Mayor Ronald R. Jones: 201-288-4111
Please be respectful so that he will take your comments seriously. Here is the digest of my message to him:
Good Morning Mayor Jones,
I am calling to share my concerns around the response to the recent actions of Library Director Michele Reutty. I am not a constituent of yours, but I am sure that you now realize that this case has generated International attention for the Borough of Hasbrouck Heights.
I am calling to support emphatically the protection of the privacy of library patrons and the guarding of their records from unnecessary review by law enforcement authorities. This is exactly the protection that was intended by the Fourth Amendment to the United Sates Constitution.
The securing of a warrant by police officers strengthens their case in the prosecution of crimes and protects against sloppy investigative work. Primarily, however, it protects the rights of innocent people, whose records were also reviewed during this investigation.
It is my sincere hope that after careful consideration, aided if necessary by public outcry, Your Honor and the other members of the Borough of Hasbrouck Heights Council will come to understand the wisdom of protecting these rights.
Thank you, Mr. Mayor, for your time.
Hopefully, a full voicemail box will help him get the picture.
Congratulations, Noam, you did it! You registered a domain for the purposes of posting a little rant to indict the entire Security Profession. Then you got Slashdotted. Bravo.
Good thing you included a link to your consulting services in the article byline. Otherwise, people wouldn't know where to go to hire such an insightful luminary. You were also smart enough to make your article inflammatory against the entire security profession, just to drive readership. Again, well done.
The truth is, this could have been a half-decent article that I might share with my C-level folks if it weren't so full of accusations against security professionals. In fact, it would have made a half-decent rant if it weren't so full of inconsistencies and half-truths. What we are left with is drivel, and marketing-driven drivel at that. At least have the courage to post it on your site or your company's site so people can identify it for what it is.
After reading your article, you were so successful in getting me enraged that I had to know, "Who is this jerk, Noem Eppel?" I did a little research.
Are you the same Noem Eppel who said:
The onus should be on the software and security industry - those that are responsible for designing the products - to make software which is not only safe to use by default, but easy to secure.
We as security professional [sic] are drastically failing ourselves, our community and the people we are meant to protect.
Who next will you point your finger at?
I think we can all agree that the state of security is bad, but your insinuation that security professionals are some kind of slackers, content with their own failure because there are "enjoying a surge in business and growing salaries" is disgusting. If you want to indict the character of a profession, you'd better have stronger ground than that to stand on. If you said the same thing about doctors being slackers who are content with their failure because diseases are on the rise, you would be mocked and scorned.
Do you know what gave you away, Mr. Eppel? The constant barrage of unrelated statistics loosely stitched together to reinforce your 'expertise'. Having a day job myself, I don't have time to refute your editorial line by line, so here's my favorite from your article:
In some cases, even our best recommended security practices are failing.
In a recent experiment, AvanteGarde deployed half a dozen systems in honeypot style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet. The average time until a successful compromise was just four minutes!
Which information security professional thinks that "our best recommended security practices" includes deploying systems "using default security settings".
Of course, we are assuming that you are an information security professional. I think it telling that you post no CV, no credentials, not even an email address to offer up your authority to speak on the subject. You use the pronoun, "we", to claim your place among the accused, but offer no evidence, convincing or otherwise, as to why you should be considered a peer among the noble practitioners of this worthy vocation.
Mr. Eppel, you have done what no other journalist, blogger, cyber-idiot, or troll has managed to do. You have insulted my profession and me beyond excuse. I've never felt the need to respond to anything as strongly as your piece of drivel.
I'm posting this reply to Slashdot rather than your site, because I don't believe you have earned the traffic your article has already generated. Although I may be modded down, I would gladly give every bit of karma I have to see this garbage ripped from the web and you forced to apologize publicly for your outrageous remarks.
Go read COBIT or something and leave those of us who are trying to make things better alone.
Once again, the media has overstated a story to attract attention to a non-issue. Regardless of what the IRS decides to do about tax preparers sharing tax information, this practice is already regulated by another law: the Gramm-Leach-Bliley Act(GLBA).
GLBA was passed in 1999 to modernize aspects of the banking industry. Title V prevents financial institutions from selling consumer data without consent from the consumer. Remember a couple of years ago every bank, credit card company, loan agency, and anyone else who touched your money flooded your mailbox with Privacy Policy notices and "opt-out" statements? That was GLBA.
In a former life (large financial company), we looked closely at IPS as a possibility. The big concern was that IPS was based on IDS and it still had way too many false positives and false negatives.
So hooking that stuff up to the "Emergency Shutoff" switch for even rarely used network services was a little scary. We had some events where we put in router rules by hand (block this traffic or that traffic), and they still broke applications we never dreamed of.
In the end, we decided to funnel all of those types of actions through our 24x7 command center. The delay caused by human response time was worth the tradeoff for not killing our own network.
For example when employees were arrested in Turkey because Kurdistan had been shown as a separate entity on maps of the country, a decision was taken to remove Kurdistan from all maps.
"Of course we offended Kurds by doing this but we had offended the Turks more and they were a much more important market for our products. It was a hard commercial decision, not political."
Favorite Quote: "Printer identification - Researchers provided data on how officials could better measure properties of a counterfeit to identify what kind of printer and ink may have been used to produce it."
I'm thinking microscopic RFID tags suspended in the ink would work nicely.
I was referring to the legend that Julius Caesar invented the book as a practice of folding scrolls during some of his military campaigns. I don't know if there is historical basis for it, but I have seen references to it. http://en.wikipedia.org/wiki/Book
For a technophile like me, reading an ebook is fine (I once read the complete stories of Sherlock Holmes stories on my PDA). But for most people, a page turning, bookmarking, throw-it-in-your-bag-and-go book is much more pleasurable to read.
Perhaps the lack of success on ebooks is because reading one just isn't the same.
There's a reason the book format has been popular since Julius Caesar. He didn't have a European power adapter to recharge his ebook!
I was on a flight last week where they specifically mentioned that Centrino laptops must be kept off during the flight.
So if there is integrated wi-fi on the motherboard, will that be the end of laptops on airplanes? Will I have to be content playing the gameboy version of Splinter Cell?:(
The problem with comparing The Matrix to LOTR is that they were written with different purposes in mind.
The Matrix was written to be a fast paced piece of entertainment. The fact that the W Brothers decided to season it with a little philosophy and mysticism only added to the interest. But the deep meaning part was over in the first movie. It's not a life-changing experience. It's entertainment. Looking for the elements of serious literature (or film making) like theme, character development, and deeper meaning, is like requesting the nutritional information on a candy bar.
The LOTR was a three (actually more) volume literary masterpiece long before it was a movie. The fact that the LOTR folks stayed true to the original books enhanced the quality of the movie as a serious work of art. Is it entertaining? Absolutely. But can you also look for all of the serious literary elements and enjoy it on different levels. LOTR has more depth to it because it was written with more depth to begin with.
One is macaroni and cheese. The other is a steak dinner. Enjoy them both, but recognize them for what they are.
Slashdot Mirror
Please be respectful so that he will take your comments seriously. Here is the digest of my message to him:
Hopefully, a full voicemail box will help him get the picture.
Congratulations, Noam, you did it! You registered a domain for the purposes of posting a little rant to indict the entire Security Profession. Then you got Slashdotted. Bravo.
Good thing you included a link to your consulting services in the article byline. Otherwise, people wouldn't know where to go to hire such an insightful luminary. You were also smart enough to make your article inflammatory against the entire security profession, just to drive readership. Again, well done.
The truth is, this could have been a half-decent article that I might share with my C-level folks if it weren't so full of accusations against security professionals. In fact, it would have made a half-decent rant if it weren't so full of inconsistencies and half-truths. What we are left with is drivel, and marketing-driven drivel at that. At least have the courage to post it on your site or your company's site so people can identify it for what it is.
After reading your article, you were so successful in getting me enraged that I had to know, "Who is this jerk, Noem Eppel?" I did a little research.
Are you the same Noem Eppel who said:
The onus should be on the software and security industry - those that are responsible for designing the products - to make software which is not only safe to use by default, but easy to secure.
In 2004?
But today says:
We as security professional [sic] are drastically failing ourselves, our community and the people we are meant to protect.
Who next will you point your finger at?
I think we can all agree that the state of security is bad, but your insinuation that security professionals are some kind of slackers, content with their own failure because there are "enjoying a surge in business and growing salaries" is disgusting. If you want to indict the character of a profession, you'd better have stronger ground than that to stand on. If you said the same thing about doctors being slackers who are content with their failure because diseases are on the rise, you would be mocked and scorned.
Do you know what gave you away, Mr. Eppel? The constant barrage of unrelated statistics loosely stitched together to reinforce your 'expertise'. Having a day job myself, I don't have time to refute your editorial line by line, so here's my favorite from your article:
In some cases, even our best recommended security practices are failing.
In a recent experiment, AvanteGarde deployed half a dozen systems in honeypot style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet. The average time until a successful compromise was just four minutes!
Which information security professional thinks that "our best recommended security practices" includes deploying systems "using default security settings".
Of course, we are assuming that you are an information security professional. I think it telling that you post no CV, no credentials, not even an email address to offer up your authority to speak on the subject. You use the pronoun, "we", to claim your place among the accused, but offer no evidence, convincing or otherwise, as to why you should be considered a peer among the noble practitioners of this worthy vocation.
Mr. Eppel, you have done what no other journalist, blogger, cyber-idiot, or troll has managed to do. You have insulted my profession and me beyond excuse. I've never felt the need to respond to anything as strongly as your piece of drivel.
I'm posting this reply to Slashdot rather than your site, because I don't believe you have earned the traffic your article has already generated. Although I may be modded down, I would gladly give every bit of karma I have to see this garbage ripped from the web and you forced to apologize publicly for your outrageous remarks.
Go read COBIT or something and leave those of us who are trying to make things better alone.
Warmonger. Troll. Charlatan.
Once again, the media has overstated a story to attract attention to a non-issue. Regardless of what the IRS decides to do about tax preparers sharing tax information, this practice is already regulated by another law: the Gramm-Leach-Bliley Act(GLBA).
GLBA was passed in 1999 to modernize aspects of the banking industry. Title V prevents financial institutions from selling consumer data without consent from the consumer. Remember a couple of years ago every bank, credit card company, loan agency, and anyone else who touched your money flooded your mailbox with Privacy Policy notices and "opt-out" statements? That was GLBA.
The best part is that GLBA classifies tax preparers as financial institutions , so H&R Block must provide the same protections to your information that a bank would (or should).
The proposed IRS rule change under section 1 specifically cites GLBA and points out that this rule change has no impact on the GLBA requirements.
Sorry to all you privacy alarmists out there, but this "Privacy Bomb" for the IRS is a dud.
Doctor, He's Crashing!
Give him 5 mg of ativan, start an epi drip, and somebody get me an emergency boot disk, STAT!
In a former life (large financial company), we looked closely at IPS as a possibility. The big concern was that IPS was based on IDS and it still had way too many false positives and false negatives.
So hooking that stuff up to the "Emergency Shutoff" switch for even rarely used network services was a little scary. We had some events where we put in router rules by hand (block this traffic or that traffic), and they still broke applications we never dreamed of.
In the end, we decided to funnel all of those types of actions through our 24x7 command center. The delay caused by human response time was worth the tradeoff for not killing our own network.
To see how Microsoft really feels, read this excerpt from http://www.guardian.co.uk/uk_news/story/0,3604,128 5890,00.html
For example when employees were arrested in Turkey because Kurdistan had been shown as a separate entity on maps of the country, a decision was taken to remove Kurdistan from all maps.
"Of course we offended Kurds by doing this but we had offended the Turks more and they were a much more important market for our products. It was a hard commercial decision, not political."
Yes, but is the . finite? /?
And what is the curvature of the
Favorite Quote: "Printer identification - Researchers provided data on how officials could better measure properties of a counterfeit to identify what kind of printer and ink may have been used to produce it."
I'm thinking microscopic RFID tags suspended in the ink would work nicely.
Gotta go. Big Brother is Watching.
I was referring to the legend that Julius Caesar invented the book as a practice of folding scrolls during some of his military campaigns. I don't know if there is historical basis for it, but I have seen references to it.
http://en.wikipedia.org/wiki/Book
It was just meant to be a witty quip.
For a technophile like me, reading an ebook is fine (I once read the complete stories of Sherlock Holmes stories on my PDA). But for most people, a page turning, bookmarking, throw-it-in-your-bag-and-go book is much more pleasurable to read.
Perhaps the lack of success on ebooks is because reading one just isn't the same.
There's a reason the book format has been popular since Julius Caesar. He didn't have a European power adapter to recharge his ebook!
I was on a flight last week where they specifically mentioned that Centrino laptops must be kept off during the flight.
:(
So if there is integrated wi-fi on the motherboard, will that be the end of laptops on airplanes? Will I have to be content playing the gameboy version of Splinter Cell?
See http://www.crimetime.com/SPguide.htm
It's comforting to me as a parent to know the risks that are out there. There are 6 convicted sex offenders in my zip code, BTW.
The problem with comparing The Matrix to LOTR is that they were written with different purposes in mind.
The Matrix was written to be a fast paced piece of entertainment. The fact that the W Brothers decided to season it with a little philosophy and mysticism only added to the interest. But the deep meaning part was over in the first movie. It's not a life-changing experience. It's entertainment. Looking for the elements of serious literature (or film making) like theme, character development, and deeper meaning, is like requesting the nutritional information on a candy bar.
The LOTR was a three (actually more) volume literary masterpiece long before it was a movie. The fact that the LOTR folks stayed true to the original books enhanced the quality of the movie as a serious work of art. Is it entertaining? Absolutely. But can you also look for all of the serious literary elements and enjoy it on different levels. LOTR has more depth to it because it was written with more depth to begin with.
One is macaroni and cheese. The other is a steak dinner. Enjoy them both, but recognize them for what they are.