to this conclusion.
Imagine if you were chatting in a languages you don't know, copy-pasting snippets of text you don't understand in response to other snippets of text you don't understand. Even if you remember what you've copypasted previously, you would still come accross as a lunatic.
That sounds like an awful lot of discussion forums, especially the political ones.
You've got it right: verify there's a real person behind the identity, and that it's not the same real person who's already been banned, but let the identity itself be what it is. And the service shouldn't just hand out or sell that "real life" link without some good user controls.
Clearly, since name verification is basically impossible, everyone on the planet should be issued a unique ID in a centralized database, to which every other site can link for verification. Oh, sure, there will be some difficulties in the transition, from people obsessed with "freedom" and "privacy" and whatnot.
Oh, hey! Maybe we could issue IPV6 address ranges to everyone. Names and pseudonyms could just be domain-equivalents that decode to your subnet addresses.
Other articles, I think covered here on Slashdot, have discussed a major initiative over the last few years to *identify* existing sites that have been acting as datacenters. Much of the server capacity already existed, but wasn't documented at even the agency level, let alone at the overall Federal level. Obama's Administration didn't quadruple servers; it (leveraging off efforts started under Bush) has made strides toward a coherent datacenter/server policy. Having made progress in identifying resources, they have started identifying redundancies and unnecessary facilities. Certainly, there have been continued purchases. IT is like that. Needs increase and equipment obsolesces.
Slashdot Mirror
The fact that someone was able to access and get out of the NSA systems the range of data that Snowden was apparently able to do was a demonstration of a dramatic failure in security compartmentalization in the NSA. For an ultra-high security setup, the systems administrator needs to have file access to move stuff around, but should not have data access to the internals of the databases. The content people -- analysts and the like -- need to have secure db access to those projects and that data appropriate to their roles, but should not have direct copy access to the files. It sounds like this guy Winter talking about abysmal corporate security would have had a hand in setting up those failed NSA systems. So, is Winter out there talking about how companies should not do as he did?
If God is believed to be omniscient, then only for God is the World deterministic, and thus only God lacks free will.
I recall a friend telling me years ago that when he went to work at Raytheon, he asked why there was a big triangle of the employee parking lot that was unused. It turned out that there was a microwave transmitter pointed that way that was still strong enough in that area that car upholstery and such would break down in just a couple of months of exposure. Hmmm. Not exactly "melting" the cars, but I would want to give that a good wide berth.
Maybe they could put a big sculpture of an ant at the focal point.
When one of the pagers on your ammo belt beeped, did you throw it like a grenade and hide?
Some bags are specifically designed for concealed-yet-ready carry. They're essentially holsters with bags in front of them. Oh, sure, that's not the same as a quick-draw open holster, but if you walk down the street with open carry you'll have people questioning you (and getting the police to question you) constantly.
"...not a way to blast your way out of a confrontation with a cartel." For that, you want something larger than a .22
BFG9000, maybe, though that again gets back to the problem of discreet carry.
Maybe he wasn't doing Matrix, but was doing Highlander instead, and had a katana under his coat.
...or a middle-aged IT guy, which may overlap the other categories. Check for a gray goatee.
Maybe neurofeedback stimulation could make the moron-education process more pleasurable, and the moron-insulting/mocking process less pleasurable.
It was the North Koreans. Supreme Leader Kim kept getting boned within a few minutes of logging in and, being the most awesomest gamer in the world, instructed his people to take down the whole nest of conspiring cheaters.
The squirrel and trebuchet are in the next Agile iteration of the kid's development project. The bikini model is part of the Kickstarter.
But the point of what he was doing appears to be that *he* was providing the "cloud" to *others*. That certainly goes beyond the scope of a "residential" service -- regardless if he was doing it for free or to make money.
Here it is: http://geo.usace.army.mil/pgis/f?p=397:12:
So, you click on it and there's choices like login or "request new username". To get one, you fill in various identifying information, including what kind of organization you're with and why you need access. I expect that responding differently to the type of organization question gets you different levels of access. I expect that the "hack" was that someone lied in answering one or more of the questions, and whoever set up the access gave the person more than appropriate access because there was insufficient credential checking for a higher level of access, or because the person just setup the account without doing some required check. It looks like there's some level of public access allowed, and there's even an available choice of "foreign government" as organization type.
I picture it as someone, possibly foreign national, possibly Chinese, who has some connection to a US University and said he needed access to engineering-level data for failure analysis. Is that a "hack"? Is that an "act of war"?
Except that more typically, the situation is that the actual hiring manager would "like" to see VB skills (or whatever other buzzword), and it's not really all that critical -- especially since a decent programmer can pick it up as necessary -- but might not ever see the resume for that decent programmer who got filtered out by HR. I've done or modified a few VB programs over the years, continuing that example, but it's really not a core skill so I don't mention it on a resume. Another applicant, possibly with far less ability, might have more demonstrated VB experience, or at least more willingness to claim the skill.
I had an accident, I'm already at the hospital
Did the people who "liked" that hospital status start seeing flower delivery services in their sidebar ads?
Worst score 5 post ever!
Worst? That's a pretty competitive category.
Now, see, if eldavojohn couldn't touch type, he probably wouldn't have bothered with this.
Weather IS climate in the same way a point on a curve IS that curve. In other words, not really.
Oh, wait, having typed that, I realize I do have an account that's online only, and they sent me a debit card. It's been in a drawer since about 30 seconds after I got it in the mail.
I pay (almost everything) by credit card, then direct transfer the monthly payment from my bank.
If there's a problem with a charge on your card, would you rather (a) dispute the charge on your credit card, withholding payment until resolved, or (b) dispute the charge and try to get the debit card company to give you money back?
Would you rather (a) hand over to the minimum-wage drone a credit card with a line into the credit card company's account, or (b) hand over a debit card with a direct line into your account?
And checks? My wife pays by check maybe a couple of things a month to people who still for some reason can't take credit card or direct payment. I can't remember the last time I wrote a check.
ATM fees? I can't remember the last time I got caught short by an unexpected cash purchase or lack of planning that I had to hit an ATM other than at my home bank.
These sorts of fees are bad in that they hit poor people who can least afford it. Too poor to have a couple of weeks pay in their checking accounts, if they have an account at all. Too poor to have a "real" credit card, so they have a debit card or use checks. I don't like the idea that BoA (and other big banks) see little value in retaining such customers unless they can gouge them for direct fees, but I can understand how their cold, hard analyses come to this conclusion.
Imagine if you were chatting in a languages you don't know, copy-pasting snippets of text you don't understand in response to other snippets of text you don't understand. Even if you remember what you've copypasted previously, you would still come accross as a lunatic.
That sounds like an awful lot of discussion forums, especially the political ones.
That makes it harder to lose when you put it down. Damn it! where did I put that tablet?? Hey, dude, Skype my tablet so I can see the alert glow.
You've got it right: verify there's a real person behind the identity, and that it's not the same real person who's already been banned, but let the identity itself be what it is. And the service shouldn't just hand out or sell that "real life" link without some good user controls.
Oh, hey! Maybe we could issue IPV6 address ranges to everyone. Names and pseudonyms could just be domain-equivalents that decode to your subnet addresses.
Other articles, I think covered here on Slashdot, have discussed a major initiative over the last few years to *identify* existing sites that have been acting as datacenters. Much of the server capacity already existed, but wasn't documented at even the agency level, let alone at the overall Federal level. Obama's Administration didn't quadruple servers; it (leveraging off efforts started under Bush) has made strides toward a coherent datacenter/server policy. Having made progress in identifying resources, they have started identifying redundancies and unnecessary facilities. Certainly, there have been continued purchases. IT is like that. Needs increase and equipment obsolesces.