With about two hours preparation, the desktop team at my workplace was able to implement this and successfully hack a variety of Windows, Linux and Mac systems.
Firewire is fast and offers some unique capabilities which aren't possible with USB (ie. target disk mode), but leave the computer completely open to hackers.
Firewire gives attackers complete access to the system, and concept code is available that makes it absolutely trivial to compromise any activity happening on any laptop with Firewire. The only way to mitigate the risk of attack is to implement a pre-boot full disk encryption solutions, which Apple does not provide. Third party solutions are available, but are very expensive.
See that widget will languish in a warehouse now, because no one wants to pay 10 times as much as a similar widget from another country. The company that made it won't get any orders for their over priced widget, and they'll go out of business.
That's where government comes in. If you have a 90% tariff on imports like Japan did on cars or the US has on sugar, the domestic product becomes competitive with the cheap import.
Instead, we have a government which protects global business interests instead of the national interest.
You're making the assumption that 1st World versus developing world trade is a free market -- it isn't. Trade is an exchange of goods. The current US trade situation is an example of mercantilism, which has been bleeding the US of wealth for the last 30 years.
It benefits the offshore trading partners when a country like the US stops adding value to products and instead simply consumes. One way trade isn't trade, it's wealth transfer. The Europeans called it colonialism.
When you bought a widget for $1 made within your country, that money contributed to the US economy. The workers, the people who build factories, the people to harvest raw materials, power companies, the sandwich cart, the uniform supplier, etc. You're creating value.
When you buy the same widget for $0.10, you're injecting capital into the offshore trading partner's economy and gaining nothing in return. The offshore economy is adding value and creating wealth.
Just like the other guy who responded to me blaming the unions for all of our ills, you're misidentifying the symptoms with the disease. Immigrants aren't a problem, the problem is that government policy has made it increasingly difficult for low-skill Americans to get appropriate jobs.
The union companies are the last ones left, because the bargaining power of the workers made it more difficult to just fire everyone and move to Mexico, Indonesia or China.
Prices have stayed low because the US has essentially been selling off its assets for the last 30-40 years to pretend that everything's all good. Sorta like getting laid off and selling your furniture so your neighbors don't think you're broke.
What you're saying is that laissez faire economics that favors the plutocrats is preferable to are more logical nationalist or even socialist system.
Thousands of highly skilled workers made shoes in Maine in the 1980's. Today they are chronically underemployed and their communities are in disarray because our society allows Chinese children with an inadequate standard of living to manufacture them instead.
The fallacy that Chinese are only fit for stupid assembly work is just as racist as the notion that African-Americans should be restricted to the fields that was common among white folks in the 19th and early 20th century.
The United States imports millions of laborers from places like Mexico and Guatemala specifically because they are easy to exploit. There are thousands of unemployed, low-skill workers languishing on the streets or eventually in prisons because they have no place to work.
There is a massive gap among the middle-class populations that pay the taxes. Middle class folks have smaller families in order to afford their standards of living, and poorer families tend to have more, but live in cheaper conditions or are subsidized.
The problem isn't the pension, the problem is that while we have "legacy" companies saddled with pension liabilities, we have simultaneously exported most manufacturing to countries to avoid paying fair wages and benefits.
50 years ago, consumer goods were made here, so your money represented an investment in your community, state or country. Today, when you buy something, you benefit employees of the mass retailer, the retailer's shareholders, and a few other players in shipping.
Note that I didn't say "Mexicans are incapable of using computers". I said there were more daily computer users than in several Latin American nations combined.
For various reasons, per capita incomes are lower in Latin America, and computers are expensive. The per capita GDP in Venezuela is $12,000US.... computers are a luxury item at that category.
Vista Bitlocker is good, but has some issues, as it uses Windows authentication, and not pre-boot. Its two-factor system is kinda weak. If you're a small business worried primarily about casual theft, it's a good solution.
TrueCrypt has pre-boot authentication, which is much more secure. But its encryption implementation is not necessarily FIPS certified, and to my knowledge the system doesn't have common criteria certification. For a business user, the ability to recover a key/password is minimal... so use with caution.
PGP/SafeBoot/Pointsec/WinMagic are all commercial FDE applications that work well, but have specific features that matter moer to some people. PGP is nice because its universal server can provide other services like email encryption as well. SafeBoot has robust management, particularly if you are a McAffee AV customer. Pointsec was the only solution that allowed you to force pre-boot authentication after hibernating the PC. They also have a (very expensive) small business option that doesn't require a server. WinMagic has excellent smart-card integration, and integrates well with PKI solutions.
Nope, that's just half the point of SSL. Encryption is the other half of the point.
Encryption is useless without trust. You could use the most powerful encryption system conceived, but if you send the message to the wrong person -- you're still compromised.
And un-signed sites are not blocked at all, and show no warning of any kind. Face it: that is really weird.
Not at all. I don't care about the authenticity of Slashdot posts, so signing or encrypting them is of no value. When I do care about the security and integrity of the data, having some third-party validation of who I am connecting to is essential.
All of the issues brought up against this measure are bunk, laziness, or ignorance of how the trust model works. The system isn't perfect, but its better than the alternative.
Newspapers can get the news wrong. Does that mean that we should only accept news heard via word of mouth?
Even with a minimally verifying SSL provider, the police do have some ability to track a transaction back to a specific individual or company via the payment trail. Or they can use a stolen credit card, which is easy to detect.
IMHO TFA is very much correct this is a problem. The solution is not obvious, because users are used to the lock icon and may not understand the concept that confidentiality and authentication are 2 separate protperties, so how do we design a GUI which does not mislead him.
The people who don't understand this are not IT people who are going to be futzing with self-signed certs, or are IT people who need to clue up and understand the implications of using self-signed certs.
This isn't an IE/Firefox issue. It's about you being too cheap to buy a validated cert while simultaneously being too dumb to force your users to accept your certs.
If you are running your infrastructure with self-signed certs, just put the certs on your clients.
The whole point of SSL is to have some assurance that you are connecting to whom you think you're are connecting to.
While the model of paying a CA to assure your identity is not perfect by any means, ignoring the issue isn't either. Many slashdotters seem to have a hard time getting this.
IMHO, the system in Firefox 3 is superior. While self-signed sites are blocked by default, it is not easier to explicitly trust a self-signed SSL site. In the past, most people would just click past the nag dialog when it popped up.
The "official" US budget numbers are misleading, as they are based on "cash" accounting and do not include a couple of key things, like:
- Special Appropriations (ie. the War)
- Liabilities from Unsecured IOUs (ie. the surpluses from Social Security which are "invested" in a special series of non-marketable treasury bonds)
- The NPV of future expenditures, such as Medicare Part D and Social Security
If you re-ran the 2007 budget using the "accrual" method of accounting that corporations must use, the "official" deficit of $163 billion balloons to over $2.4 trillion dollars -- FOR 2007 ALONE!
The options are limited right now. Hopefully Apple will clue up.
I believe PGP and Checkpoint/Pointsec offer solutions, but I believe they only work with their enterprise solutions.
If someone steals your notebook, they can remove the drive and use a $15 adapter to access all of the unencrypted information on your disk. Or they could use ERD Commander or BartPE to reset your administrator password and access the machine directly. Depending on how clueful the attacker is and how you manage your passwords, your Truecrypt volumes may or may not be secure.
With full-disk encryption, you're not going to be able to even tell that the volume exists. The most affordable FDE for an individual Windows user is probably Vista Ultimate.
Slashdot Mirror
What are they supposed to do? Spend millions to upgrade a spacecraft orbiting the earth for minimal gain?
What about the Voyager probe... what should we do? FedEx doesn't ship to the outer rim of the solar system.
With about two hours preparation, the desktop team at my workplace was able to implement this and successfully hack a variety of Windows, Linux and Mac systems.
All you need is python:
http://www.storm.net.nz/projects/16
Firewire is fast and offers some unique capabilities which aren't possible with USB (ie. target disk mode), but leave the computer completely open to hackers.
Firewire gives attackers complete access to the system, and concept code is available that makes it absolutely trivial to compromise any activity happening on any laptop with Firewire. The only way to mitigate the risk of attack is to implement a pre-boot full disk encryption solutions, which Apple does not provide. Third party solutions are available, but are very expensive.
Court records, including the names of testifying witnesses, are public.
See that widget will languish in a warehouse now, because no one wants to pay 10 times as much as a similar widget from another country. The company that made it won't get any orders for their over priced widget, and they'll go out of business.
That's where government comes in. If you have a 90% tariff on imports like Japan did on cars or the US has on sugar, the domestic product becomes competitive with the cheap import.
Instead, we have a government which protects global business interests instead of the national interest.
You're making the assumption that 1st World versus developing world trade is a free market -- it isn't. Trade is an exchange of goods. The current US trade situation is an example of mercantilism, which has been bleeding the US of wealth for the last 30 years.
Well, you're wrong.
It benefits the offshore trading partners when a country like the US stops adding value to products and instead simply consumes. One way trade isn't trade, it's wealth transfer. The Europeans called it colonialism.
When you bought a widget for $1 made within your country, that money contributed to the US economy. The workers, the people who build factories, the people to harvest raw materials, power companies, the sandwich cart, the uniform supplier, etc. You're creating value.
When you buy the same widget for $0.10, you're injecting capital into the offshore trading partner's economy and gaining nothing in return. The offshore economy is adding value and creating wealth.
Just like the other guy who responded to me blaming the unions for all of our ills, you're misidentifying the symptoms with the disease. Immigrants aren't a problem, the problem is that government policy has made it increasingly difficult for low-skill Americans to get appropriate jobs.
You're confusing the symptoms with the disease.
The union companies are the last ones left, because the bargaining power of the workers made it more difficult to just fire everyone and move to Mexico, Indonesia or China.
Prices have stayed low because the US has essentially been selling off its assets for the last 30-40 years to pretend that everything's all good. Sorta like getting laid off and selling your furniture so your neighbors don't think you're broke.
What you're saying is that laissez faire economics that favors the plutocrats is preferable to are more logical nationalist or even socialist system.
Thousands of highly skilled workers made shoes in Maine in the 1980's. Today they are chronically underemployed and their communities are in disarray because our society allows Chinese children with an inadequate standard of living to manufacture them instead.
The fallacy that Chinese are only fit for stupid assembly work is just as racist as the notion that African-Americans should be restricted to the fields that was common among white folks in the 19th and early 20th century.
The United States imports millions of laborers from places like Mexico and Guatemala specifically because they are easy to exploit. There are thousands of unemployed, low-skill workers languishing on the streets or eventually in prisons because they have no place to work.
There is a massive gap among the middle-class populations that pay the taxes. Middle class folks have smaller families in order to afford their standards of living, and poorer families tend to have more, but live in cheaper conditions or are subsidized.
The problem isn't the pension, the problem is that while we have "legacy" companies saddled with pension liabilities, we have simultaneously exported most manufacturing to countries to avoid paying fair wages and benefits.
50 years ago, consumer goods were made here, so your money represented an investment in your community, state or country. Today, when you buy something, you benefit employees of the mass retailer, the retailer's shareholders, and a few other players in shipping.
Note that I didn't say "Mexicans are incapable of using computers". I said there were more daily computer users than in several Latin American nations combined.
For various reasons, per capita incomes are lower in Latin America, and computers are expensive. The per capita GDP in Venezuela is $12,000US.... computers are a luxury item at that category.
How many Germans use a computer every day?
How many Mexicans, Columbians and Venezuelans use a computer every day?
Vista Bitlocker is good, but has some issues, as it uses Windows authentication, and not pre-boot. Its two-factor system is kinda weak. If you're a small business worried primarily about casual theft, it's a good solution.
TrueCrypt has pre-boot authentication, which is much more secure. But its encryption implementation is not necessarily FIPS certified, and to my knowledge the system doesn't have common criteria certification. For a business user, the ability to recover a key/password is minimal... so use with caution.
PGP/SafeBoot/Pointsec/WinMagic are all commercial FDE applications that work well, but have specific features that matter moer to some people. PGP is nice because its universal server can provide other services like email encryption as well. SafeBoot has robust management, particularly if you are a McAffee AV customer. Pointsec was the only solution that allowed you to force pre-boot authentication after hibernating the PC. They also have a (very expensive) small business option that doesn't require a server. WinMagic has excellent smart-card integration, and integrates well with PKI solutions.
Encryption is useless without trust. You could use the most powerful encryption system conceived, but if you send the message to the wrong person -- you're still compromised.
Not at all. I don't care about the authenticity of Slashdot posts, so signing or encrypting them is of no value. When I do care about the security and integrity of the data, having some third-party validation of who I am connecting to is essential.
All of the issues brought up against this measure are bunk, laziness, or ignorance of how the trust model works. The system isn't perfect, but its better than the alternative.
Newspapers can get the news wrong. Does that mean that we should only accept news heard via word of mouth?
Even with a minimally verifying SSL provider, the police do have some ability to track a transaction back to a specific individual or company via the payment trail. Or they can use a stolen credit card, which is easy to detect.
The people who don't understand this are not IT people who are going to be futzing with self-signed certs, or are IT people who need to clue up and understand the implications of using self-signed certs.
This isn't an IE/Firefox issue. It's about you being too cheap to buy a validated cert while simultaneously being too dumb to force your users to accept your certs.
If you are running your infrastructure with self-signed certs, just put the certs on your clients.
The whole point of SSL is to have some assurance that you are connecting to whom you think you're are connecting to.
While the model of paying a CA to assure your identity is not perfect by any means, ignoring the issue isn't either. Many slashdotters seem to have a hard time getting this.
IMHO, the system in Firefox 3 is superior. While self-signed sites are blocked by default, it is not easier to explicitly trust a self-signed SSL site. In the past, most people would just click past the nag dialog when it popped up.
The "official" US budget numbers are misleading, as they are based on "cash" accounting and do not include a couple of key things, like:
- Special Appropriations (ie. the War)
- Liabilities from Unsecured IOUs (ie. the surpluses from Social Security which are "invested" in a special series of non-marketable treasury bonds)
- The NPV of future expenditures, such as Medicare Part D and Social Security
If you re-ran the 2007 budget using the "accrual" method of accounting that corporations must use, the "official" deficit of $163 billion balloons to over $2.4 trillion dollars -- FOR 2007 ALONE!
Don't take my word for it -- read the reports from the US Treasury or read the testimony and presentations given by the former Comptroller of the Currency.
The options are limited right now. Hopefully Apple will clue up. I believe PGP and Checkpoint/Pointsec offer solutions, but I believe they only work with their enterprise solutions.
If someone steals your notebook, they can remove the drive and use a $15 adapter to access all of the unencrypted information on your disk. Or they could use ERD Commander or BartPE to reset your administrator password and access the machine directly. Depending on how clueful the attacker is and how you manage your passwords, your Truecrypt volumes may or may not be secure.
With full-disk encryption, you're not going to be able to even tell that the volume exists. The most affordable FDE for an individual Windows user is probably Vista Ultimate.
Fire everyone who makes more than $110,000/year, adjusted to a cost of living index.
Eliminate the requirement for a master's degree in education, and replace it with a three year apprenticeship for prospective teachers.
Put a ten year moratorium on school construction, and mandate a reasonable maintenance budget for all school buildings.
Oh, and for the Mac people out there -- encryption means full disk encryption. Not FileVault.
There's no competition -- Olympic vendors are given monopolies.
Nonsense. The infrastructure required for DSL is cheap, and Chinese are clamoring for broadband access.
China isn't a bunch of peasants with pointy hats anymore.... salaries in places like Beijing are competitive with Westerners now.