Where? Yes, I see them on TV, but not on the street. Where the hell are they hiding them and only parading them out when they need to fill a few minutes in the news?
It may be the distance, but from over here in Europe all your politicians look very interchangeable. They basically all say the same shit. And, frankly, the 8 years of Obama have not been really different from the 8 years Bush before.
The Marshall Plan was a win-win-win situation. First, the US companies got rid of their overproduction after the war. Second, it was a good propaganda stunt to make the US look more appealing than the USSR. And finally it did actually help the destroyed countries because they had no infrastructure to build that crap themselves.
But, frankly, that last part was just the icing on the cake. Not the cake itself.
Tradition. It worked so well in the past and we had to realize that the only way to ensure we can pump money into more weapons without using them is an enemy that can meet us at eye level.
Everyone who has less to lose than us might just decide that they use the weapons instead of just waving them at us.
No, but making you responsible for killing people sure kept people from doing so. At least it worked for me, since there are quite a few people who are just only alive anymore 'cause they ain't worth a second of jail time.
Odd. There are so many machines connected to the internet and so few of them are being hijacked to participate in the DDoS. Wouldn't it be far more useful for the attacker to use all of them? After all, it's impossible to secure them.
If this was so simple, you'd see spam blacklists being used that way. Wonder why that doesn't happen...? Right, because you have to spam to get on the list! And to get on the new list, you'd have to have an insecure IoT device in your house.
Still, it's not a good solution. Spamming blacklists hit email providers who better are professionals (and if not, it's a DAMN GOOD idea to block them anyway), while IoT users are primarily private people. You cannot expect them to do a full audit of every piece of junk they buy.
It's time to put the burden on the makers of those shoddy devices, not expect a CS degree from anyone who wants to use one.
So you punish them twice, first by having an insecure device and then by paying the fine for it, too?
To force the omnipresent car analogy, you think VW drivers should be punished for the CO2 trickery of Volkswagen because they didn't check that their cars aren't manipulating the tests?
It's been said before here, so allow me to offer a "how" for the obvious and already mentioned "secure the damn crap people hook up to the net".
This will only work with legislature. Sorry to all my libertarian friends here, but yes, there are times when the only way to sort out a problem is government intervention. These times are when you have to force people to do something for the "greater good" when they themselves would have a (smaller) profit from not giving a shit. And if there has ever been a good example, it's this. People don't give a shit about their IoT devices being insecure, because it does not affect them directly, but these insecure devices threaten the usability of the internet for all of us.
This is one of the reasons organizations like the FCC were created. Remember that sticker? Few people notice it nowadays because, well, it's a given that devices don't create harmful interference and that they don't go bananas if they are subject to any, but this was anything but certain in the early days of electronics. And no, that sticker itself doesn't do jack, of course, but it is a promise that the manufacturer has to live up to or face a heavy fine and ban of his device.
We need something like this for the IoT devices. "This device will not cause trouble on the internet and cannot be hijacked from there". Live up to it or see your device recalled. It pains me to ask for this, but it's time to create a government entity that deals with this. Or maybe hand it to the FCC so they start doing something useful again.
Pretty much this. Aren't these the FIRST areas where I'd WANT a personalized gun? Rifles that cannot be looted by the enemy and be used against you? Undeniable proof who used the pistol to fire the shot in a shootout in a seedy neighborhood?
That is where anyone who puts his money where his mouth is would WANT such personalized and traceable guns.
Because I would expect my professional to be at the level of current science and technology. I do expect my mechanic to think that sand isn't the best lubricant for my gear box, I do expect my doctor to know that it's not a good idea to sprinkle holy water that he got from the holy pond in his garden into my open chest wound and I do expect my IT security guy to know that it's not a good idea to let the new server sit on the ley line in front of our HQ for a night to absorb the good energies.
If you want to believe that, great. But get out of your field of work before you do. If you want to offer "alternative" stuff, move into that profession instead. I am sure there is a market for that too, else people would not have invented that snake oil. But if you are my nurse and responsible for working on my child, I do fucking EXPECT you to give him or her that MMR shots and not avoid it because you "don't believe in it".
Because people are stupid and don't understand statistics.
An example: Imagine there is an ultra rare disease that one in 100 million people gets. Now imagine there is a test for it with a 0.001% error margin (i.e. 0.001% of test results are false).
You can have us for a little over 1000 a day. And you can find a LOT of security flaws in a day. I dare say hiring a pentester for 2 days can close 80% of your security holes, and since they're going for the same low hanging fruits that black hats go for, this should make you safe, unless you're a high profile target where someone really, really, really wants to hack you and is willing and able to spend the time for that.
Remind me, what was the difference between China and the US again? From your description I don't see one.
Where? Yes, I see them on TV, but not on the street. Where the hell are they hiding them and only parading them out when they need to fill a few minutes in the news?
It may be the distance, but from over here in Europe all your politicians look very interchangeable. They basically all say the same shit. And, frankly, the 8 years of Obama have not been really different from the 8 years Bush before.
You convinced me.
Vote Trump!
"Invite" is cute. But hey, guess what, the former East Bloc countries also "invited" Russia!
But even the Brits eventually got to their senses.
Is the color still all wonky and wrong?
The Marshall Plan was a win-win-win situation. First, the US companies got rid of their overproduction after the war. Second, it was a good propaganda stunt to make the US look more appealing than the USSR. And finally it did actually help the destroyed countries because they had no infrastructure to build that crap themselves.
But, frankly, that last part was just the icing on the cake. Not the cake itself.
Well, in a world wide comparison, we pretty much all ARE the 1%...
Nah, we'll just keep on hating it for wasting more resources of the planet than the rest of it combined uses.
Tradition. It worked so well in the past and we had to realize that the only way to ensure we can pump money into more weapons without using them is an enemy that can meet us at eye level.
Everyone who has less to lose than us might just decide that they use the weapons instead of just waving them at us.
More CPU power for the next DDoS.
No, but making you responsible for killing people sure kept people from doing so. At least it worked for me, since there are quite a few people who are just only alive anymore 'cause they ain't worth a second of jail time.
So... every time I buy a car it's a gamble whether I get to pay for the crimes of its maker.
Better play it safe and not buy a new car. Ever.
Because they hold us by the balls and own an increasing portion of our companies.
Next question?
Odd. There are so many machines connected to the internet and so few of them are being hijacked to participate in the DDoS. Wouldn't it be far more useful for the attacker to use all of them? After all, it's impossible to secure them.
If this was so simple, you'd see spam blacklists being used that way. Wonder why that doesn't happen...? Right, because you have to spam to get on the list! And to get on the new list, you'd have to have an insecure IoT device in your house.
Still, it's not a good solution. Spamming blacklists hit email providers who better are professionals (and if not, it's a DAMN GOOD idea to block them anyway), while IoT users are primarily private people. You cannot expect them to do a full audit of every piece of junk they buy.
It's time to put the burden on the makers of those shoddy devices, not expect a CS degree from anyone who wants to use one.
So you punish them twice, first by having an insecure device and then by paying the fine for it, too?
To force the omnipresent car analogy, you think VW drivers should be punished for the CO2 trickery of Volkswagen because they didn't check that their cars aren't manipulating the tests?
DDoSing being illegal doesn't mean jack. You think someone sitting in Generistan gives a rat's ass about your laws?
It's been said before here, so allow me to offer a "how" for the obvious and already mentioned "secure the damn crap people hook up to the net".
This will only work with legislature. Sorry to all my libertarian friends here, but yes, there are times when the only way to sort out a problem is government intervention. These times are when you have to force people to do something for the "greater good" when they themselves would have a (smaller) profit from not giving a shit. And if there has ever been a good example, it's this. People don't give a shit about their IoT devices being insecure, because it does not affect them directly, but these insecure devices threaten the usability of the internet for all of us.
This is one of the reasons organizations like the FCC were created. Remember that sticker? Few people notice it nowadays because, well, it's a given that devices don't create harmful interference and that they don't go bananas if they are subject to any, but this was anything but certain in the early days of electronics. And no, that sticker itself doesn't do jack, of course, but it is a promise that the manufacturer has to live up to or face a heavy fine and ban of his device.
We need something like this for the IoT devices. "This device will not cause trouble on the internet and cannot be hijacked from there". Live up to it or see your device recalled. It pains me to ask for this, but it's time to create a government entity that deals with this. Or maybe hand it to the FCC so they start doing something useful again.
Pretty much this. Aren't these the FIRST areas where I'd WANT a personalized gun? Rifles that cannot be looted by the enemy and be used against you? Undeniable proof who used the pistol to fire the shot in a shootout in a seedy neighborhood?
That is where anyone who puts his money where his mouth is would WANT such personalized and traceable guns.
At least if you are a professional in a field.
Because I would expect my professional to be at the level of current science and technology. I do expect my mechanic to think that sand isn't the best lubricant for my gear box, I do expect my doctor to know that it's not a good idea to sprinkle holy water that he got from the holy pond in his garden into my open chest wound and I do expect my IT security guy to know that it's not a good idea to let the new server sit on the ley line in front of our HQ for a night to absorb the good energies.
If you want to believe that, great. But get out of your field of work before you do. If you want to offer "alternative" stuff, move into that profession instead. I am sure there is a market for that too, else people would not have invented that snake oil. But if you are my nurse and responsible for working on my child, I do fucking EXPECT you to give him or her that MMR shots and not avoid it because you "don't believe in it".
Right. Drive as far away as you can, 80% of all traffic accidents happen within 50 miles of the home of the driver!
Because people are stupid and don't understand statistics.
An example: Imagine there is an ultra rare disease that one in 100 million people gets. Now imagine there is a test for it with a 0.001% error margin (i.e. 0.001% of test results are false).
Is that test worth anything?
You can have us for a little over 1000 a day. And you can find a LOT of security flaws in a day. I dare say hiring a pentester for 2 days can close 80% of your security holes, and since they're going for the same low hanging fruits that black hats go for, this should make you safe, unless you're a high profile target where someone really, really, really wants to hack you and is willing and able to spend the time for that.