William Alsup deserves a medal for finally pushing those trolls a little. Too long have they been getting away with venue shopping and the abusive use of threats to sue. Time to sit back and watch the fireworks...
So they got a court opinion that said it was unconstitutional, yet they just ignored it. Someone must be accountable for that! Aren't all US federal officers sworn to uphold the constitution of the United States of America - all the way up to the president? At the very least, someone should be tried for contempt of court. No matter the justification and possible reasons for the NSA program, they can't just ignore the highest law of the land. Or can they? It is a very slippery slope.
These attacks are actually a little too easy to effectuate. The drive to outsource to third world countries and lack of training for local staff means that they are all a prime target for a social engineering attacks. It does not take a lot of organised resources to then create the requisite diversion for the often overwhelmed security staff and you have a big win in the pipeline. Of course it requires some skill, but nothing more than a course or two at Blackhat USA will give you. If you also have the benefits of the funds of a large Russian crime syndicate and the personal "motivation" that flows from that, along with an almost zero risk of prosecution due to jurisdictions - hell - why wouldn't you go for it?
The bottom line is that we need to harden up our defences more and more. We may even have to disconnect essential financial infrastructure from the internet and bring it back onto a completely private network that it costs a substantial amount of money to join and be authenticated to. It should come with the proviso that any device connecting to it, could also not be connected to the internet or an unknown intranet device at the same time. This would not be bulletproof, but it would substantially reduce the risk.
Not lazy, just time poor. Some of us security professionals haven't got the time to play with distros, find the right drivers, mess around with package levels , find a proper sturdy case and all the rest. We just need a tool. Even the most expensive version of the Pineapple is less than half of what we charge per hour. I only spend time building my own hacking tools when I'm doing something out of the ordinary or if I have to make a hacking device look like it's not one. The things the Pineapple does is just pen-testing for dummies - but sadly, often that is enough to get through. I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there.
Even though the actions of these low-life, sewer-dwelling misfits angers me, I can't help but wonder why the punishment in the US is on a scale that you wouldn't even get for premeditated murder in most other countries. Aaron Swartz payed the ultimate price for such over the top threats of deprivation of liberty.
At what point does the punishment no longer fit the crime? Sure, confiscate all the profits, bankrupt them, take all their assets and lock them up for a couple of years. But 30-40 years? For real? Why not just send them to Mars or something? Locking them up for 5 years without access to computers would ensure that when they get out their hacking skills would be so redundant they could never do it again.
Isn't the justice system supposed to be about a balance between punishment and reformation - not about revenge?
Yeah - same here - and never mind that the latest version of Android on my Galaxy Nexus made Bluetooth inoperable in my car too. Google has hundreds of bug reports, but are yet to offer a fix or even acknowledge that there is a problem.
Sadly Google are letting the very people down they should be giving most attention: The early adopters and Android enthusiasts.
Mind you, I have a stock Galaxy Nexus and it is yet to offer the patch. If Google can't even provide a fix to the core community, what hope does OEM users have?
I never understood how they could allow this to happen in the first place. Clearly finding out the purpose of a gene will always be a discovery and not an invention. Discoveries are not patentable.
Redirect the spending into the space program and reap the rewards. The US had a golden age on the back of the technological advances made possible through the Gemini and Apollo programs. It can be done again...
Clearly fools and their money are easily parted. Can't fault the guy for seeing the opportunity though. I guess the question is: Is it immoral to make a buck from irrational fears when you didn't create the fears in the first place?
Well - other than speed you are going to need some kind of kick-ass obstacle avoidance system. If you hit even the tiniest object at light speed, you are pretty much toast!!
Hmmm - that does not appear to be the case when the PATRIOT act comes into the picture. Or maybe I got that all wrong? Surely if the US can make laws that forces companies like Google to give up data help under EU privacy laws to the US government - well - then surely they can find a way to tax said companies too....
No need to waste money on something like that. Buy a Jalapeno, slice it open with a knife and rub it along the length of cable. Our cat used to chew into cables. Not anymore.... Poor thing soon learned that chomping on a cable meant a very quick trip to the water bowl. May sound cruel, but is sure better than a dead cat.
Hmm - funny that. I once got that too after complaining to an American Airlines check-in lady about a checked luggage fee. Qantas passengers are exempt from such fees, as I tried to point out to her, but she wanted to hit me with it anyway. After a long debate and a visit from her supervisor the fee was waived - but - surprise surprise - SSSS appeared on the boarding card. This was on one leg out of 10 flights around the US, so it could not have been on the basis of any kind of passenger profiling. Maybe some slashdotter in the airline industry can enlighten us here...
Actually - for many years when I was traveling in the US, if (and only if) my boarding pass had SSSS printed on it, I would be subjected to extra screening. The SSSS would be printed in large clear letters on the document. I don't know what genius came up with that advance warning, but it sure as hell would tell a wannabe terrorist not to go through with his plan and try again some other time. The people managing these processes really need to think such things through a little bit better.
Hmmm - I think the GP was refering to prepaid cards such as VISA or Mastercard that you can pick up at your local 7-Eleven and load with balances up to $1000.
I use those cards myself when I want to purchase something from a web site that I don't completely trust to be PCI compliant. The cards costs about $3, can be bought and loaded using cash and there are no identification taking place whatsoever. I use them to avoid fraud, but they are equally useful to make purchases completely anonymously.
As for cashing out your savings.... you could conceivably do this by visiting a number of different branches. Most banks will at least allow you to cash out around $10K without too many questions. Do that 2 or 3 times and you should be able to comfortably survive for at least 6 months.
Honestly, I am surprised they tried again this quick. Normally the politicians let such a controversial issue die down and then slips it under the radar when no-one is watching. This will be interesting to watch....
Yeah - a couple of years ago I was on a Malaysia Airlines flight out of Mumbai. We were still on the ground when all of a sudden the PA system went: "This is an emergency. Oxygen masks will drop from the compartment above your head. Please place one over your face and ensure that the is securely fastened before assisting other passengers and children". The next thing that happened was the PA playing "The Girl from Ipanema". My only thought was that in a genuine emergency the last thing I will hear while "going down" is a piece of elevator music. How thoughtfully ironic!!!
Just working backwards from the "one of you will be fired" comment above. Why not try and come up with a metric that shows you are impressively efficient, but drowning under a massive workload? Done right, it might just force management to hire rather than fire.
There are a number of ways you can do this:
1) For the next few weeks, only deal with issues in the ticketing system that can be resolved quickly. This shows how responsive you are on the "count of problems solved" and "time to resolution".
2) Always upgrade easy problems to "Extremely Urgent", so that they get picked up first (as per above).
3) Do NOT under any circumstances touch a complicated problem that requires consideration or actual work. Find someone to outsource it to. Then blame the outsourcing costs and lack of efficiency (obviously they do not have the same fast response time as you) for the problem.
Seriously: In a 3 man team, you and your manager should KNOW who is working and who is on facebook all day. If you are all working hard, then it is not time to add more pressure by introducing metrics, it is time to hire more help. If on the other hand you are all on facebook all day - well - then good luck to you in your new job at Walmart....
Actually, you need to take your corporate IT hat off for a second. The people who fall for this scam are typically people who didn't grow up with computers. Your mum and dad (now maybe in their sixties), who only use a computer to type the odd letter, Skype the grandkids and maybe look for old friends on Facebook. They do not have access to tech support and mostly their computers have been bought in a standard configuration with just the few things they need installed.
Those people (I can't get myself to call them users) have been told by their kids, the banks and everyone else they trust to understand computers, that viruses are a real threat and that if you get a computer virus it is really bad and awful things can happen to you (identity theft, damaged computer, having your broadbad costs skyrocket from a spam-virus using up your allowance etc.).
I know some of these people are scared to even start a web browser for any site that they have not specifically been told they can trust.
So, when one of these scam (scum) artists calls up and tells them that they have a bad virus - their immediate reaction is fear and confusion. When the scammer then offers to "fix" the problem, they gladly agree to hand over a relatively modest amount (around $150 usually) and let the scammer go ahead. Sadly, once their credit card details have been handed over, it is normally not the end of it.
How do I know all this? Because it happened to the nice old man down the street. He was almost in tears when he told me how he'd gone ahead and let the scammer take almost half his weekly pension money. It also happened to a nice elderly couple that are friends of my parents and to the man who mowes my lawn to supplement his pension. Nice, normal and not even that gullible people - just people who are not geeks.
We (the geeks) actually have a responsibility to educate those poor people rather than calling them idiots. Nothing beats a scammer better than being forewarned.
Please mod this reply up! Despite the slightly offensive language, it is NOT a troll statement. That new construct certainly has the potential to eliminate basic mistakes, which invariably will lead to more stable code. It is almost like a garbage collection for resources - and the value of that is (in my opinion) beyond dispute.
Slashdot Mirror
Personally, I'd like to propose raising money for a giant colander. All hail the giant spaghetti monster!!
Actually, the Police did jam a camera up someone's ass in New Mexico recently - without proper cause. Details here: http://www.usnews.com/news/articles/2013/11/05/man-seeks-millions-after-nm-police-force-colonoscopy-in-drug-search
William Alsup deserves a medal for finally pushing those trolls a little. Too long have they been getting away with venue shopping and the abusive use of threats to sue. Time to sit back and watch the fireworks...
So they got a court opinion that said it was unconstitutional, yet they just ignored it. Someone must be accountable for that! Aren't all US federal officers sworn to uphold the constitution of the United States of America - all the way up to the president? At the very least, someone should be tried for contempt of court. No matter the justification and possible reasons for the NSA program, they can't just ignore the highest law of the land. Or can they? It is a very slippery slope.
The bottom line is that we need to harden up our defences more and more. We may even have to disconnect essential financial infrastructure from the internet and bring it back onto a completely private network that it costs a substantial amount of money to join and be authenticated to. It should come with the proviso that any device connecting to it, could also not be connected to the internet or an unknown intranet device at the same time. This would not be bulletproof, but it would substantially reduce the risk.
Not lazy, just time poor. Some of us security professionals haven't got the time to play with distros, find the right drivers, mess around with package levels , find a proper sturdy case and all the rest. We just need a tool. Even the most expensive version of the Pineapple is less than half of what we charge per hour. I only spend time building my own hacking tools when I'm doing something out of the ordinary or if I have to make a hacking device look like it's not one. The things the Pineapple does is just pen-testing for dummies - but sadly, often that is enough to get through. I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there.
Is this really "News that matters"?
Seriously?????
At what point does the punishment no longer fit the crime? Sure, confiscate all the profits, bankrupt them, take all their assets and lock them up for a couple of years. But 30-40 years? For real? Why not just send them to Mars or something? Locking them up for 5 years without access to computers would ensure that when they get out their hacking skills would be so redundant they could never do it again.
Isn't the justice system supposed to be about a balance between punishment and reformation - not about revenge?
Yeah - same here - and never mind that the latest version of Android on my Galaxy Nexus made Bluetooth inoperable in my car too. Google has hundreds of bug reports, but are yet to offer a fix or even acknowledge that there is a problem. Sadly Google are letting the very people down they should be giving most attention: The early adopters and Android enthusiasts.
Mind you, I have a stock Galaxy Nexus and it is yet to offer the patch. If Google can't even provide a fix to the core community, what hope does OEM users have?
I never understood how they could allow this to happen in the first place. Clearly finding out the purpose of a gene will always be a discovery and not an invention. Discoveries are not patentable.
Redirect the spending into the space program and reap the rewards. The US had a golden age on the back of the technological advances made possible through the Gemini and Apollo programs. It can be done again...
Clearly fools and their money are easily parted. Can't fault the guy for seeing the opportunity though. I guess the question is: Is it immoral to make a buck from irrational fears when you didn't create the fears in the first place?
Well - other than speed you are going to need some kind of kick-ass obstacle avoidance system. If you hit even the tiniest object at light speed, you are pretty much toast!!
Hmmm - that does not appear to be the case when the PATRIOT act comes into the picture. Or maybe I got that all wrong? Surely if the US can make laws that forces companies like Google to give up data help under EU privacy laws to the US government - well - then surely they can find a way to tax said companies too....
No need to waste money on something like that. Buy a Jalapeno, slice it open with a knife and rub it along the length of cable. Our cat used to chew into cables. Not anymore.... Poor thing soon learned that chomping on a cable meant a very quick trip to the water bowl. May sound cruel, but is sure better than a dead cat.
Hmm - funny that. I once got that too after complaining to an American Airlines check-in lady about a checked luggage fee. Qantas passengers are exempt from such fees, as I tried to point out to her, but she wanted to hit me with it anyway. After a long debate and a visit from her supervisor the fee was waived - but - surprise surprise - SSSS appeared on the boarding card. This was on one leg out of 10 flights around the US, so it could not have been on the basis of any kind of passenger profiling. Maybe some slashdotter in the airline industry can enlighten us here...
Actually - for many years when I was traveling in the US, if (and only if) my boarding pass had SSSS printed on it, I would be subjected to extra screening. The SSSS would be printed in large clear letters on the document. I don't know what genius came up with that advance warning, but it sure as hell would tell a wannabe terrorist not to go through with his plan and try again some other time. The people managing these processes really need to think such things through a little bit better.
On the other hand, if you are a terrorist cell, you are probably not terribly concerned about U.S. law...
Hmmm - I think the GP was refering to prepaid cards such as VISA or Mastercard that you can pick up at your local 7-Eleven and load with balances up to $1000. I use those cards myself when I want to purchase something from a web site that I don't completely trust to be PCI compliant. The cards costs about $3, can be bought and loaded using cash and there are no identification taking place whatsoever. I use them to avoid fraud, but they are equally useful to make purchases completely anonymously. As for cashing out your savings.... you could conceivably do this by visiting a number of different branches. Most banks will at least allow you to cash out around $10K without too many questions. Do that 2 or 3 times and you should be able to comfortably survive for at least 6 months.
Honestly, I am surprised they tried again this quick. Normally the politicians let such a controversial issue die down and then slips it under the radar when no-one is watching. This will be interesting to watch....
Yeah - a couple of years ago I was on a Malaysia Airlines flight out of Mumbai. We were still on the ground when all of a sudden the PA system went: "This is an emergency. Oxygen masks will drop from the compartment above your head. Please place one over your face and ensure that the is securely fastened before assisting other passengers and children". The next thing that happened was the PA playing "The Girl from Ipanema". My only thought was that in a genuine emergency the last thing I will hear while "going down" is a piece of elevator music. How thoughtfully ironic!!!
There are a number of ways you can do this:
1) For the next few weeks, only deal with issues in the ticketing system that can be resolved quickly. This shows how responsive you are on the "count of problems solved" and "time to resolution".
2) Always upgrade easy problems to "Extremely Urgent", so that they get picked up first (as per above).
3) Do NOT under any circumstances touch a complicated problem that requires consideration or actual work. Find someone to outsource it to. Then blame the outsourcing costs and lack of efficiency (obviously they do not have the same fast response time as you) for the problem.
Seriously: In a 3 man team, you and your manager should KNOW who is working and who is on facebook all day. If you are all working hard, then it is not time to add more pressure by introducing metrics, it is time to hire more help. If on the other hand you are all on facebook all day - well - then good luck to you in your new job at Walmart....
Those people (I can't get myself to call them users) have been told by their kids, the banks and everyone else they trust to understand computers, that viruses are a real threat and that if you get a computer virus it is really bad and awful things can happen to you (identity theft, damaged computer, having your broadbad costs skyrocket from a spam-virus using up your allowance etc.).
I know some of these people are scared to even start a web browser for any site that they have not specifically been told they can trust.
So, when one of these scam (scum) artists calls up and tells them that they have a bad virus - their immediate reaction is fear and confusion. When the scammer then offers to "fix" the problem, they gladly agree to hand over a relatively modest amount (around $150 usually) and let the scammer go ahead. Sadly, once their credit card details have been handed over, it is normally not the end of it.
How do I know all this? Because it happened to the nice old man down the street. He was almost in tears when he told me how he'd gone ahead and let the scammer take almost half his weekly pension money. It also happened to a nice elderly couple that are friends of my parents and to the man who mowes my lawn to supplement his pension. Nice, normal and not even that gullible people - just people who are not geeks.
We (the geeks) actually have a responsibility to educate those poor people rather than calling them idiots. Nothing beats a scammer better than being forewarned.
Please mod this reply up! Despite the slightly offensive language, it is NOT a troll statement. That new construct certainly has the potential to eliminate basic mistakes, which invariably will lead to more stable code. It is almost like a garbage collection for resources - and the value of that is (in my opinion) beyond dispute.