>Using the word "homophobia" in regard to a legal choice to beleive one's religion is HATE speech
Watch and learn. This is how "hate speech" laws will get used in real life. Bigots love to paint themselves as the persecuted party, and they have the political muscle to ram prosecutions through.
(What religion is that, by the way? If it believes in Leviticus 20:13 then it believes in the death penalty for homosexuals).
>It seems to me that if they know enough about the kiddie pr0n sites to block them- they should have enough information to provide authorities to get them shut down.
There's no real way to put a newsgroup in jail, and the web sites may be in countries where the operators have an under$standing with law enforcement.
>Giant SUV hybrids tend to get 2-3mpg more than their non-hybrid counterparts.
A Chevy Suburban (the first giant SUV that came to mind), according to EPA city numbers and the anecdotal reports of owners, is around 15 mpg. If it were available in a hybrid, and got only a 3 mpg improvement, that would be 20%. 20% of an SUV's consumption is a lot of gas.
>They're a joke.
Well, there is the lipstick-on-a-pig aspect to improving the drivetrain on a giant SUV. But if there's anybody out there who actually needs one, I'd rather he or she were driving a hybrid.
And tragedy doesn't deserve to be allowed to crush our spirits.
I told my wife that I was disturbed by how hard I laughed at www.netfunny.com/rhf/jokes/96q1/seuss2.html, and she reminded me of the Thomas More quote "The Devil, the proud spirit, cannot endure to be mocked."
There's a eutectic alloy of sodium and potassium that's liquid at room temperature. I guess they're not using gallium, which is safer than sodium, because it's incompatible with steel.
There's been some movement in that direction but it's not complete or comprehensive.
Under HIPAA, encryption is not required but is "addressable", which means you've got to at least do something just as good and document how it's at least as good and why you're using it instead.
Many breach laws exempt you from disclosure requirements if you stored the data encrypted.
The Payment Card Industry's private sector regulations for credit card data require it to be stored in some kind of obscured form, with crypto being only one of several options.
They could, but the part of a takedown request where you assert that you are the copyright holder or their agent is made under penalty of perjury. A mass DMCA DoS would be legally actionable.
Phone companies in the US, maybe elsewhere, are legally required to facilitate eavesdropping under CALEA. End to end encrypted data services such as Skype and Hushmail have escaped this so far.
Will they be faced with the dilemma of changing their architecture versus being banned? Will they lose confidence no matter what? Hushmail at least used to publish their source code, but Skype is closed source and the binary is heavily obfuscated.
>>And what did he think they were going to do when they caught him, give him a raise and a promise to change their cheap lazy ways?
>They could have addressed the problem and rewarded the child who dared to laugh at the naked emperor.
Punishing employees who let you know about problems is like disconnecting your smoke detector. Some of the big security policy frameworks call for a policy statement that *requires* reporting of security problems. If TJX had been my client, they would have been advised to go one step beyond that to encourage bug reports.
>What security people don't understand is that good security can be very, very, VERY expensive.
Good security is proportional to the assets being protected and the level of threat. Good security includes supporting the "availability" leg of the confidentiality-integrity-availability triad, which means that a security measure that prevents business from getting done is poor security as well as poor business.
Good management recognizes that using non-blank passwords is cheaper than $17 million in immediate costs for the breach (*) and total costs over $250 million (**).
(*) From the TJX earnings statements last year. (**) TJX public announcement. Other estimates are much higher.
>short of a completely encrypted drive, you are pretty much SOL if someone has physical access to your machine.
Even that doesn't help if the encryption relies on a password rather than a key from some physical token. The person with physical access can just plug in a hardware keylogger and record the password.
>However I have to wonder: once you have access to the filesystem, why exactly would you bother booting into Vista and getting yourself a privileged cmd.exe? Why not just access whatever data you want from the other OS?
Here's an example that's come up when I've done forensics work. Suppose you need information such as a stored password that lives in Windows's "protected storage". Conceptually, it's encrypted based on the user's login. You can maybe reverse-engineer the encryption and brute-force the password, or use chntpw to change the password (yes, of COURSE you do this on a copy and not the original) and log in, or bypass the limitations of chntpw and go straight for root access.
Not only that, HIPAA doesn't give you recourse to the civil courts. There's no private right of action under HIPAA. There's been one attempt to sue for negligence on the theory that HIPAA sets a standard of care: dunno how that turned out.
(My doctor's office has documents with labels that say "HIPPA". I've given up on ever having it spelled correctly.)
If you live long enough, or if you get cancer early, you'll find yourself dealing with multiple medical professionals who aren't very good at sharing records with each other. Being able to point one doctor to the test results from another doctor can at the least save time and money and at best improve quality of care.
There's also the issue of the sorts of things people use MedicAlert bracelets for. I knew someone who was short on clotting factors and went to the hospital with chest pains. They told him something usually appropriate for a heart attack: they told him to take aspirin. Oops. Shared, readily accessible records could have prevented this accident.
The relevant provision is in the 1979 protocol, article 54. It covers infrastructure "indispensable to the survival of the civilian population", with drinking water supplies listed specifically as an example. Of course anything that mission-critical shouldn't be on the Internet in the first place.
Slashdot Mirror
>Using the word "homophobia" in regard to a legal choice to beleive one's religion is HATE speech
Watch and learn. This is how "hate speech" laws will get used in real life. Bigots love to paint themselves as the persecuted party, and they have the political muscle to ram prosecutions through.
(What religion is that, by the way? If it believes in Leviticus 20:13 then it believes in the death penalty for homosexuals).
>It seems to me that if they know enough about the kiddie pr0n sites to block them- they should have enough information to provide authorities to get them shut down.
There's no real way to put a newsgroup in jail, and the web sites may be in countries where the operators have an under$standing with law enforcement.
The article was about a guy who's an expert on making ultralight cars crashworthy. His light cars would not be like the light cars on the road today.
>Giant SUV hybrids tend to get 2-3mpg more than their non-hybrid counterparts.
A Chevy Suburban (the first giant SUV that came to mind), according to EPA city numbers and the anecdotal reports of owners, is around 15 mpg. If it were available in a hybrid, and got only a 3 mpg improvement, that would be 20%. 20% of an SUV's consumption is a lot of gas.
>They're a joke.
Well, there is the lipstick-on-a-pig aspect to improving the drivetrain on a giant SUV. But if there's anybody out there who actually needs one, I'd rather he or she were driving a hybrid.
And tragedy doesn't deserve to be allowed to crush our spirits.
I told my wife that I was disturbed by how hard I laughed at www.netfunny.com/rhf/jokes/96q1/seuss2.html, and she reminded me of the Thomas More quote "The Devil, the proud spirit, cannot endure to be mocked."
The article doesn't mention whether there's some actual reason to believe Chinese sources are involved or whether it's just Chinese IP addresses.
If China is attacking from their own IP addresses then they are incompetent.
If someone knows that a judge, outside his own chain of command, will see what he's doing, then he might think twice about abusing power.
There's a eutectic alloy of sodium and potassium that's liquid at room temperature. I guess they're not using gallium, which is safer than sodium, because it's incompatible with steel.
There's been some movement in that direction but it's not complete or comprehensive.
Under HIPAA, encryption is not required but is "addressable", which means you've got to at least do something just as good and document how it's at least as good and why you're using it instead.
Many breach laws exempt you from disclosure requirements if you stored the data encrypted.
The Payment Card Industry's private sector regulations for credit card data require it to be stored in some kind of obscured form, with crypto being only one of several options.
They could, but the part of a takedown request where you assert that you are the copyright holder or their agent is made under penalty of perjury. A mass DMCA DoS would be legally actionable.
It's worth giving LEDs another look. Every time I go shopping I find another jump in light output.
Phone companies in the US, maybe elsewhere, are legally required to facilitate eavesdropping under CALEA. End to end encrypted data services such as Skype and Hushmail have escaped this so far.
Will they be faced with the dilemma of changing their architecture versus being banned? Will they lose confidence no matter what? Hushmail at least used to publish their source code, but Skype is closed source and the binary is heavily obfuscated.
>>And what did he think they were going to do when they caught him, give him a raise and a promise to change their cheap lazy ways?
>They could have addressed the problem and rewarded the child who dared to laugh at the naked emperor.
Punishing employees who let you know about problems is like disconnecting your smoke detector. Some of the big security policy frameworks call for a policy statement that *requires* reporting of security problems. If TJX had been my client, they would have been advised to go one step beyond that to encourage bug reports.
>What security people don't understand is that good security can be very, very, VERY expensive.
Good security is proportional to the assets being protected and the level of threat. Good security includes supporting the "availability" leg of the confidentiality-integrity-availability triad, which means that a security measure that prevents business from getting done is poor security as well as poor business.
Good management recognizes that using non-blank passwords is cheaper than $17 million in immediate costs for the breach (*) and total costs over $250 million (**).
(*) From the TJX earnings statements last year.
(**) TJX public announcement. Other estimates are much higher.
It's not just PCI fines that a merchant needs to think about: a bunch of banks sued TJX over the breach.
>short of a completely encrypted drive, you are pretty much SOL if someone has physical access to your machine.
Even that doesn't help if the encryption relies on a password rather than a key from some physical token. The person with physical access can just plug in a hardware keylogger and record the password.
>However I have to wonder: once you have access to the filesystem, why exactly would you bother booting into Vista and getting yourself a privileged cmd.exe? Why not just access whatever data you want from the other OS?
Here's an example that's come up when I've done forensics work. Suppose you need information such as a stored password that lives in Windows's "protected storage". Conceptually, it's encrypted based on the user's login. You can maybe reverse-engineer the encryption and brute-force the password, or use chntpw to change the password (yes, of COURSE you do this on a copy and not the original) and log in, or bypass the limitations of chntpw and go straight for root access.
Not only that, HIPAA doesn't give you recourse to the civil courts. There's no private right of action under HIPAA. There's been one attempt to sue for negligence on the theory that HIPAA sets a standard of care: dunno how that turned out.
(My doctor's office has documents with labels that say "HIPPA". I've given up on ever having it spelled correctly.)
If you live long enough, or if you get cancer early, you'll find yourself dealing with multiple medical professionals who aren't very good at sharing records with each other. Being able to point one doctor to the test results from another doctor can at the least save time and money and at best improve quality of care.
There's also the issue of the sorts of things people use MedicAlert bracelets for. I knew someone who was short on clotting factors and went to the hospital with chest pains. They told him something usually appropriate for a heart attack: they told him to take aspirin. Oops. Shared, readily accessible records could have prevented this accident.
That's the upside, the downside is obvious.
>When was the last time , or the first time, you heard of someone sniffing sensitive data in mid transmission?
TJX. It escalated to a compromise of the servers but started off with wi-fi eavesdropping.
The Wall of Sheep at DefCon.
Hannaford's breach, according to their CEO, was compromised "during transmission of card authorization".
>You are at much higher risk for either your HR department or the consultant doing something stupid with the source or result files on their network.
Which is your actual point, and is true and important.
300 Ghz, I'm almost certain.
Server Name Identification in RFC 3546 is supposed to help with this, if it ever gets adopted.
AES was designed with fast hardware implementations in mind.
The relevant provision is in the 1979 protocol, article 54. It covers infrastructure "indispensable to the survival of the civilian population", with drinking water supplies listed specifically as an example. Of course anything that mission-critical shouldn't be on the Internet in the first place.