Re:It seems so elementary to me...
on
Zero Day Threat
·
· Score: 1
Perhaps your cell phone is your friend here, and you get an SMS for every transaction...
Along these lines, my bank recently introduced a new security measure. Anytime I want to login to online banking, I enter my username and their system sends me an email with a session-specific link. Only after receiving the email, clicking the link, then entering my password can I actually get into my bank account.
Initially I thought this was a huge pain in the ass, but having used it a number of times now, I'm really quite pleased with it. The technique essentially renders cracking and phishing ineffective in one step. Since you can't enter your password until after you've authenticated via email, there's no way to brute-force an account, and a password is useless to a phisher unless he can also read your email. Plus, if anyone else inputs my username into the bank's website, I'm going to get an email notification about it.
I like the system and I wish this sort of challenge/response session validation would catch on with more financial institutions.
But wait, actually, according to my understanding of current PCI rules, they can have it on file, so long as it's secure from hacking. Not fraud, hacking.
That's the crux of the problem. If the current standard allows a merchant to store your credit card number in such a manner that it's available for their customer support phone-jockeys to look up on a whim, unobfuscated, then the standard is broken.
Where at? I'm in the Memphis area, and I'm forking over $60/month for Comcast cable internet. Verizon isn't here and BellSouth's DSL offerings weren't very attractive the last time I checked. Isn't it great having so many choices?
If an event of this magnitude can go off with hardly a hitch, then why is it exactly that we need (the ISPs need) traffic shaping, bandwidth caps, and throttling?
Because this event, whatever the magnitude, was of precisely the downstream/"push" nature that the ISPs love. Their networks, cable in particular, are engineered in such a way that users can download orders of magnitude more than they upload, and things will work just fine; it's the uploading (p2p, etc) that scares them. It's all good when you're streaming video and surfing the web and checking your email, most of which involve very little upstream traffic.
I'd say the best measure of a wiki's effectiveness is probably a thorough analysis of the access logs for the web server where the wiki lives. Run them through something like awStats (personal favorite) and see what you get. Are people in your organization actually visiting the wiki? Which pages are most frequently accessed, and by whom? How many users are hitting the Edit or History portions of a page, as opposed to simply viewing static content? These are solid, quantitative numbers, and presented in a "dashboard" style format like you can get from awStats, that will probably satisfy the PHBs.
I try to avoid orphaned pages altogether. Every page in your wiki should fall under some umbrella or hierarchy, even if it's just a catch-all like "Miscellaneous," so that it can easily be found by people who didn't know it was there.
In my experience, people tend to use wikis one or both of two ways: either they do a title/text search to find a particular topic, or they just start exploring and reading what they have access to. The latter can be a great way to get new hires up to speed, or for people to gain knowledge about various business processes in their downtime. Orphaned pages are only accessible by search and IMO defeat half the purpose of having a wiki.
Thanks, I was just about to go dig that up myself. Every couple of days, someone new shows up on DZone claiming to have "discovered" this "new attack" (typically by having been a victim of it), and the meme makes the rounds yet again. Quite frustrating hearing so many cries of wolf.
There used to be a time when you read tech-news first on slashdot.
If it's any consolation, this appears to be a quasi-dupe of this story from a few days ago. It's not the same article, but it's the same event. Slashdot wasn't days behind until they posted the dupe.
IIRC, the woman's daughter was either directly involved or at least complicit in setting up the MySpace account that was used for the harassment. Too lazy to find a cite.
The problem for the RIAA is that when they downloaded the files, they were authorized to download the files (as representatives of the copyright holders) and thus, because this was an authorized download it does not provide evidence of a copyright violation.
Doesn't it, though? Certainly whoever uploaded the files was not authorized to distribute them. That's the copyright violation.
The FBI has obviously repeatedly targeted people without sufficient evidence in this case. Obviously the guys life would be ruined, guilt or innocence be damned.
Hatfill filed suit against the DoJ, won a pile of cash and continuing payments of $150K per annum. If I had been falsely accused of this, I sure wouldn't off myself; I'd sit back and wait for the big payday. Obviously that's just me, but I'd be willing to get dragged through the news for a few days if it meant I'd be set for life afterwards.
We'll start with the most vile of books, e.g. hate speech, terrorism aids, anything about manufacturing weapons like The Anarchist Cookbook or nuclear physics texts, etc. Then we'll move our way up the chain to progressively more subtle subversive threats like 1984 and anything by Ayn Rand.
Don't forget the bible. There's a ton of hatred, racism, murder, and sexual deviance in that book.
I fall somewhere into the 21-200 realm; usually it's random notes about things I need to do later in the day/week. I'll grab the nearest sheet of paper and begin using it as a note pad, then repeat that process for several months until I have a large stack of papers at my desk, all with cryptic writings on both sides. Eventually I become fed up with the stack and purge it, sort of interesting to leaf back through the past few months' worth of notes (to ensure I'm not trashing anything I still need).
It strikes me that English is likely not the first language of many of these typographers, yet all but one provided their sample written in English. I wonder if that unintentionally skewed the samples for the better?
It's been nearly a decade since I've put pen[cil] to paper in another language, but I know that when I was writing French in high school, I did much better at penmanship than when I was taking notes in class or doing other day-to-day writing. It wasn't so much a conscious effort at making my handwriting look better, as it was the natural delay in writing something down slowly as I translated it in my head. I imagine it's a similar principle to forging a signature; you're being very deliberate about what you write, so it tends to come out looking cleaner.
That said, Erik and Dino have really cool handwriting. My own daily jottings typically resemble Goran's - and that's writing in my native language! I could probably qualify to be a doctor based upon my handwriting alone; guess it's a good thing that I type well.
I held out so much hope all during the trial process that Hans wasn't guilty. And even after he'd been convicted, I held onto the cynical thought that Nina was alive and well somewhere in Russia, laughing at all of this, and that someday it would all be revealed as a fraud.
It would be nice if the author explained why he thinks that everybody should have a web presence.
I suspect the idea is that if you maintain your own website, people who are Googling you at random will come across that first, and may not pay attention to the shady results at all. Your name is essentially your very own brand; might as well try to paint it in a decent light.
Slashdot Mirror
If they put caps on service, there will be a lot of competition making out good on it. I will cancel that day if they put caps on bandwidth.
There's no "if" about it. Comcast has already announced that the 250GB/month cap will begin on October 1st.
Memphis Area Teachers Credit Union. Their online banking product uses FundsXpress, so similar security may be in place at other institutions using that vendor.
Perhaps your cell phone is your friend here, and you get an SMS for every transaction...
Along these lines, my bank recently introduced a new security measure. Anytime I want to login to online banking, I enter my username and their system sends me an email with a session-specific link. Only after receiving the email, clicking the link, then entering my password can I actually get into my bank account.
Initially I thought this was a huge pain in the ass, but having used it a number of times now, I'm really quite pleased with it. The technique essentially renders cracking and phishing ineffective in one step. Since you can't enter your password until after you've authenticated via email, there's no way to brute-force an account, and a password is useless to a phisher unless he can also read your email. Plus, if anyone else inputs my username into the bank's website, I'm going to get an email notification about it.
I like the system and I wish this sort of challenge/response session validation would catch on with more financial institutions.
Best Western.
But wait, actually, according to my understanding of current PCI rules, they can have it on file, so long as it's secure from hacking. Not fraud, hacking.
That's the crux of the problem. If the current standard allows a merchant to store your credit card number in such a manner that it's available for their customer support phone-jockeys to look up on a whim, unobfuscated, then the standard is broken.
Where at? I'm in the Memphis area, and I'm forking over $60/month for Comcast cable internet. Verizon isn't here and BellSouth's DSL offerings weren't very attractive the last time I checked. Isn't it great having so many choices?
If an event of this magnitude can go off with hardly a hitch, then why is it exactly that we need (the ISPs need) traffic shaping, bandwidth caps, and throttling?
Because this event, whatever the magnitude, was of precisely the downstream/"push" nature that the ISPs love. Their networks, cable in particular, are engineered in such a way that users can download orders of magnitude more than they upload, and things will work just fine; it's the uploading (p2p, etc) that scares them. It's all good when you're streaming video and surfing the web and checking your email, most of which involve very little upstream traffic.
Wait - you mean John McCain didn't really tap Osama bin Laden as his running mate?
I'd say the best measure of a wiki's effectiveness is probably a thorough analysis of the access logs for the web server where the wiki lives. Run them through something like awStats (personal favorite) and see what you get. Are people in your organization actually visiting the wiki? Which pages are most frequently accessed, and by whom? How many users are hitting the Edit or History portions of a page, as opposed to simply viewing static content? These are solid, quantitative numbers, and presented in a "dashboard" style format like you can get from awStats, that will probably satisfy the PHBs.
I try to avoid orphaned pages altogether. Every page in your wiki should fall under some umbrella or hierarchy, even if it's just a catch-all like "Miscellaneous," so that it can easily be found by people who didn't know it was there.
In my experience, people tend to use wikis one or both of two ways: either they do a title/text search to find a particular topic, or they just start exploring and reading what they have access to. The latter can be a great way to get new hires up to speed, or for people to gain knowledge about various business processes in their downtime. Orphaned pages are only accessible by search and IMO defeat half the purpose of having a wiki.
I guess it'll be interesting, then, to see whether or not the "Wii Jack" makes it to retail...
What about loud music? Foul odors? Constantly having 30 people over and taking up all the street parking?
Howdy, neighbor! Did you know I'm also stealing your wireless and shagging your daughter?
Thanks, I was just about to go dig that up myself. Every couple of days, someone new shows up on DZone claiming to have "discovered" this "new attack" (typically by having been a victim of it), and the meme makes the rounds yet again. Quite frustrating hearing so many cries of wolf.
There used to be a time when you read tech-news first on slashdot.
If it's any consolation, this appears to be a quasi-dupe of this story from a few days ago. It's not the same article, but it's the same event. Slashdot wasn't days behind until they posted the dupe.
IIRC, the woman's daughter was either directly involved or at least complicit in setting up the MySpace account that was used for the harassment. Too lazy to find a cite.
The problem for the RIAA is that when they downloaded the files, they were authorized to download the files (as representatives of the copyright holders) and thus, because this was an authorized download it does not provide evidence of a copyright violation.
Doesn't it, though? Certainly whoever uploaded the files was not authorized to distribute them. That's the copyright violation.
The FBI has obviously repeatedly targeted people without sufficient evidence in this case. Obviously the guys life would be ruined, guilt or innocence be damned.
Hatfill filed suit against the DoJ, won a pile of cash and continuing payments of $150K per annum. If I had been falsely accused of this, I sure wouldn't off myself; I'd sit back and wait for the big payday. Obviously that's just me, but I'd be willing to get dragged through the news for a few days if it meant I'd be set for life afterwards.
I've had this happen to me with spam copied from one of my own wikis.
Well that's easy enough to fix, just stop posting spam on your own wikis!
We'll start with the most vile of books, e.g. hate speech, terrorism aids, anything about manufacturing weapons like The Anarchist Cookbook or nuclear physics texts, etc. Then we'll move our way up the chain to progressively more subtle subversive threats like 1984 and anything by Ayn Rand.
Don't forget the bible. There's a ton of hatred, racism, murder, and sexual deviance in that book.
I kinda take offence when people try to make general comments racist.
POOL'S CLOSED
I like this as a poll idea.
I fall somewhere into the 21-200 realm; usually it's random notes about things I need to do later in the day/week. I'll grab the nearest sheet of paper and begin using it as a note pad, then repeat that process for several months until I have a large stack of papers at my desk, all with cryptic writings on both sides. Eventually I become fed up with the stack and purge it, sort of interesting to leaf back through the past few months' worth of notes (to ensure I'm not trashing anything I still need).
It strikes me that English is likely not the first language of many of these typographers, yet all but one provided their sample written in English. I wonder if that unintentionally skewed the samples for the better?
It's been nearly a decade since I've put pen[cil] to paper in another language, but I know that when I was writing French in high school, I did much better at penmanship than when I was taking notes in class or doing other day-to-day writing. It wasn't so much a conscious effort at making my handwriting look better, as it was the natural delay in writing something down slowly as I translated it in my head. I imagine it's a similar principle to forging a signature; you're being very deliberate about what you write, so it tends to come out looking cleaner.
That said, Erik and Dino have really cool handwriting. My own daily jottings typically resemble Goran's - and that's writing in my native language! I could probably qualify to be a doctor based upon my handwriting alone; guess it's a good thing that I type well.
Why?
Because I sort of hoped he hadn't done it.
Fuck you, ShaunC.
Don't you mean "fsck you?"
I held out so much hope all during the trial process that Hans wasn't guilty. And even after he'd been convicted, I held onto the cynical thought that Nina was alive and well somewhere in Russia, laughing at all of this, and that someday it would all be revealed as a fraud.
Good luck, Hans.
It would be nice if the author explained why he thinks that everybody should have a web presence.
I suspect the idea is that if you maintain your own website, people who are Googling you at random will come across that first, and may not pay attention to the shady results at all. Your name is essentially your very own brand; might as well try to paint it in a decent light.