We need someone with some sense running this show. Instead we have Michael Cherthoff.
Actually, we have Janet Napolitano. Barack Obama replaced Chertoff with her as soon as he was inaugurated.
Did you see this story from the beginning of the year: http://www.infowars.com/chertoff-linked-to-body-scanner-manufacturer/ ? Cherthoff, while serving as a key government official, also runs a private consulting company one of whose clients is - the body scanner manufacturer.
Yeah, that's pretty shifty. I'm glad the current administration, if equally incompetent, is at least less corrupt. As far as we know, that is....
Ask any bouncer at a strip club: The first few weeks they couldn't stop looking, but after awhile, a naked woman can walk right past them and it barely registers because it's not new anymore. Happens all the time. And they are focused on the job now.
If only TSA screeners displayed as much professionalism as bouncers in strip clubs.
The only measure which has successfully prevented a terrorist attack since the '01 hijackings is the increased vigilance and response of the flying public.
False. The only measure which has successfully prevented a terrorist attack since 9-11-2001 has been catching plotters before they even get to the airport. The increased vigilance and response of the flying public has not stopped any attacks in the US. If you're thinking of the underwear bomber, his attack was already foiled by his own equipment failing by the time the flying public had a chance to do anything.
The only reason this raises any concerns at all is because people want to take personal devices that they pay for and then submit to company control over those devices.
Ummm...I don't think they want to submit to company control over their device, I think they don't actually realize that's what they're doing. I think they want to connect their personal devices to their work email and nobody tells them, "yeah, but you gotta let work root your device in order to do that."
It's just like having a personal laptop. Would you bind your personal machine to the company's AD environment, giving them full administrative control? No? Then don't use your personal machine on their network. Use a company-provided machine, or a work-dedicated machine that you can write off on your tax return.
I use my personal machine at work every day. I connect via standard protocols like ssh and smb, and never give up admin control, nor would I ordinarily do so. If they explicitly asked me to, I would say no, buy me a company machine instead, but if they said, "hey, if you install this software you can connect to our email servers" I don't really think it would occur to me to go check if the ordinary behavior of that software gives them root on my box. That wouldn't even occur to me.
If you don't want to risk such things happening, don't mix business and personal.
Laptop, VPN, Cell Phone, etc. Keep your life separate from your work. Don't do work on personal equipment, and don't use work equipment for things you want kept private.
If you chose to mix them (for convenience) then understand the risk.
Yeah, 'cuz creepy backdoor capabilities surreptitiously placed into standard-issue corporate software is the natural risk of mixing work equipment with personal equipment, duh. This guy was just as dumb as that kid in Pennsylvania who took his school-issued laptop home and didn't expect to be videorecorded and monitored by the school. Idiots.
Anyone who doesn't have at least 2 phones and at least 2 laptops is also an idiot.
I don't think most folks are shocked at the remote wipe capability - they just expected that it would be confined to the exchange data only, not the MP3's, games, photos, etc.
Exactly. All the people saying "it's the company's data, don't like getting it wyped? tough!" should take heed of this point.
It's the company's data, not your personal data, and they have measures in place to protect it.
No it's not. He was talking about them wiping all your personal data. "Measures in place" to protect company's data that also wipe your personal data are a bit creepy.
We have the same policy and will only allow smart phones to connect to exchange when they have the remote wipe capability. It's to protect the company's interests should a phone be lost or stolen. When the users sign up for ActiveSync they have to "read" the terms and conditions where it states that it may be remotely wiped. I don't think most people read it but when you think about the type of proprietary (and often confidential) data your email inbox has, you have to understand why the company does it.
Even so, I wouldn't give my employer the capacity to remotely wipe my notebook PC's hard drive, and all the same proprietary and often confidential data is in my PC's email inbox.
Dude, if the server served the request, he went in the front door. Servers are, as you say, unthinking hunks of metal, but it is trivial, absolutely trivial, to give a server like this a rule that would have rejected his requests while allowing paying customers in. Literally millions of servers around the world do this trivial function every day. If you can't figure out how, then you should rescind your previous statement "I'm not misinformed at all, I know perfectly well how the HTTP protocol works" and admit that you're generally full of shit.
I use a lot of different OS platforms on a daily basis (Win, Mac, Linux, BSD...) for different purposes, but Linux is *NOT* making inroads on the desktop after 15 years (or more) of being there.
Tell that to my dad, my sister, and my wife.
But the fact that every single one of your sexual partners uses Linux could just be a coincidence.
This doesn't solve the problem of people going around the security, which was the entire point of my example.
But nobody went around security. We're talking about a guy who went up to the bouncer and was told, "yeah, you can go in" and who later got arrested for trespassing (in the terms of our analogy), and you're essentially arguing that this is legit because if the guard had said no, he could have potentially snuck in. Because he could have snuck in, he must be a criminal for going in the front door with permission!
You're misinformed about how the internet works. The requesting browser _asks_ for content based on a URL. The server provides that content based on the permissions set in the server.
Imagine if you hired a security firm to work the gate at your private party...People you didn't know came to the gate, asked to get in, and YOUR security firm let them in based on your instructions...If you can't hand out tickets, or have the guard check IDs of of a guest list, it's YOUR problem for being an idiot.
I'm not misinformed at all, I know perfectly well how the HTTP protocol works. Servers are not intelligent in the same way a person is, they can't make informed decisions based on situations they aren't explicitly programmed for.
So explicitly program them to ask for a ticket, and otherwise deny access. Problem solved.
Wait...did you just tell us that in Sweden muggers are preemptively killed by fields of light from the sky? Egad, we need that technology here! How does it work? Does it use quantum physics?
The only way the court could reach such a poor decision would be through bad legal arguments and a lack of understanding of how the world wide web works.
There used to be a time when you'd be able to read a story like this, shake your head, smirk and say/think to yourself: "Only in America".
Stupid laws are one of our biggest exports here in the States. When it comes to generating laws that protect corporations at the expense of consumers, the US is the world leader.
To borrow from George Carlin, we're really good at that, and blowing things up. Especially where there's brown people.
Slashdot Mirror
I did not call anyone an idiot... although you did, repeatedly.
You're right, I'm more blunt than you are.
I've got news for you... even straight females and gay males stare at freakishly large breasts!
...and even straight males and gay females make fun of freakishly small penises...
We need someone with some sense running this show. Instead we have Michael Cherthoff.
Actually, we have Janet Napolitano. Barack Obama replaced Chertoff with her as soon as he was inaugurated.
Did you see this story from the beginning of the year: http://www.infowars.com/chertoff-linked-to-body-scanner-manufacturer/ ? Cherthoff, while serving as a key government official, also runs a private consulting company one of whose clients is - the body scanner manufacturer.
Yeah, that's pretty shifty. I'm glad the current administration, if equally incompetent, is at least less corrupt. As far as we know, that is....
If I were him, I'd take that as a compliment.
Ask any bouncer at a strip club: The first few weeks they couldn't stop looking, but after awhile, a naked woman can walk right past them and it barely registers because it's not new anymore. Happens all the time. And they are focused on the job now.
If only TSA screeners displayed as much professionalism as bouncers in strip clubs.
The only measure which has successfully prevented a terrorist attack since the '01 hijackings is the increased vigilance and response of the flying public.
False. The only measure which has successfully prevented a terrorist attack since 9-11-2001 has been catching plotters before they even get to the airport. The increased vigilance and response of the flying public has not stopped any attacks in the US. If you're thinking of the underwear bomber, his attack was already foiled by his own equipment failing by the time the flying public had a chance to do anything.
Modded off-topic? Bizarre. Grammar jokes are the heart and soul of Slashdot.
No, posters that think they're being clever while confusing grammar with semantics are the heart and soul of Slashdot.
The only reason this raises any concerns at all is because people want to take personal devices that they pay for and then submit to company control over those devices.
Ummm...I don't think they want to submit to company control over their device, I think they don't actually realize that's what they're doing. I think they want to connect their personal devices to their work email and nobody tells them, "yeah, but you gotta let work root your device in order to do that."
It's just like having a personal laptop. Would you bind your personal machine to the company's AD environment, giving them full administrative control? No? Then don't use your personal machine on their network. Use a company-provided machine, or a work-dedicated machine that you can write off on your tax return.
I use my personal machine at work every day. I connect via standard protocols like ssh and smb, and never give up admin control, nor would I ordinarily do so. If they explicitly asked me to, I would say no, buy me a company machine instead, but if they said, "hey, if you install this software you can connect to our email servers" I don't really think it would occur to me to go check if the ordinary behavior of that software gives them root on my box. That wouldn't even occur to me.
was the first mistake.
If your employer wants you to read work email on a mobile device, make them issue one.
Yeah, that'll go over real well. "I won't do my job until you buy me a smartphone!"
If you don't want to risk such things happening, don't mix business and personal.
Laptop, VPN, Cell Phone, etc. Keep your life separate from your work. Don't do work on personal equipment, and don't use work equipment for things you want kept private.
If you chose to mix them (for convenience) then understand the risk.
Yeah, 'cuz creepy backdoor capabilities surreptitiously placed into standard-issue corporate software is the natural risk of mixing work equipment with personal equipment, duh. This guy was just as dumb as that kid in Pennsylvania who took his school-issued laptop home and didn't expect to be videorecorded and monitored by the school. Idiots.
Anyone who doesn't have at least 2 phones and at least 2 laptops is also an idiot.
I don't think most folks are shocked at the remote wipe capability - they just expected that it would be confined to the exchange data only, not the MP3's, games, photos, etc.
Exactly. All the people saying "it's the company's data, don't like getting it wyped? tough!" should take heed of this point.
Is it just me or does the iphone in the picture of the article look really small? Or the person has really large hands?
Dammit! There you go forcing me to RTFA!
It's the company's data, not your personal data, and they have measures in place to protect it.
No it's not. He was talking about them wiping all your personal data. "Measures in place" to protect company's data that also wipe your personal data are a bit creepy.
We have the same policy and will only allow smart phones to connect to exchange when they have the remote wipe capability. It's to protect the company's interests should a phone be lost or stolen. When the users sign up for ActiveSync they have to "read" the terms and conditions where it states that it may be remotely wiped. I don't think most people read it but when you think about the type of proprietary (and often confidential) data your email inbox has, you have to understand why the company does it.
Even so, I wouldn't give my employer the capacity to remotely wipe my notebook PC's hard drive, and all the same proprietary and often confidential data is in my PC's email inbox.
I want some of that.
It's available in lots of countries, but only China can provide it in high mountain areas.
If your garage door responded by Fedexing me the contents of the garage, this might be an apt analogy.
Dude, if the server served the request, he went in the front door. Servers are, as you say, unthinking hunks of metal, but it is trivial, absolutely trivial, to give a server like this a rule that would have rejected his requests while allowing paying customers in. Literally millions of servers around the world do this trivial function every day. If you can't figure out how, then you should rescind your previous statement "I'm not misinformed at all, I know perfectly well how the HTTP protocol works" and admit that you're generally full of shit.
I use a lot of different OS platforms on a daily basis (Win, Mac, Linux, BSD...) for different purposes, but Linux is *NOT* making inroads on the desktop after 15 years (or more) of being there.
Tell that to my dad, my sister, and my wife.
But the fact that every single one of your sexual partners uses Linux could just be a coincidence.
Not a fact. My asian hooker uses pirated Windows.
This doesn't solve the problem of people going around the security, which was the entire point of my example.
But nobody went around security. We're talking about a guy who went up to the bouncer and was told, "yeah, you can go in" and who later got arrested for trespassing (in the terms of our analogy), and you're essentially arguing that this is legit because if the guard had said no, he could have potentially snuck in. Because he could have snuck in, he must be a criminal for going in the front door with permission!
You're misinformed about how the internet works. The requesting browser _asks_ for content based on a URL. The server provides that content based on the permissions set in the server.
Imagine if you hired a security firm to work the gate at your private party...People you didn't know came to the gate, asked to get in, and YOUR security firm let them in based on your instructions...If you can't hand out tickets, or have the guard check IDs of of a guest list, it's YOUR problem for being an idiot.
I'm not misinformed at all, I know perfectly well how the HTTP protocol works. Servers are not intelligent in the same way a person is, they can't make informed decisions based on situations they aren't explicitly programmed for.
So explicitly program them to ask for a ticket, and otherwise deny access. Problem solved.
Wait...did you just tell us that in Sweden muggers are preemptively killed by fields of light from the sky? Egad, we need that technology here! How does it work? Does it use quantum physics?
The only way the court could reach such a poor decision would be through bad legal arguments and a lack of understanding of how the world wide web works.
I think they listened to this guy.
If we have the original link, perhaps we can cause a bit of Streisand effect.
RTFA, FFS.
It was a sports broadcast, three years ago.
What, you don't watch 3-year-old Swedish sports? What is wrong with you?
There used to be a time when you'd be able to read a story like this, shake your head, smirk and say/think to yourself: "Only in America".
Stupid laws are one of our biggest exports here in the States. When it comes to generating laws that protect corporations at the expense of consumers, the US is the world leader.
To borrow from George Carlin, we're really good at that, and blowing things up. Especially where there's brown people.