Targeted malware is a real threat, and even if the attacker hasn't narrowed it down to a particular person of interest, it would still be possible to narrow down the relevant audio based on accompanying text messages and file transfers. The audio just before and after "Keep this confidential" in the text chat and "Tender Offer Pricing.xls" would draw an inside trader's attention, for example.
Think of them as a kind of privatized law enforcement. In place of a prosecutor going after a defendant for ripping off millions of people, a plaintiff's attorney does the job instead.
You'll find abuses in both government law enforcement and private law enforcement. The difference is that in the case of class action lawsuits the people who want to get away with illegal activity have powerful and well-oiled propaganda machines.
But wait, there's more! According to my favorite Icelandic blogger, the commissioner who issued the injunction has a son who is or was a spokesman for the bank, and another who was an executive and the recipient of one of the no-payments loans.
Iceland is a close-knit society. The anger there is fueled by a sense of betrayal that people from big heterogeneous countries can't fully appreciate.
It's sloppy, but you can leave vacuum leaks unrepaired if you just put down newspapers under the car to absorb the dripping vacuum before it stains the garage floor. I wonder why the LHC didn't just hire someone to mop up the leaking vacuum.
John Stuart Mill covered this ground a long time ago. Refuting false speech is better than censoring it, because allowing it exposes the people who practice it for what they are, and allows the counter-arguments to be strengthened.
The examples you have of legal restrictions on speech are either things that would be crimes without the speech component (fraud is a form of stealing) or else things you can't go to jail for (defamation is a matter for civil law).
He mentioned getting email passwords, and with access to someone's email you can reset their passwords to more important sites. Not to mention that I've seen a place handling sensitive information that answered lost password requests by _mailing out the password_.
We can define a new measure, the "Godwin score", which is how many times someone is mentioned in Googlespace along with Hitler.
Mike Godwin has a Godwin score of 156,000. Germany has a Godwin score of 17,400,000. Therefore Germany is over a hundred times more evil than Mike Godwin, or at least more Godwinized.
Slashdot, interestingly, has a Godwin score of 155,000.
One place I worked, we were all briefed not to discuss pricing, because doing so within a competitor's earshot could be considered illegal.
I'm surprised that an antitrust lawyer would be involved in a meeting among competitors to discuss simultaneous price hikes.
Anyway, newspapers have never charged for content: they've charged for advertising, with subscription charges being barely or not at all enough to pay for putting ink on newsprint and delivering it. They're dying because advertisers are leaving. Look at how thick the classified ads sections are today versus what they used to be like.
>no-one was forced to buy anything... >If you're dumb enough
Everybody's vulnerable to something. You can't protect yourself against every lie in the world short of clinical paranoia, and even then you'll get taken by somebody selling tinfoil hats.
Talk to a professional penetration tester. You may hear that they always succeed at using con games to compromise an organization's security.
We need anti-fraud laws. At least they can scare away potential fraudsters who are afraid of getting caught.
An interesting question, but they're not in court because of their beliefs, but because of their alleged actions: "The organisation, he [the magistrate] argued, is 'first and foremost a commercial business' whose actions reveal 'a real obsession for financial remuneration'."
>If there is a 0.6% to 1% false positive ratio, that means that out of 1000 "flagged" people 6-10 of these will be of innocent people.
No, that is not what it means.
Biometric error rates are calculated, naturally enough, on the number of inputs. A false positive rate of 0.6% to 1% means that for every 100,000 people who go past the cameras, if all are innocent, then 600 to 1000 innocent people have to be reviewed by the police. That number needs to be compared with the cost of police time, the number of actual bad actors who should get caught, and the value you place on leaving innocent people alone.
Incidentally, 0.6% to 1% strikes me as incredibly optimistic for a face recognition system in an uncontrolled environment.
http://www.diceware.com/ is another approach. With 4-6 randomly chosen words in a passphrase you can usually make up a story to string them together into a sentence you have a chance of remembering.
You're absolutely right. In fact some secure random number generators are based on the output of block ciphers. ANSI X9.17 isn't a pure example, since it uses a random input, but Fortuna simply uses a cipher in counter mode.
Any statistically significant pattern in a cipher's output would be considered a flaw in the cipher. Unless, of course, these people have just "discovered" that ECB mode is bad.
In recent cases of hyperinflation, the market has resorted to paper currency from neighboring countries: Deutschemarks in Yugoslavia, rand in Zimbabwe.
In the post-WWII chaos in Europe, you could buy a Volkswagen with cartons of cigarettes. Forbes has suggested that bottles of Scotch could become trade goods on the same principle.
People who worry about such things often (in the US) stock up on pre-1964 coins which were actually made out of silver, on the theory that more people would recognize those than would accept, say, a Krugerrand.
So why do I have all this information on tap? Does being a security consultant make you paranoid, or vice versa?
That was my doctor's reaction when I asked about shin splints. It was like the old joke "Doctor, it hurts when I do this! Well, then, stop doing that!"
Seriously considering getting a professional shoe fitting and trying again.
I bet a climate scientist could have gotten plenty of money from the Bush Administration for arguing that manmade CO2 wasn't causing climate change. Exxon Mobil has plenty of money for anyone who can sow doubt about the anthropogenic climate change hypothesis.
Why not more scientific criticism of the hypothesis, then?
Because scientists went into science instead of law school because they care about reality.
Questions to ask, if you're sure that online is the right approach:
Will customers have access to their data when the service provider goes out of business? If so, how much delay will be involved? ("You can have your data when we get the server back from the repo man").
There may be some standard telling lawyers to use reasonable care when handling privileged information. If there is, then by today's standards I'd personally argue that reasonable implies encrypted.
Is deleted data really deleted? Does it live on in backups? Is it like Google, where ghosts of departed data linger in the cloud?
The only thing I can tell you about bar association standards is that at one time the ABA was telling people that email was acceptable for communicating privileged information. I hope they're doing better now.
Slashdot Mirror
Targeted malware is a real threat, and even if the attacker hasn't narrowed it down to a particular person of interest, it would still be possible to narrow down the relevant audio based on accompanying text messages and file transfers. The audio just before and after "Keep this confidential" in the text chat and "Tender Offer Pricing.xls" would draw an inside trader's attention, for example.
With Norton Ghost, of course.
Think of them as a kind of privatized law enforcement. In place of a prosecutor going after a defendant for ripping off millions of people, a plaintiff's attorney does the job instead.
You'll find abuses in both government law enforcement and private law enforcement. The difference is that in the case of class action lawsuits the people who want to get away with illegal activity have powerful and well-oiled propaganda machines.
But wait, there's more! According to my favorite Icelandic blogger, the commissioner who issued the injunction has a son who is or was a spokesman for the bank, and another who was an executive and the recipient of one of the no-payments loans.
Iceland is a close-knit society. The anger there is fueled by a sense of betrayal that people from big heterogeneous countries can't fully appreciate.
It's sloppy, but you can leave vacuum leaks unrepaired if you just put down newspapers under the car to absorb the dripping vacuum before it stains the garage floor. I wonder why the LHC didn't just hire someone to mop up the leaking vacuum.
History and my personal experience are full of manic-depressive artists. No substitute for statistics, of course.
Maybe the connection is just that society drives creative people crazy.
At a minimum, a charge that far outside the cardholder's normal pattern should have been flagged for manual review at the fraud control department.
John Stuart Mill covered this ground a long time ago. Refuting false speech is better than censoring it, because allowing it exposes the people who practice it for what they are, and allows the counter-arguments to be strengthened.
The examples you have of legal restrictions on speech are either things that would be crimes without the speech component (fraud is a form of stealing) or else things you can't go to jail for (defamation is a matter for civil law).
He mentioned getting email passwords, and with access to someone's email you can reset their passwords to more important sites. Not to mention that I've seen a place handling sensitive information that answered lost password requests by _mailing out the password_.
http://xkcd.com/552/
We can define a new measure, the "Godwin score", which is how many times someone is mentioned in Googlespace along with Hitler.
Mike Godwin has a Godwin score of 156,000. Germany has a Godwin score of 17,400,000. Therefore Germany is over a hundred times more evil than Mike Godwin, or at least more Godwinized.
Slashdot, interestingly, has a Godwin score of 155,000.
One place I worked, we were all briefed not to discuss pricing, because doing so within a competitor's earshot could be considered illegal.
I'm surprised that an antitrust lawyer would be involved in a meeting among competitors to discuss simultaneous price hikes.
Anyway, newspapers have never charged for content: they've charged for advertising, with subscription charges being barely or not at all enough to pay for putting ink on newsprint and delivering it. They're dying because advertisers are leaving. Look at how thick the classified ads sections are today versus what they used to be like.
>no-one was forced to buy anything ...
>If you're dumb enough
Everybody's vulnerable to something. You can't protect yourself against every lie in the world short of clinical paranoia, and even then you'll get taken by somebody selling tinfoil hats.
Talk to a professional penetration tester. You may hear that they always succeed at using con games to compromise an organization's security.
We need anti-fraud laws. At least they can scare away potential fraudsters who are afraid of getting caught.
An interesting question, but they're not in court because of their beliefs, but because of their alleged actions: "The organisation, he [the magistrate] argued, is 'first and foremost a commercial business' whose actions reveal 'a real obsession for financial remuneration'."
>If there is a 0.6% to 1% false positive ratio, that means that out of 1000 "flagged" people 6-10 of these will be of innocent people.
No, that is not what it means.
Biometric error rates are calculated, naturally enough, on the number of inputs. A false positive rate of 0.6% to 1% means that for every 100,000 people who go past the cameras, if all are innocent, then 600 to 1000 innocent people have to be reviewed by the police. That number needs to be compared with the cost of police time, the number of actual bad actors who should get caught, and the value you place on leaving innocent people alone.
Incidentally, 0.6% to 1% strikes me as incredibly optimistic for a face recognition system in an uncontrolled environment.
>randomness (i.e. entropy) is an attribute of the distribution, not the sample. That means you can't really say that choosing "password" isn't random.
In other words, entropy is a property of the source and not of the output.
http://www.diceware.com/ is another approach. With 4-6 randomly chosen words in a passphrase you can usually make up a story to string them together into a sentence you have a chance of remembering.
Otherwise known as "don't try to save an anchor from drowning".
At the Department of the Interior, "Alan Balaran, a court-appointed special master, soon confirmed that a team of hackers could break into the trust accounting system with relative ease and then write checks on the trust funds". Those trust funds were held for the benefit of Native American nations, who filed a multi-billion dollar lawsuit over the security problems.
There are sensitive systems all over.
You're absolutely right. In fact some secure random number generators are based on the output of block ciphers. ANSI X9.17 isn't a pure example, since it uses a random input, but Fortuna simply uses a cipher in counter mode.
Any statistically significant pattern in a cipher's output would be considered a flaw in the cipher. Unless, of course, these people have just "discovered" that ECB mode is bad.
Alcoa denies it
An Icelander responds
The same Icelander talks about what the "hidden folk" mean to Icelanders
BullionVault's founder used to carry around a gold coin to demonstrate to people just how difficult it is to pay for something with gold. http://www.nowpublic.com/tech-biz/interview-paul-tustain-founder-bullionvault-com-pt-2
In recent cases of hyperinflation, the market has resorted to paper currency from neighboring countries: Deutschemarks in Yugoslavia, rand in Zimbabwe.
In the post-WWII chaos in Europe, you could buy a Volkswagen with cartons of cigarettes. Forbes has suggested that bottles of Scotch could become trade goods on the same principle.
People who worry about such things often (in the US) stock up on pre-1964 coins which were actually made out of silver, on the theory that more people would recognize those than would accept, say, a Krugerrand.
So why do I have all this information on tap? Does being a security consultant make you paranoid, or vice versa?
That was my doctor's reaction when I asked about shin splints. It was like the old joke "Doctor, it hurts when I do this! Well, then, stop doing that!"
Seriously considering getting a professional shoe fitting and trying again.
I bet a climate scientist could have gotten plenty of money from the Bush Administration for arguing that manmade CO2 wasn't causing climate change. Exxon Mobil has plenty of money for anyone who can sow doubt about the anthropogenic climate change hypothesis.
Why not more scientific criticism of the hypothesis, then?
Because scientists went into science instead of law school because they care about reality.
>Sure things might get hairy for a while
Look at where the coastline was during warmer spochs. "Hairy" is a polite word.
We also weren't trying to feed six billion humans last time it was seriously warm.
Questions to ask, if you're sure that online is the right approach:
Will customers have access to their data when the service provider goes out of business? If so, how much delay will be involved? ("You can have your data when we get the server back from the repo man").
There may be some standard telling lawyers to use reasonable care when handling privileged information. If there is, then by today's standards I'd personally argue that reasonable implies encrypted.
Is deleted data really deleted? Does it live on in backups? Is it like Google, where ghosts of departed data linger in the cloud?
The only thing I can tell you about bar association standards is that at one time the ABA was telling people that email was acceptable for communicating privileged information. I hope they're doing better now.