Not so. Sallie Mae sent out emails with statements as password protected PDF attachments. The email also helpfully pointed out that the password was your SSN. It made cracking the PDF a trivial job, with the bonus of learning the SSN in the process. (The SSN wasn't in the statement itself.)
"The result is that Britain is suffering from a severe case of 'libel chill', where publishers and newspapers are afraid to publish a story because the subject, usually a celebrity, might decide to sue. "
So? Stop wasting paper on celebrity gossip and the problem disappears. Wake me when the lawsuits affect real news.
Well, then the solution is simple. You two get together and come to some agreement on how much he's going to pay you for each email that ends up in one of your inboxes. When you receive an email (or many), send him an itemized invoice and he can send you a payment. If there's a problem, just take him to court with the contract in hand and demand payment.
If he had asked me, I would have agreed to $10 per email -- quite a bargain compared to the $100 (plus damages) he agreed to when he decided to spam.
> there is no way in hell he'd ever spend that much on Viagra
>> Of course he wouldn't -- he would spend 6k on the hookers, 6 on the viagra, and 6 on the blow.:-)...and the rest he'd just squander.
"Every one should email the bank banker@rmbank.com to ask them of their shady practices."
No. Everyone should email some personal information to banker@rmbank.com, then insist that their domain be shut down.
I predict some pacing up and down the halls and maybe a bit of hand waving in the near future.
http://www.nominum.com/company/advisory_board_vixie.php "Today, Paul is considered the primary modern author and technical architect of BINDv8 the Berkeley Internet Name Domain Version 8, the open source reference implementation of the Domain Name System (DNS). He formed the Internet Software Consortium (ISC) in 1994, and now acts as Chairman of its Board of Directors. The ISC reflects Paul's commitment to developing and maintaining production quality open source reference implementations of core Internet protocols."
https://www.isc.org/about/leadership President Paul Vixie "Internet Systems Consortium, Inc. (ISC) is proud to be the producer and distributor of commercial quality Open Source software for the Internet Community" (read: BIND, among other things.)
First they make you accept their DVR box, then they change what the DVR box will allow you to do. Maybe they won't allow you to skip advertisements. They deliver more eyeballs to the advertisers and they make more money.
The Purdy paint brush folks (part of Sherwin Williams) had their marketing firm (M Force, Brown & Martin) spamming usenet and message boards with fake customer testimonials.
http://www.ownrecognizance.com/purdy.html
It's not hypothetical. SallieMae has sent that email to the wrong person, and it did prove to be easy to crack. In fact, your post sounds an awful lot like...
http://www.ownrecognizance.com/salliemae.html
They stopped this practice recently
Do you have any details? I'd like to see their announcement of the change.
Homer: Are you saying you're never going to eat any animal again? What about bacon? Lisa: No. Homer: Ham? Lisa: No. Homer: Pork chops? Lisa: Dad, those all come from the same animal. Homer: Heh heh heh. Ooh, yeah, right, Lisa. A wonderful, magical animal.
"Your account updates are viewable in the attached PDF document. The file is password-protected and you need to enter your Social Security number to open it."
Hmm.. okay I think I understand now, but then how to you know what bits are correct? Isn't that what you are looking for? Just diff against your backups.
I think you're math is off... 1s and 0s aren't data in any way, shape, or form. There is no useful "data" at the user level stored in 1s and 0s. Data is chunks of 1s and 0s that make up stored files that are actually useful to the user" You're mostly correct. Individual ones and zeros are called anecdotes. It's only when you put together two or three anecdotes that you have data.
so having 50% of the file uncorrupted is not a possibility. Corruption is all or none, one bit is wrong and there is no data You're missing the beauty of the algorithm. You simply take a guess at each bit. If you're right, you've recovered that anecdote. The anecdotes are binary, so if you guess wrong all you need to do is flip the bit.
the idea of partial corruption is illegitimate for all intents of purposes Missed it by -| |- that much. So close....so close.
because any amount of corruption is the same, save for the fact "less" corruption may make recovery easier. I could try to explain the theory, but it would be easier if you just tried it yourself. Start with 10101 as your data and corrupt it any way you want. Now flip a coin for each bit and record a 1 if you flip heads and 0 if you flip tails. Keep the bits which are correct and flip the ones which are incorrect. You just recovered 100% of the data.
Slashdot Mirror
Not so. Sallie Mae sent out emails with statements as password protected PDF attachments. The email also helpfully pointed out that the password was your SSN. It made cracking the PDF a trivial job, with the bonus of learning the SSN in the process. (The SSN wasn't in the statement itself.)
Sallie Mae doesn't have the best record for account security:
http://www.ownrecognizance.com/salliemae.html
Kinda old, but a real world example. Sallie May (the student loan company) used the borrower's SSN as the password to the PDF statements.
http://www.ownrecognizance.com/salliemae.html
So, cracking the password gives you the SSN as well as access to all the other account details. Brilliant.
"The result is that Britain is suffering from a severe case of 'libel chill', where publishers and newspapers are afraid to publish a story because the subject, usually a celebrity, might decide to sue. "
So? Stop wasting paper on celebrity gossip and the problem disappears. Wake me when the lawsuits affect real news.
Well, then the solution is simple. You two get together and come to some agreement on how much he's going to pay you for each email that ends up in one of your inboxes. When you receive an email (or many), send him an itemized invoice and he can send you a payment. If there's a problem, just take him to court with the contract in hand and demand payment.
If he had asked me, I would have agreed to $10 per email -- quite a bargain compared to the $100 (plus damages) he agreed to when he decided to spam.
> there is no way in hell he'd ever spend that much on Viagra >> Of course he wouldn't -- he would spend 6k on the hookers, 6 on the viagra, and 6 on the blow. :-) ...and the rest he'd just squander.
If you're ever in the neighborhood, a tour of the mine and the lab are well worth the visit.
http://maps.google.com/maps?q=Soudan,+mn
http://www.dnr.state.mn.us/state_parks/soudan_underground_mine/index.html
http://www.dnr.state.mn.us/soudan/physics_tour.html
(Generally open June-September -- check before you come.)
"Every one should email the bank banker@rmbank.com to ask them of their shady practices." No. Everyone should email some personal information to banker@rmbank.com, then insist that their domain be shut down.
I predict some pacing up and down the halls and maybe a bit of hand waving in the near future.
http://www.nominum.com/company/advisory_board_vixie.php
"Today, Paul is considered the primary modern author and technical architect of BINDv8 the Berkeley Internet Name Domain Version 8, the open source reference implementation of the Domain Name System (DNS). He formed the Internet Software Consortium (ISC) in 1994, and now acts as Chairman of its Board of Directors. The ISC reflects Paul's commitment to developing and maintaining production quality open source reference implementations of core Internet protocols."
https://www.isc.org/about/leadership
President Paul Vixie
"Internet Systems Consortium, Inc. (ISC) is proud to be the producer and distributor of commercial quality Open Source software for the Internet Community" (read: BIND, among other things.)
They are. I can tell from the prickcells.
First they make you accept their DVR box, then they change what the DVR box will allow you to do. Maybe they won't allow you to skip advertisements. They deliver more eyeballs to the advertisers and they make more money.
The Purdy paint brush folks (part of Sherwin Williams) had their marketing firm (M Force, Brown & Martin) spamming usenet and message boards with fake customer testimonials. http://www.ownrecognizance.com/purdy.html
We aren't fast enough to run away from any significant predator, so it must be for running towards prey.
You don't have to be faster than the predator, just faster than someone else in your group.
Reminds me of this: http://www.satirewire.com/news/0011/cubist_site.shtml
"Can we instead quasi-fight for our quasi-right to quasi-party?" That should be slashdot's quasi motto.
"They sell you internet access, you get it. Deal is done.
Well, sure. Unless you count forging DNS results and deep packet inspection in order to insert ads into the sites you're visiting.
http://slashdot.org/article.pl?sid=07/02/15/0432259&from=rss
http://yro.slashdot.org/article.pl?sid=08/05/13/1832256
I still want to see it reported and publicized.
You can add Purdy (part of Sherwin-Williams) to your list of offenders.
http://www.ownrecognizance.com/purdy.html
These guys are all doing business in California. I wish they would be nailed based on this:
California's Business & Professions Code 17200 prohibits "unfair or fraudulent business act[s] or practice[s] and unfair, deceptive, untrue or misleading advertising".
http://www.leginfo.ca.gov/cgi-bin/displaycode?section=bpc&group=17001-18000&file=17200-17210
> Which makes it all the more surprising that Mr. Strict Constructionist John Roberts would mess it up, but there you go.
Great. More ammo for the kooks.
I was going to watch it online, but they created a GUI interface in Visual Basic to track my IP. http://www.youtube.com/watch?v=Ni_rAamVP2s
It's not hypothetical. SallieMae has sent that email to the wrong person, and it did prove to be easy to crack. In fact, your post sounds an awful lot like... http://www.ownrecognizance.com/salliemae.html
They stopped this practice recently
Do you have any details? I'd like to see their announcement of the change.
Like this? http://www.leginfo.ca.gov/cgi-bin/displaycode?section=bpc&group=17001-18000&file=17200-17210 BUSINESS AND PROFESSIONS CODE SECTION 17200-17210 17200. As used in this chapter, unfair competition shall mean and include any unlawful, unfair or fraudulent business act or practice and unfair, deceptive, untrue or misleading advertising...
Homer: Are you saying you're never going to eat any animal again? What about bacon?
Lisa: No.
Homer: Ham?
Lisa: No.
Homer: Pork chops?
Lisa: Dad, those all come from the same animal.
Homer: Heh heh heh. Ooh, yeah, right, Lisa. A wonderful, magical animal.
http://www.ownrecognizance.com/salliemae.html
"Your account updates are viewable in the attached PDF document. The file is password-protected and you need to enter your Social Security number to open it."