...you are accepting responsibility for their actions.
No, I'm not.
I think that your analogy is wrong. It's more like if my wife gets caught speeding in our (community property) car. I don't get a ticket. I don't agree to show up in court. She has to accept responsibility for her actions. I am not bound by any agreement that she makes (Like: "Yes, officer I'll slow down...").
That is closer to the EULA that she agrees to on our (community property) computer. I don't know if an agreement was offered/made. And I have no idea what the contents of the agreement is. How does any court figure that I'm bound to the EULA?
My wife might have played one of these Sony CDs on our computer. I didn't agree to the Sony EULA. But I'm the one who will have to spend my time cleaning up Sony's mess.
That is one point that I've never seen a good answer to: On PC's used by more than one person, there is only one person that "agreed" to the EULA.
How can the EULA be applied to the other users who may not even know that the EULA exists (let alone what is says)?
So set them up, and trust that any user competent enough to change them back knows not to run the offending control.
A single click on "Default Level" is all it takes to wipe out secure browser settings. User competence has nothing to do with it. The MS browser is insecure by default. And an "offending control" is not a easy determination (until it's too late). Many innocent looking web sites are sponsored by adware vendors.
So use a better e-mail client...
Refer to my comment on entering the corporate world.
Perhaps you could give us an example where another OS undermines the requests of another piece of software to access generic system data?
Most OS's do not allow generic system data to be altered by a process spawned by a user account. Even without Admin rights, the MS OS gives far too much access to the registry.
If you would get out of your mother's basement and into the corportate world you might understand why what you said is BS.
Your comments have nothing to do with having a fully patched and up to date Windows systems (with an anti-virus package and firewall).
To prevent untrusted ActiveX controls from running requires non-default browser settings. And the settings are not lockable.
To prevent a virus from "pamelasbreasts.jpg.vbs" requires non-default file type settings. Which are also not lockable. No user of mine will get a virus from a.vbs file because I've configured that file type to open with NotePad. A fully patched version of Windows is no defense against that virus.
Yes, I have been a victim of a security flaw in an application. That application is Outlook. The security flaw is the preview pane. Why doesn't the Microsoft OS have code that says "Hmmm, why is this process, spawned from an email application, trying to muck with the registry...."
In summary: Windows is inherently vulnerable. A fully patched and up to date Windows systems (with an anti-virus package and firewall) is not enough to secure a system.
Windows is inherently vulnerable. I consider that a fact.
I've recently had fully patched and up to date Windows systems (with an anti-virus package and firewall) get spyware loaded on them via Active X. Granted, spyware is not a virus or a worm, but it's a security breach.
In the past, I've had fully patched and up to date Windows systems (with an anti-virus package and firewall) get a virus before the my anti-virus vendor had a signature for the virus.
To say that it only happens to clueless people with unpatched machines is a lie. And no Microsoft fanboy is gonna change that.
To be honest, everyone I know with a yacht in deep waters already carries decent guns for protection. It is pretty easy to dump them if you're boarded by a coast guard or naval vessel.
I guess that you've never been boarded. I have. After that experience, I wouldn't take the chance of getting caught with an illegal gun. You're under constant surveillance from the momement they decide that your boat looks interesting. You might not have any idea that a cutter is approaching until it's right in front of you. They can come up real fast on a yacht puttering along at five knots.
You *might* have the opportunity to go below and dig out your illegal gun. You *might* have the opportunity to toss it out a port hole on the lee side of the boarding party. But don't count in it.
On the other hand, I've had friends who were attacked by pirates off the coast of Venezuela. It was a close call for them.
I suggest keeping plenty of flares stocked for a flaregun and travel in groups when possible...
1) Buy clothes that are no longer new 2) Sell them 3) Profit 4) Name business "Thrift Store"
... funny how business works.
Maybe Sun should study this model:
1) Sell cheap low priority CPU time on a grid system that nobody is using 2) No profit 3) Raise prices until the customers/costs/profits are balanced to favor profits 4) Profit
Macrovision copy protection works by adding certain codes to these control lines that are interpreted by an Automatic Gain Control chip
Which is why I love my old Panasonic VHR that has no Automatic Gain Control chip. I almost threw it out when I got a new Sony VHR a few years ago. I easily make copies of Macrovision (Disney) movies for my kids (without 10 minutes of promos and trailers).
The fact that all modern VHR's have these chips lead me to believe that the industry is quite capable in producing hardware DRM which is not breakable by any other consumer electronic product. We'll have to use illegal black boxes to break DRM.
The Federalist Papers were very antisocial and also very anonymous. The articles were written by James Madison, Alexander Hamilton, and John Jay, under the pseudonym "Publius". http://en.wikipedia.org/wiki/Federalist_Papers
Hell, the whole American revolution was started by anonymous antisocial people.
I disagree that there has to be some control on speech.
I speak the word "fire" in a crowed movie theaters all of the time and nothing bad happens. I'm not screaming, I'm whispering to my friend, so there is no panic. Why should I be punished?
Learn the difference between speech and action. Speech should not be regulated. Action should be regulated.
I wish our congress critters would learn that too.
Years ago (I'm talking the 1970's here folks), the credit card companies had anti-fraud units that would circulate and track credit cards with "tripwire" numbers that they let fall into the hands of crooks. Do you think that a lot of crooks where caught? No. Most local law enforcement had little interest chasing petty fraudsters for a credit card company halfway across the country. Not unless the crooks were so big that they attracted the attention of a big city bunko squad.
In the year 2005, credit card companies could use coded credit card numbers to catch phishers. They don't bother.
Banks could use tripwire accounts to catch phishers. They don't.
Do you really think that law enforcement is ready to catch phishers? A lot of spam cases are in civil count, not criminal court. The law and law enforcement lag far behind on Internet issues.
True that every website you view is a copy of the orginal content sent to your computer, but my point was that each individual page copied is considered a fair use.
If I browse the New York Times web site and view (copy) a some pages, I am a long way from making an entire copy the the New York Times web site.
Google plans to make entire digital copies of all the books they intend to index.
Because in order for Google to index it, they have to create a digital *copy* of the entire work. The problem is that they don't have the right to make an entire copy.
I think that the decision in mp3.com is going to burn Google.
Google can index entire web sites without creating a copy of them.
Yes, Google copies copyrighted pieces of web sites all of the time for it's cache. But Google does not recreate the entire web site. I think that each individual page copied is considered a fair use.
I normally uncheck "Allow web sites to install software". Because it reminds me of the horrors of ActiveX.
I knew that I had to check it to install a new Firefox extensions, but I never suspected it was messing up the many Firefox updates that never worked. I would try getting Firefox updates over and over until I gave up and did a fresh downloaded.
I want to take action, up to and including unplugging a machine until a patch is released. While such a drastic action may hurt in the short term, it's far better than allowing a cracker access to my system.
We are action takers. We know that to keep a system secure, frequent action is needed.
The problem, as I see it, is that many security people want to coddle the "no action takers". The "no action takers" become sitting ducks when an exploit is found and every cracker is informed.
Tough shit.
I don't my systems cracked because of a foolish notion that everyone (in total) is more secure if only a few, highly skilled, crackers can access vulnerable systems.
Even if you could change your oil as fast as Quicky Lube, the time it takes you to clean up after "getting dirty" could easily double your overall time spent.
There are lots of subtle time sinks that most TCO studies do not address either.
If your credit card had a passphrase, password, or a PIN, this company would have just recorded, and lost, that too.
According to what I read, this company recorded the card secuity code (the three or four digit number on the back the your card that "proves" that the card is physically in your possession).
The whole idea of the security code number is that it's *never* suppposed to be recorded, only authenticated.
In this case, the problem is not "a number" or n-factor authentication. The problem is a company that recorded sensitive data without having the security needed to protect it from loss. And there are a lot of similar companies out there.
Slashdot Mirror
...you are accepting responsibility for their actions.
No, I'm not.
I think that your analogy is wrong. It's more like if my wife gets caught speeding in our (community property) car. I don't get a ticket. I don't agree to show up in court. She has to accept responsibility for her actions. I am not bound by any agreement that she makes (Like: "Yes, officer I'll slow down...").
That is closer to the EULA that she agrees to on our (community property) computer. I don't know if an agreement was offered/made. And I have no idea what the contents of the agreement is. How does any court figure that I'm bound to the EULA?
My wife might have played one of these Sony CDs on our computer. I didn't agree to the Sony EULA. But I'm the one who will have to spend my time cleaning up Sony's mess.
That is one point that I've never seen a good answer to: On PC's used by more than one person, there is only one person that "agreed" to the EULA.
How can the EULA be applied to the other users who may not even know that the EULA exists (let alone what is says)?
Anyone? Anyone? Bueller?
So set them up, and trust that any user competent enough to change them back knows not to run the offending control.
A single click on "Default Level" is all it takes to wipe out secure browser settings. User competence has nothing to do with it. The MS browser is insecure by default. And an "offending control" is not a easy determination (until it's too late). Many innocent looking web sites are sponsored by adware vendors.
So use a better e-mail client...
Refer to my comment on entering the corporate world.
Perhaps you could give us an example where another OS undermines the requests of another piece of software to access generic system data?
Most OS's do not allow generic system data to be altered by a process spawned by a user account. Even without Admin rights, the MS OS gives far too much access to the registry.
If you would get out of your mother's basement and into the corportate world you might understand why what you said is BS.
.vbs file because I've configured that file type to open with NotePad. A fully patched version of Windows is no defense against that virus.
Your comments have nothing to do with having a fully patched and up to date Windows systems (with an anti-virus package and firewall).
To prevent untrusted ActiveX controls from running requires non-default browser settings. And the settings are not lockable.
To prevent a virus from "pamelasbreasts.jpg.vbs" requires non-default file type settings. Which are also not lockable. No user of mine will get a virus from a
Yes, I have been a victim of a security flaw in an application. That application is Outlook. The security flaw is the preview pane. Why doesn't the Microsoft OS have code that says "Hmmm, why is this process, spawned from an email application, trying to muck with the registry...."
In summary: Windows is inherently vulnerable.
A fully patched and up to date Windows systems (with an anti-virus package and firewall) is not enough to secure a system.
And I still think that you're a Microsoft fanboy.
Windows is inherently vulnerable. I consider that a fact.
I've recently had fully patched and up to date Windows systems (with an anti-virus package and firewall) get spyware loaded on them via Active X. Granted, spyware is not a virus or a worm, but it's a security breach.
In the past, I've had fully patched and up to date Windows systems (with an anti-virus package and firewall) get a virus before the my anti-virus vendor had a signature for the virus.
To say that it only happens to clueless people with unpatched machines is a lie. And no Microsoft fanboy is gonna change that.
To be honest, everyone I know with a yacht in deep waters already carries decent guns for protection. It is pretty easy to dump them if you're boarded by a coast guard or naval vessel.
I guess that you've never been boarded. I have. After that experience, I wouldn't take the chance of getting caught with an illegal gun. You're under constant surveillance from the momement they decide that your boat looks interesting. You might not have any idea that a cutter is approaching until it's right in front of you. They can come up real fast on a yacht puttering along at five knots.
You *might* have the opportunity to go below and dig out your illegal gun. You *might* have the opportunity to toss it out a port hole on the lee side of the boarding party. But don't count in it.
On the other hand, I've had friends who were attacked by pirates off the coast of Venezuela. It was a close call for them.
I suggest keeping plenty of flares stocked for a flaregun and travel in groups when possible...
Since homes are more fireproof than they used to be, they could hire firemen to do the book burning...
Oh wait - I bet that someone already has a patent on this idea...
http://en.wikipedia.org/wiki/Fahrenheit_451
Well, they have at least a copyright. Someone else will get the story patent soon.
I totally agree.
... going on strike to demand higher quality engineering.
I wish I had some mod points for you.
That idea alone should be discussed more.
They blocked the spam from being sent:
0 5/10-27ZombiePR.mspx
http://www.microsoft.com/presspass/press/2005/oct
I join those "most people" in suspecting that Sony doesn't bother doing any QC. All it took was seeing a couple of dead-on-arrival HDTV's.
I think that Sony cut all it's QC staff during their glory years. Now, they probably think that "the quality is built-in".
In their dreams...
If people will buy new clothes, some will think:
... funny how business works.
1) Buy clothes that are no longer new
2) Sell them
3) Profit
4) Name business "Thrift Store"
Maybe Sun should study this model:
1) Sell cheap low priority CPU time on a grid system that nobody is using
2) No profit
3) Raise prices until the customers/costs/profits are balanced to favor profits
4) Profit
Macrovision copy protection works by adding certain codes to these control lines that are interpreted by an Automatic Gain Control chip
Which is why I love my old Panasonic VHR that has no Automatic Gain Control chip. I almost threw it out when I got a new Sony VHR a few years ago. I easily make copies of Macrovision (Disney) movies for my kids (without 10 minutes of promos and trailers).
The fact that all modern VHR's have these chips lead me to believe that the industry is quite capable in producing hardware DRM which is not breakable by any other consumer electronic product. We'll have to use illegal black boxes to break DRM.
The password that was used is not relevant. The fact that they were impersonating someone else makes their access a crime.
If you login to Jane Doe's account using the default password (and you succeed), that is a crime (unauthorized access).
vb
The Federalist Papers were very antisocial and also very anonymous. The articles were written by James Madison, Alexander Hamilton, and John Jay, under the pseudonym "Publius". http://en.wikipedia.org/wiki/Federalist_Papers
Hell, the whole American revolution was started by anonymous antisocial people.
I disagree that there has to be some control on speech.
I speak the word "fire" in a crowed movie theaters all of the time and nothing bad happens. I'm not screaming, I'm whispering to my friend, so there is no panic. Why should I be punished?
Learn the difference between speech and action. Speech should not be regulated. Action should be regulated.
I wish our congress critters would learn that too.
vb
Years ago (I'm talking the 1970's here folks), the credit card companies had anti-fraud units that would circulate and track credit cards with "tripwire" numbers that they let fall into the hands of crooks. Do you think that a lot of crooks where caught? No. Most local law enforcement had little interest chasing petty fraudsters for a credit card company halfway across the country. Not unless the crooks were so big that they attracted the attention of a big city bunko squad.
In the year 2005, credit card companies could use coded credit card numbers to catch phishers. They don't bother.
Banks could use tripwire accounts to catch phishers. They don't.
Do you really think that law enforcement is ready to catch phishers? A lot of spam cases are in civil count, not criminal court. The law and law enforcement lag far behind on Internet issues.
vb
True that every website you view is a copy of the orginal content sent to your computer, but my point was that each individual page copied is considered a fair use.
If I browse the New York Times web site and view (copy) a some pages, I am a long way from making an entire copy the the New York Times web site.
Google plans to make entire digital copies of all the books they intend to index.
Big difference.
I remember well my Rocket Radio.
This guy built one: http://www.dobe.com/wts/funk/kristall.txt
Exactly.
Because in order for Google to index it, they have to create a digital *copy* of the entire work. The problem is that they don't have the right to make an entire copy.
I think that the decision in mp3.com is going to burn Google.
Google can index entire web sites without creating a copy of them.
Yes, Google copies copyrighted pieces of web sites all of the time for it's cache. But Google does not recreate the entire web site. I think that each individual page copied is considered a fair use.
vb
In Illinois a new or replacement state ID is $20. Everytime that you move or change anything, you have to get it replaced.
People to move around a lot, without a permanent address, could easily spend a Benjamen in a few months keeping their ID up to date.
vb
Thank you!
I normally uncheck "Allow web sites to install software". Because it reminds me of the horrors of ActiveX.
I knew that I had to check it to install a new Firefox extensions, but I never suspected it was messing up the many Firefox updates that never worked. I would try getting Firefox updates over and over until I gave up and did a fresh downloaded.
vb
I'm with you.
I want to take action, up to and including unplugging a machine until a patch is released. While such a drastic action may hurt in the short term, it's far better than allowing a cracker access to my system.
We are action takers. We know that to keep a system secure, frequent action is needed.
The problem, as I see it, is that many security people want to coddle the "no action takers". The "no action takers" become sitting ducks when an exploit is found and every cracker is informed.
Tough shit.
I don't my systems cracked because of a foolish notion that everyone (in total) is more secure if only a few, highly skilled, crackers can access vulnerable systems.
vb
Even if you could change your oil as fast as Quicky Lube, the time it takes you to clean up after "getting dirty" could easily double your overall time spent.
... and then you have disposal of the used oil
There are lots of subtle time sinks that most TCO studies do not address either.
vb
Certain three letter US goverment departments could reconstruct the shredded bits enough to read useful information.
Because other goverments can do the same thing, they all incinerate what they shred.
vb
If your credit card had a passphrase, password, or a PIN, this company would have just recorded, and lost, that too.
According to what I read, this company recorded the card secuity code (the three or four digit number on the back the your card that "proves" that the card is physically in your possession).
The whole idea of the security code number is that it's *never* suppposed to be recorded, only authenticated.
In this case, the problem is not "a number" or n-factor authentication. The problem is a company that recorded sensitive data without having the security needed to protect it from loss. And there are a lot of similar companies out there.
vb