In every one of your example, notice the equal sign..... that would mean that yes the two sides are proportional to each other even though you have written them differently... If China tries to take out the US power grid, the proportional response is take out their power grid. I do not understand why the means of attack really matter that much. If China fires a missile at the US, can the US only return fire with a missile? No that would be absurd, the same thing is true for hacking.
Welcome to the world of free cloud based services, where you the user don't really matter, you own nothing and you should be happy Google gave you the privilege of using something as long as they did....
A state-sponsored cyber-attack with consequences such as taking out infrastructure inside of another country is an act of war. If someone were to attack the US power grid, damn straight we have a right to kill people in that country. If this is an individual, we have the right to request their arrest and extradition. If that country refuses to intervene and prevent such attacks when they are capable of doing so, that is also an act of war. We cannot allow people to attack infrastructure without real consequences.
When considering state-sponsored hacking, responsibility needs to be traced back to the state level, not the individual. Additonally, the proportional response should be based on the intended outcome of the attack. If China tries to take out the US power grid, the proportional response should be to take out their power grid by a means of our choosing. That may or may not include physical damage, missiles etc. We all know that cyber-attacks can have real world consequences, they must be met with real-world responses. Attacking the "hacker" is like trying to go after the soldier who fired the missile, rather than the country he works for.
You have assumed 2 things... A) we have to get this information the info on who is responsible by tracing the attacker's footsteps, we can obtain this information via old fashioned espionage, say an inside guy
B) that we would retaliate against the specific person who performed the attack. If an attack is funded by a nation-state, the proportional response can be against that nation-state, not the individual. If China were to take out our electrical grid, the proportional response is to take out theirs, by whatever means we want to, not kill the guy who did it.
Or the other possibility is that what is being said in western media is mostly the truth. Al-Jazeera is hardly the "Western Media" and confirms most of the reports shown in western media regarding Syria, Ass-ad (I presume this translates to "head ass") is just getting desperate.
I'm surprised so many slashdotters agree with Schneier, when this view of security is overly simplistic idealism.
To continue the car analogy... As with the safe operation of a motor vehicle, some responsibility lies with the operator of the vehicle and some lies in proper design and maintenance of the system. The average driver no nothing about how the air bag is designed or how crash zones work. They may know nothing about routine maintenance such as changing the brakes. If these are not done properly, no matter what actions the driver takes the car is not safe. Conversely a perfectly designed and maintained vehicle can be operated in an unsafe manner by an operator. A computer operator, as the driver a car, will always be able to operate the equipment in an unsafe manner. You might be able to make a user have a secure password, you can never prevent them from logging in their friend or falling victim to social engineering. Schneier's inability to recognize that a good security policy INCLUDES staff training brings into question his judgment.
So let me understand, NK gains access to patch servers, can upload an infected update/patch to several hundred computers essentially letting them run arbitrary code and the best they could do was it make it so they did boot? It is either the most pathetic attempt at a government-sponsored cyber-attack to date (consistent with Fat Kim III regime's track-record) or it really was just some bad update....
In addition to the ad campaign, the Internet needs to start playing so politics of its own... I say create a Super PAC using crowd-sourced funds that goes out and specifically targets and campaigns against individual senators and representatives that support CISPA. Keep a running total of the money that will be used for negative ads in LOCAL races when hey are next up for election. Make their support of CISPA cost them their job.
And I want to stop world hunger and end all wars. We can even feed everyone on this planet and their goal is 20Mbps? I love the Internet and all, but considering the fact that many people still die of hunger and disease, isn't this goal a little lofty?
So I guess every successful Google employee is also personally financially responsible? There is nothing that determines personal financial success other than a track record of personal financial success. If there was, your credit score would already take it into consideration.
Spot on... The banks and other creditors realize that there is more to financial success than being smart. Essentially nothing is a great predictor of financial success except past financial success, otherwise your credit score would factor in your IQ or SAT score.
^ This.. The people who would be willing to what amounts to shorting a percentage of yourself in exchange for cash now are ones with now money who don't care about the tax deductions.... They're also the ones with the least to lose by filing bankruptcy..
No, he tried to bolster his own ego and fame. He did not do this to show flaws in the justice system, I'm sure he never thought he would be involved with the justice system over this initially.
This is one of those cases that the defendant should have identified the risk versus reward for releasing this data. He obviously knew the data was not meant to be public otherwise he wouldn't have bothered to send them to prove a security flaw.
Risk: Jail-time
Reward: ? Name recognition? Better security at AT&T?
My equation says no way in hell would I release that data. If you really care about security so much, inform the proper owner of the data, not a news agency.
Ohh yea... I really want ads based on my current health records.... We notice you have high blood pressure, your provider suggests you eat tofu, Tofu is on sale at shoprite today. Even if google SAID they wouldn't use the data for that purpose, do you really believe that at this point?
Slashdot Mirror
I would no longer communicate with the rest of the network, I think they just used routable IPs internally...
In every one of your example, notice the equal sign..... that would mean that yes the two sides are proportional to each other even though you have written them differently... If China tries to take out the US power grid, the proportional response is take out their power grid. I do not understand why the means of attack really matter that much. If China fires a missile at the US, can the US only return fire with a missile? No that would be absurd, the same thing is true for hacking.
I'm pretty sure the US would blow them out of the sky before they ever reached their intended target
Welcome to the world of free cloud based services, where you the user don't really matter, you own nothing and you should be happy Google gave you the privilege of using something as long as they did....
I'm pretty sure a caffeine embargo would defeat the hackers or at least drastically lower their efficiency.
A state-sponsored cyber-attack with consequences such as taking out infrastructure inside of another country is an act of war. If someone were to attack the US power grid, damn straight we have a right to kill people in that country. If this is an individual, we have the right to request their arrest and extradition. If that country refuses to intervene and prevent such attacks when they are capable of doing so, that is also an act of war. We cannot allow people to attack infrastructure without real consequences.
Tax cheats can't take out your electrical or water supplies and are not sponsored by other countries.
When considering state-sponsored hacking, responsibility needs to be traced back to the state level, not the individual. Additonally, the proportional response should be based on the intended outcome of the attack. If China tries to take out the US power grid, the proportional response should be to take out their power grid by a means of our choosing. That may or may not include physical damage, missiles etc. We all know that cyber-attacks can have real world consequences, they must be met with real-world responses. Attacking the "hacker" is like trying to go after the soldier who fired the missile, rather than the country he works for.
You have assumed 2 things... A) we have to get this information the info on who is responsible by tracing the attacker's footsteps, we can obtain this information via old fashioned espionage, say an inside guy B) that we would retaliate against the specific person who performed the attack. If an attack is funded by a nation-state, the proportional response can be against that nation-state, not the individual. If China were to take out our electrical grid, the proportional response is to take out theirs, by whatever means we want to, not kill the guy who did it.
Or the other possibility is that what is being said in western media is mostly the truth. Al-Jazeera is hardly the "Western Media" and confirms most of the reports shown in western media regarding Syria, Ass-ad (I presume this translates to "head ass") is just getting desperate.
I'm surprised so many slashdotters agree with Schneier, when this view of security is overly simplistic idealism. To continue the car analogy... As with the safe operation of a motor vehicle, some responsibility lies with the operator of the vehicle and some lies in proper design and maintenance of the system. The average driver no nothing about how the air bag is designed or how crash zones work. They may know nothing about routine maintenance such as changing the brakes. If these are not done properly, no matter what actions the driver takes the car is not safe. Conversely a perfectly designed and maintained vehicle can be operated in an unsafe manner by an operator. A computer operator, as the driver a car, will always be able to operate the equipment in an unsafe manner. You might be able to make a user have a secure password, you can never prevent them from logging in their friend or falling victim to social engineering. Schneier's inability to recognize that a good security policy INCLUDES staff training brings into question his judgment.
Are you sure you really want to set a precedent of pre-emptive punishment?
So let me understand, NK gains access to patch servers, can upload an infected update/patch to several hundred computers essentially letting them run arbitrary code and the best they could do was it make it so they did boot? It is either the most pathetic attempt at a government-sponsored cyber-attack to date (consistent with Fat Kim III regime's track-record) or it really was just some bad update....
In addition to the ad campaign, the Internet needs to start playing so politics of its own... I say create a Super PAC using crowd-sourced funds that goes out and specifically targets and campaigns against individual senators and representatives that support CISPA. Keep a running total of the money that will be used for negative ads in LOCAL races when hey are next up for election. Make their support of CISPA cost them their job.
And I want to stop world hunger and end all wars. We can even feed everyone on this planet and their goal is 20Mbps? I love the Internet and all, but considering the fact that many people still die of hunger and disease, isn't this goal a little lofty?
I agree, anyone who takes one of these loans is really just shorting themselves......
So I guess every successful Google employee is also personally financially responsible? There is nothing that determines personal financial success other than a track record of personal financial success. If there was, your credit score would already take it into consideration.
Spot on... The banks and other creditors realize that there is more to financial success than being smart. Essentially nothing is a great predictor of financial success except past financial success, otherwise your credit score would factor in your IQ or SAT score.
^ This.. The people who would be willing to what amounts to shorting a percentage of yourself in exchange for cash now are ones with now money who don't care about the tax deductions.... They're also the ones with the least to lose by filing bankruptcy..
Bingo... trade student debt for unsecured debt.
The same fine for leaving your door unlocked to your house, none. Making something easy to steal does not negate he fact that it was stolen.
No, he tried to bolster his own ego and fame. He did not do this to show flaws in the justice system, I'm sure he never thought he would be involved with the justice system over this initially.
This is one of those cases that the defendant should have identified the risk versus reward for releasing this data. He obviously knew the data was not meant to be public otherwise he wouldn't have bothered to send them to prove a security flaw. Risk: Jail-time Reward: ? Name recognition? Better security at AT&T? My equation says no way in hell would I release that data. If you really care about security so much, inform the proper owner of the data, not a news agency.
The "Do No Evil" project was scrapped as soon as they started the "Publically Traded Company" project...
Ohh yea... I really want ads based on my current health records.... We notice you have high blood pressure, your provider suggests you eat tofu, Tofu is on sale at shoprite today. Even if google SAID they wouldn't use the data for that purpose, do you really believe that at this point?