It seems like just desserts to me since they are responsible for a LARGE portion of the spyware that we end up removing from PC's on a regular basis.
Some of them aren't. A lot of them run a perfectly legitimate business advertising through tradiaiton means.
In addition, I fail to see what benefit you provide anyone. Someone mentioned taxes. Most of the gambling sites are located in a few countries in Central America (like Belize) where the money is usually paid to a corrupt goverment that uses it to more efficiently repress the local population. There is strong evidence that the cocaine cartels are involved.
This is because the US is so hard on gambling. The crime organisations get involved. The ones mentioned in the article seem to be UK sites. Gambling pays a decent amount to the treasury, and it tightly regulated by the government.
When the BSE story first broke, the UK government tried to convince the British public that British beef was safe
Well, you're about 50 times more likely to choke on a steak than contract CJD from it, and several hundred times more likely to die from a heart attack from eating too many burgers. Plus there's not really enough statisitcal evidence to draw a definite conclusion about the cause of CJD. I think the government might have had a point.
I think Monsanto already did. Which is why they won.
Not quite sure how, but from what I hear it seems that the farmer was using the herbicide that these crops were resistant to. Why would he be using the herbicide if he didn't think the crops were resistant?
While I have a lot of sympathy for the farmer, and absolutely hate Monsanto (I figure they have all the bad points of Microsoft, and SCO with none of the redeeming features) I think the media missed out some impoortant information.
Then again, I don't think genetics should be patentable in the first place. Firstly, because genes reproduce. That's their primary purpose. Secondly there is a de facto monopoly of one growing season before anyone can compete. Thirdly - in this case - they have a patent on their herbicide.
It's niot that Im neccesarily against genetic patents per se, it's just that they need to be reworked rather than applying existing patent laws to them.
Alice is a known person. She is considerably less likely to be blackhats than the least trustworthy person who will read a publicly announced security bulletin. Bob (the admin - damn should have had Alice as the admin) and the hacker have the same information as each other.
Also, even if Alice is a blackhat, the exploit is only given to one person. She may or may not spread the exloit, but if the problem is announced publically, considerably more blackhats will know of it increasing the risk of a publically distributed exploit.
I think my current position based on the responses so far is that there should be full disclosure that there is a bug in a given application, perhaps some indication of what type of bug it is, and any information on how to reduce risk.
If we assume that at least one black hat knows of the exploit (so there's no excuse to procrastinate over the fix), surely we should also assume that at least one blackhat does not know but will learn all information before the administrator. So before we release any information we have to consider whether it will be more useful to the admin or to the second blackhat.
I'm assuming that the bug report goes to the developers. If Mallory doesn't have it its because he's not submitted anything substantial to a related project.
Depends whether we're talking about theoretical security, or practical real world examples. In security theory, Alice is not a trusted person.
But in the real world, Alice has shown that she has contributed a number of security patches, has a number of people in the community willing to vouch for her, and her name and address are public. While there's a risk that one of the people we trust is a blackhat, if the information is released to everybody, in all probability, a lot of the blackhats will receive the information.
We should still assume that the blackhats already know about the exploit. We should also assume that they don't, and take the course of action that works best given that both assumptions are true.
Cracker finds expolit but tells his buddy joe. Joe reports the vulnerability to some closed list. Cracker in the mean time exploits a 1000 machines because no patch is available...
Well, there is that. But it all depends on how many bugs are detected by the blackhats first, and how much more quickly a fix is produced with full disclosure. Unless you have metrics for both of these, it's all guesswork which is better.
...and there is no disclosure while the originator is taking his own
sweet time putting together a patch because nobody supposedly knows about it
But I disagree with this. We can assume that there are quite a few people on this closed list who see the urgency.
I also want immediate disclosure so I can defend myself. I don't need to wait for a patch I can patch my own software if I know about it.
I want to know there is a flaw. And some indication of what I can do to reduce the risk, but I don't need precise details, and certainly not a working proof of concept exploit (which would presumably be included in "full disclosure").
Take for instance a while back there was a linux worm released that copied a file to tmp or something.
But that's different. That was a hole that we know is already known to the blackhats and is already being exploited.
Scenario 1: Bug is detected. Full disclosure including exploit.
Result: Mallory uses exploit. Alice releases a bugfix, Bob applies the fix. If it takes Alice andBob longer than Mallory, the server is compromised.
Scenario 2: Bug is detected. Kept quiet.
Result: Eventually Mallory detects the same bug. Exploits it. Server compromised.
Scenario 3: Bug is detected. Released only to trusted developers.
Result: Alice releases bugfix. Announces that it fixes a security hole. Gives general details of what the bug is. Mallory has to work out the details and exploit it. This gives bob a lot more time to apply the patch than scenario 1.
So what's so great about full immediate disclosure?
Yes, It is FUD isn't it. For certain applications it can be an issue, but all you need is to have a company web site with the Linux source code (including any modifications you made), freely available for download.
Also, he fails consider that Windows CE has licencing issues, and the SDK has its own licence. And you need a licence per developer for the OS that these run on.
Claim 25 may be enforceable, but it will also be a lot more specific. The claim has to be enforcable, and the application has to actually violate that specific claim.
There's more than those two. How about Ewan McGreggor and Pierce Brosnan? And we only need someone who can play British. Elijah Wood and Sean Astin must both be big names after LotR. Are the McGanns known outside Britain? Ioan Gruffudd is British, and was seen as good enough for Fantastic Four. Personally, my top choices would be Jack Davenport or Sean Bean. Admittedly, they're not huge names, but neither were Toby MagGuire or Ron Perlman. People still saw the comic book movies with them in.
I would expect the powers of arrest and detention to be explicitely specified in the law. I'm also pretty certain that there is no explicit law that allows the police to attach a GPS device to a car.
The police would surely have to demonstrate that they have a right that the general public doesn't if anyone tried to attach a GPS tracker to a police car.
Contracts can be renegotiated. I wonder what the reaction would be if you suggested that you would be more likely to invent something if you were offered a percentage of its value.
They might take it as a hint that you have already had an idea and were keeping it quiet unless they pay you extra for it.
Well, change of hair colour I can live with. And a total change of appearance as long as they don't make him too clean. But they really should have got a brit. Or at least an actor.
I think they changed the character to an American. Which is typical laziness on Hollywood's part. It's not like there's a shortage of British actors. There's even quite a few American actors who can do a decent accent.
Well, it's your own fault for continuing to work there.
Actually that's a little unfair, but really, they don't seem to value you as an employee so you owe them no loyaltee. It's time to look for a new job. You're in a good position to, you have nothing to lose, something to gain, and it means that employers have marginally more incentive to value their employees.
Nope. It's a hacker. The term has been in common use since 1984. The fact that a load of geeks desperately want to reclaim it doens't mean the usage is wrong.
I have no idea why any geek would want to reclaim it though. After Jurassic park, any positive connotations are clearly lost.
It seems like just desserts to me since they are responsible for a LARGE portion of the spyware that we end up removing from PC's on a regular basis.
Some of them aren't. A lot of them run a perfectly legitimate business advertising through tradiaiton means.
In addition, I fail to see what benefit you provide anyone. Someone mentioned taxes. Most of the gambling sites are located in a few countries in Central America (like Belize) where the money is usually paid to a corrupt goverment that uses it to more efficiently repress the local population. There is strong evidence that the cocaine cartels are involved.
This is because the US is so hard on gambling. The crime organisations get involved. The ones mentioned in the article seem to be UK sites. Gambling pays a decent amount to the treasury, and it tightly regulated by the government.
When the BSE story first broke, the UK government tried to convince the British public that British beef was safe
Well, you're about 50 times more likely to choke on a steak than contract CJD from it, and several hundred times more likely to die from a heart attack from eating too many burgers. Plus there's not really enough statisitcal evidence to draw a definite conclusion about the cause of CJD. I think the government might have had a point.
I think Monsanto already did. Which is why they won.
Not quite sure how, but from what I hear it seems that the farmer was using the herbicide that these crops were resistant to. Why would he be using the herbicide if he didn't think the crops were resistant?
While I have a lot of sympathy for the farmer, and absolutely hate Monsanto (I figure they have all the bad points of Microsoft, and SCO with none of the redeeming features) I think the media missed out some impoortant information.
Then again, I don't think genetics should be patentable in the first place. Firstly, because genes reproduce. That's their primary purpose. Secondly there is a de facto monopoly of one growing season before anyone can compete. Thirdly - in this case - they have a patent on their herbicide.
It's niot that Im neccesarily against genetic patents per se, it's just that they need to be reworked rather than applying existing patent laws to them.
HDTV? Where did they get an HDTV feed of the episodes from?
:)
It's like any game. Since you don't know which is true, you have to plan for both situations.
Alice is a known person. She is considerably less likely to be blackhats than the least trustworthy person who will read a publicly announced security bulletin. Bob (the admin - damn should have had Alice as the admin) and the hacker have the same information as each other.
Also, even if Alice is a blackhat, the exploit is only given to one person. She may or may not spread the exloit, but if the problem is announced publically, considerably more blackhats will know of it increasing the risk of a publically distributed exploit.
I think my current position based on the responses so far is that there should be full disclosure that there is a bug in a given application, perhaps some indication of what type of bug it is, and any information on how to reduce risk.
If we assume that at least one black hat knows of the exploit (so there's no excuse to procrastinate over the fix), surely we should also assume that at least one blackhat does not know but will learn all information before the administrator. So before we release any information we have to consider whether it will be more useful to the admin or to the second blackhat.
I'm assuming that the bug report goes to the developers. If Mallory doesn't have it its because he's not submitted anything substantial to a related project.
Depends whether we're talking about theoretical security, or practical real world examples. In security theory, Alice is not a trusted person.
But in the real world, Alice has shown that she has contributed a number of security patches, has a number of people in the community willing to vouch for her, and her name and address are public. While there's a risk that one of the people we trust is a blackhat, if the information is released to everybody, in all probability, a lot of the blackhats will receive the information.
Isn't that essentially the same as scenario 2?
We should still assume that the blackhats already know about the exploit. We should also assume that they don't, and take the course of action that works best given that both assumptions are true.
Cracker finds expolit but tells his buddy joe. Joe reports the vulnerability to some closed list. Cracker in the mean time exploits a 1000 machines because no patch is available...
...and there is no disclosure while the originator is taking his own
sweet time putting together a patch because nobody supposedly knows about it
Well, there is that. But it all depends on how many bugs are detected by the blackhats first, and how much more quickly a fix is produced with full disclosure. Unless you have metrics for both of these, it's all guesswork which is better.
But I disagree with this. We can assume that there are quite a few people on this closed list who see the urgency.
I also want immediate disclosure so I can defend myself. I don't need to wait for a patch I can patch my own software if I know about it.
I want to know there is a flaw. And some indication of what I can do to reduce the risk, but I don't need precise details, and certainly not a working proof of concept exploit (which would presumably be included in "full disclosure").
Take for instance a while back there was a linux worm released that copied a file to tmp or something.
But that's different. That was a hole that we know is already known to the blackhats and is already being exploited.
Scenario 1: Bug is detected. Full disclosure including exploit.
Result: Mallory uses exploit. Alice releases a bugfix, Bob applies the fix. If it takes Alice andBob longer than Mallory, the server is compromised.
Scenario 2: Bug is detected. Kept quiet.
Result: Eventually Mallory detects the same bug. Exploits it. Server compromised.
Scenario 3: Bug is detected. Released only to trusted developers.
Result: Alice releases bugfix. Announces that it fixes a security hole. Gives general details of what the bug is. Mallory has to work out the details and exploit it. This gives bob a lot more time to apply the patch than scenario 1.
So what's so great about full immediate disclosure?
I'd suggest Adequacy. Except it looks like someone beat him to it
Yes, It is FUD isn't it. For certain applications it can be an issue, but all you need is to have a company web site with the Linux source code (including any modifications you made), freely available for download.
Also, he fails consider that Windows CE has licencing issues, and the SDK has its own licence. And you need a licence per developer for the OS that these run on.
Claim 25 may be enforceable, but it will also be a lot more specific. The claim has to be enforcable, and the application has to actually violate that specific claim.
There's more than those two. How about Ewan McGreggor and Pierce Brosnan? And we only need someone who can play British. Elijah Wood and Sean Astin must both be big names after LotR. Are the McGanns known outside Britain? Ioan Gruffudd is British, and was seen as good enough for Fantastic Four. Personally, my top choices would be Jack Davenport or Sean Bean. Admittedly, they're not huge names, but neither were Toby MagGuire or Ron Perlman. People still saw the comic book movies with them in.
I would expect the powers of arrest and detention to be explicitely specified in the law. I'm also pretty certain that there is no explicit law that allows the police to attach a GPS device to a car.
The police would surely have to demonstrate that they have a right that the general public doesn't if anyone tried to attach a GPS tracker to a police car.
Contracts can be renegotiated. I wonder what the reaction would be if you suggested that you would be more likely to invent something if you were offered a percentage of its value.
They might take it as a hint that you have already had an idea and were keeping it quiet unless they pay you extra for it.
Well, change of hair colour I can live with. And a total change of appearance as long as they don't make him too clean. But they really should have got a brit. Or at least an actor.
I think they changed the character to an American. Which is typical laziness on Hollywood's part. It's not like there's a shortage of British actors. There's even quite a few American actors who can do a decent accent.
Fair enough. It's just surprising how often getting a new job just doesn't occur to people.
Well, it's your own fault for continuing to work there.
Actually that's a little unfair, but really, they don't seem to value you as an employee so you owe them no loyaltee. It's time to look for a new job. You're in a good position to, you have nothing to lose, something to gain, and it means that employers have marginally more incentive to value their employees.
They may be expensive but they're very energy efficient, and they last forever. It's a long term saving.
Nope. It's a hacker. The term has been in common use since 1984. The fact that a load of geeks desperately want to reclaim it doens't mean the usage is wrong.
I have no idea why any geek would want to reclaim it though. After Jurassic park, any positive connotations are clearly lost.
which he used to monitor U.S. Secret Service e-mail,
In soviet russia
The criminals spy on the secret service.