Okay so you're saying you're going to hack my system by first hacking someone I talk to...
Okay, but the information sent back and forth is highly specific... and contains no executable code. You can't send commands over those channels. There's nothing "listening".
A few databases are accessed... I'm not sure how you're compromising my system yet?
I mean if you get their codes and access from their systems... then you can access me using their codes and get access to what they have access to. But that's about it. You can't upload anything that doesn't squeeze into a database variable at our systems.
That said, I do grant you that if you totally compromised a trusted system... you might be able to introduce something. There is a high probability it wouldn't work for a lot of reasons and the mere attempt would be very likely to set off alarms. But assuming you were really lucky... Maybe.
Ideally the security I'm talking about would be uniformly employed at any trusted system which would make doing this harder.
There is no defense against a full breach of physical security. I can't stop you from doing whatever it you get that deep into my systems. I'm not seeing how your hack of the rival would give you much. You couldn't just access whatever you wanted.
You're comment doesn't make any sense. Whatever happened with their wireless service they have lots of other products inside ATT that are not advertised. And the internal corporate structure is a fucking rat's nest.
I've dealt with them over many years over many different products.
I've bought a lot of very expensive services from them and every time I have to make any kind of change... even when I'm going through my "personal" business agent, the mother fucker doesn't know what is going on any more than I do... and he fucking works there. That I don't know what is going on in his company is to be expected. I'm not there. I wouldn't know. But that none of the product and customer service agents know? That's a fucking problem.
Big companies shouldn't be so large that they don't even know what they do anymore.
Imagine if Ford Motors made pogosticks on top of everything else... but no one knew that... including most of ford?
Either break it up and market separately or at the very fucking least make sure your people are aware of your full range of products. Either.
Oh and since you concluded with a line that read "you either admit everything you said in previous posts was wrong or you're a liar and a child"
Fuck you, princess. You can either have a discussion with me or not. Your choice. But your little judgements don't mean squat to me.
As to physical security... they're not getting into the server room without compromising someone with access or coming in with a command squad... maybe tom cruise could come in on wires from the ceiling?... I don't know.
One thing I'm noticing from around here is that people don't have a lot of experience with high security. Buildings that you can't get into the lobby without being buzzed in... where you can't go the right floor without a key card.
That is the sort of security you'd go through to get the headquarters of Dennys... that isn't even high security. That's just standard corporate security theater.
And you think my server doors aren't locked? They have locks.
As to issues of physical security, this is actually my biggest worry at this point. I've set up a lot of things to make that harder. Everything is really in the server rooms. The workstations are thin clients. If you unplugged one and went digging for its storage... you'd find a little SD card with some config information. Nothing sensitive.
As to people plugging stuff into our network. There are a lot of ways to make it so people can't do that. Again, mostly from the server room. Most cisco routers can stop it if you configure them properly.
But is the security vulnerable to someone physically inside the network? Here I'm a little more iffy. I'm not a 100 percent. From outside attack? They're not getting in. Internally... I've done everything I can think of to make it quickly detected and very difficult. That's all I think that is possible without... owning a network company and designing some enterprise switches that are more sophisticated.
I'm interested as to how you you're using the heatbleed bug in this scenario to get anything. I'm well aware of how the bug works and I was passively immune to the issue in like five different ways. I'm just not getting how you're doing this...
You're not talking to my server unless you're contacting me from an approved IP address. And if you spoof the IP... you're not getting a return.
There are many other reasons why this wouldn't work in my case but I think I'll just stop there. That seems pretty solid. How are you talking to the server at all when the server won't talk to you?
Yeah but you'd have to intercept the service in question. Can you detail how you would do that specifically? Because I know of several ways that is done and I believe I have accounted for all of them.
Why is the firewall or router even letting your communication through? And even if you were able to send data and it were allowed through... you'd never hear anything back from my system unless you're residing at an approved IP address... which is unlikely. I don't just open port 222222 or whatever and route it all to some internal IP address. The IP address on both ends is specified. So best case I'd be replying to your communication... to a completely different IP address. You wouldn't see it.
I'm not seeing how you would establish two way communications with my systems.
As to the Iranian stuxnet thing, from what I understand some dope took a USB key from a low security area that was infected and plugged it into the airgapped systems.
that was just an exploit of sloppy USB drive policy.
Please correct me if I'm wrong. Honestly. If I've made an error, then enlighten me.
As to software with no vulnerabilities... I find this argument to be a bit mystical. We could go over every vulnerability you think my network has and I think you'll find that it doesn't exist in my case.
My security is brutal, simplistic, ridged, and I don't see how you're going to get anything through it that I don't let through it.
Hierarchical organization helps with that kind of stuff.
Also... I can't think of any organization that actually needs several hundred services piped to each workstation... I'm trying really hard to think of what those would all even be...
Okay... lets say the company has 10 databases because they're too lazy to integrate them.
That's ten databases.
Then lets say they need email? In my experience they tend to actually need a way of passing information around the organization rather than accepting and sending information out of it. Email is like 99 percent memos and reports and stuff from inside the organization. To conflate that with the 1 percent of stuff going in and out... Ideally I wouldn't do that.
Then what else... a web browser with access to a finite and specific number of domains. Is this where you're getting hundreds of services? I don't know. Anyway, I don't know why you'd need users to be able to access that many sites. At least not in a high security environment.
In a low security environment... I don't know. I'm a little lost in that situation. Its out of my wheel house. I'm pathological about controlling EVERYTHING. And I do. Some of the security is bought but a lot of it is proprietary. The likelihood of something people don't have any experience with falling to hackers is "less"... Known bugs of other systems are not applicable to mine. Does mine have bugs? Possibly. More likely something else has a bug in it that will betray my system. But there are so many fucking fail safes.
it seems like most of your premise is that low security is the only way to go in unskilled environments where even the IT department doesn't understand their jobs. I suppose but if your security department doesn't understand security then you don't have a security department.:D
And consider that simply challenging someone on that level can be a chilling effect.
As to the blood of your people... I assume you're Estonian. Let me first say that I have a lot of respect for Estonia and for your information the US has great hope for your future. We're hoping you do well and we've been watching you. That said, while many Americans are callow morons... this is unavoidable in any population. You must understand that the US constitution is almost a religious document in my country.
So the constitution isn't just a collection of laws. It is the law above all other laws. To oppose it is often seen as taboo and immoral.
Does that mean that other people should be able to lie about you? What is a lie and what is an opinion?
Lets say I think you're a pedophile. Are you a pedophile? Maybe you are or not but that I think you are is my opinion. And I have the right to express my opinion and be free of legal consequences should you feel my opinion is wrong.
The law here can get a bit complicated and I have to simplify it for this setting. But the point is that your best defense in the US against statements like that is to either say nothing and hope no one heard what you said OR you express your opinion that the first opinion was in error or you can offer evidence or something. its up to you what you want to do. But you don't get to silence the other person.
People have a right to say what they want. Even if what they say is untrue or even mean spirited. You have a right to say what you like in response however you like.
And the public will decide.
That is basically how our system works.
And as the most successful society in history and a model for most other societies in regards to freedoms and rights... maybe you should take a tip from us. Just saying. You risk far more than you gain by engaging in that. And what is more, your efforts will be ineffective because people will just bypass your jurisdiction. You're making the cardinal mistake of any government by passing a law that will not be obeyed and that will actually diminish your power.
I wish your nation well and I wish nothing but destruction upon this foolish law you're supporting. Its a bad idea. It will fail. If your country specifically has these sorts of laws and I can evade them by putting my business outside your territory... then I can avoid your regulation very easily and your people lose out on jobs etc.
Again... I wish your nation all the luck in the world. The US is truly hoping the best of things for you.:-)
As to your users needing to exchange information with unknown third parties... depends on the security environment. High security environment? No. You cannot do that.
The corporate headquarters for Denny's? Probably.
You can establish protocols for file transfers. Host a file server and grant access to whomever to upload or download a specific file at time X.
As to compromised endpoints, I sort that by denying unauthorized code to run and the systems are refreshed from a template on login. You can't infect the workstations. And even if you could, they'd purge the infection simply by logging off and on again. Beyond that, the workstations can't communicate with each other. At the appliance level they can communicate with whatever servers they're supposed to be able to talk to and the firewall. Communication between the work stations or to unauthorized servers on the network is not allowed... again, at the appliance level. You'd have to hack the router and firewall to do more.
As to emails, you make a good point that this is a serious vulnerability. However, do you need to accept emails from any server on earth? What is more, who needs to receive outside email and who does not? And what about attachments? Do we need to permit them or not? These are questions you're not asking here.
I prefer to route files through a special file server. People can give other people the ability to upload files to it or give other people the ability to download specific files from it. I generally don't like the concept of attachments on emails in a secure environment.
That said, even if you downloaded BestTrojanEVER.exe and tried to run it on one of those machines. It literally would not run. I make this impossible through about four different changes to the way the computers work. But the result is that only specific Exes in specific places can even run. And those Exes cannot be modified or deleted or renamed. So BestTrojanEver.exe won't even run.
I do other things to unknown scripts from running. Mostly by controlling the programs that ultimately process the scripts so that they can't be accessed arbitrarily or in some cases at all.
I could go on. The system I've set up is the firmest security I've heard of short of building a secret air gapped network run by mole people under the earth with no door in or out.
Is there a way into my system? I can't think of one and nor have I even heard of one that didn't involve getting bit of hardware into my server rooms. At which point that isn't the system's fault... that is whomever let that person or bit of gear into the server room.
An attack with no physical component though? Correct me... I just don't see how you could do it.
And I'll point out again, the sort of system I'm talking about... Doesn't get hacked. Its never happened. Ever.
that doesn't give you access to my systems. That gives you access to someone else's systems... possibly using my authentication... which with an RSA keychain... you won't be able to use. So maybe you'll be able to see what I see on SOMEONE ELSES system.
Even so, you're assuming you were able to infect either system with the heartbleed bug. How would you do that?
I think you're misunderstanding what I mean when I say LOCKED DOWN.
For example, 99 percent of the workstations I administer draw from a general template that is effectively write locked. Even if you could install or put something on one of those workstations, it would be back to the default template on next logon. And how are you introducing this to our systems if our systems are INCAPABLE of going to anything besides our target systems.
How are you perpetrating this man in the middle attack?
Nearly all casual breaches come from people going to places they don't need to go or installing things that don't need to be installed. And then badda bing badda boom they get virus or a worm. Then the network is often left entirely unsecured from within, which means worms etc run rampant infecting everything, and eventually the whole situation becomes so toxic that the malware/virus/worm authors/operators take a peak into the nextwork... their software holding the door open for them... also most people don't set up fire walls so this whole thing becomes possible. Etc etc.
What I see again and again is people using the example of SHIT security being used as an example for why security is imperfect.
That's a bullshit argument. Security CAN be perfect. It requires specificity. Rigidity.
The gateway doesn't need to allow EVERYTHING in and EVERYTHING out.
You set it up so that it just can't do anything besides what the company does. How are you going to trick internal systems into talking to you? Those systems could be entirely proprietary. Have fun even figuring out how to handshake with them.
And there are about a million places where your fooling around COULD trigger a security alarm if they've implemented those.
The best way to secure a system is to make it so ridged in the way that it operates that nothing can happen on it like that. No flexibility.
And what would that get you? You're saying you could some sort of man in the middle attack?
That's easily defeated by connecting remote offices via VPN.
Look, the security set up that would be hackers always assume is a low one. One where any dipshit user can do pretty much whatever they want with their workstation. Install angry birds? Sure. Connect to face book? Sure.
A high security environment doesn't let you do these things. You try to run unauthorized code or executable... execution denied. You try to connect to something I don't need you to connect to? Access denied.
Your man in the middle attack would have to be between the system and a third party we couldn't run a VPN to...
And lets say you man in the middle attacked that. What does that get you? Access to our systems? Nope. Access to someone else's systems using some users password? MAYBE. It depends on if people are being stupid and not using multifactor authentication. A damn RSA keychain would make any scalped passwords of dubious value.
These things can be locked down so they don't get hacked. Systems like the ones I'm describing are not hacked. Ever. Not by the NSA. Not the Russians. Not by the Chinese.
If they want into these systems they have to send someone to the front door and either ask or demand to be let in... physically.
The hacks we see at Sony, OPM, etc... they have garbage security. You know that.
Can you think of any system that had the level of security I am talking about that ever got busted?
Ever?
Is it impossible? Depends. Computer security CAN be perfect. It just takes humility, disapline, purpose, a clear idea of what you want to do, and no compromising of the system for any reason after its been put in place.
You have issues in security because the systems are too adaptable. A hacker works by exploiting flexibility. If there is none, then there is nothing to exploit.
You have only machines that need to talk to each be able to talk to each other. You have only protocols you need enabled. You have an internal DNS server and you only permit access to domains... to or from those domains.
I could go on. You get the idea. Tell me how you'd hack that?
You secure a network by locking down its capabilities to what you need to do and NOTHING else. Hacking then becomes basically impossible... right there.
Are you really so bad at judging personalities? Bingo, am profoundly neurologically atypical. I don't think like you. My emotions are things you wouldn't even begin to understand. There are no words for most of them.
I don't get angry.
I actually tend to laugh or make jokes when people like you get upset. I just can't take it seriously. Its so childish.
As to my responding to you means I fear you... nah... it means I have no one else to respond to right now so I might as well respond to my pal, bingo.:D
There's nothing you could do that would scare me. You're too cute.
As to my karma rating... currently execellent as usual, shit for brains.
When I get downvoted I tend to actually get more upvotes for it than the down votes. About a week ago I think I had something like 20 downvotes... it had to be 50 upvotes.
Shame it caps at 5. My e-penise would have been so big that day.:D
And sure, some group of pearl clutching nitwits will occasionally down vote something i say... but then I have more that are upvoted. So it balances out. I do a tally every so often when that "comment moderation" tab shows up. And I think my balance for today was something like 7 in my favor. I got about 5 downvotes. Mostly on posts were I just won and the poor sport probably logged in on a sock puppet account to downvote. It was so deep in the thread I can't imagine anyone else actually read that far into it.
Anyway... my tally for the day is positive.
Suck it.
As to my parent's address... I'd love to see one you troglodytes take on my parents. You'd get such a spanking.:D
Impress me by citing their address at any time. Or show up any time uninvited. Just say hello and introduce yourself as bingo. I will pour you a cold beer. Or if you're a wine man, I have a really great selection of wines and I would be happy to share a bottle with you. Truly. I won't even call the cops. Assuming you behave yourself. if you don't... what happens in the backyard under the rose bush stays in the back yard under the rose bush... am I right, Bingo?:)
All the big carriers... excluding t-mobile from my own experience... are these disorganized corporate monsters that don't even know what they're doing half the time.
I don't think they're half as evil as they appear... its just this relentless incompetence. Most of it is in the management structure.
A good thing ATT should do is split in maybe a dozen different companies. And then NOT immediately fucking merge back together again. Yes it improves your stock value but you're well past your peter principle with anything that big.
Anyone had to fight with ATT to get them to admit they said something or did something or said they were going to do something? Even pulling up my account when I had the 15 million digit number was hard on a few occasions. They have so many databases, so many departments, so many overlapping jurisdictions...
I was switching some old copper phone lines over to a VOIP system and at first ATT was saying "not possible"... then they said "we'll do it for you and it will cost you basically nothing for all the bells and whistles"... then the people I was talking to had black bags thrown over their heads, tossed in unmarked vans, and flown by cargo planes to a black site somewhere that involves a lot of BDSM for some reason.
The whole process was so rediculious that I just said f' it... and set up an asterisk box. We still get a good portion of our internet access from ATT but I refuse to talk to them about any other service besides internet at this point.
Listen ATT, at the very least, create subsidiary companies. You don't need to call EVERYTHING ATT. Have it be owned and controlled by ATT. But give it its own website, marketing, phone numbers, etc. If the service is worth any money to you then it is in your interest to make the customer know you EVEN DO IT. A lot of ATTs services are effectively fucking secrets. They don't tell anyone they can do it. And that's just stupidity because the services are awesome. But try to get that department tomorrow through their corporate phone maze... and fail. If ATT mobile became a different company from att copper from att voip from att broad band from att fiber... etc. Each should just be their own thing. you can put att in the name if you want. But make it a different largely independent management structure.
There's nothing angry about me, bingo. I swear for emphasis and because it hurts your precious wuddle feelings.:)
not because I'm mad. You're annoying at worst.
I think I've explained to you before that anger requires FEAR. I'd have to FEAR you to be angry.
What possible reason could I have to fear "you"? You "are" garbage.;)
Anyone that interacts with you for even a few seconds knows you're garbage. Notice all the people that take you seriously or upvote you? No one does which is why you post AC. You're so afraid of being being identified as the garbage you are that you askew all karma and records... and post every post with a karma rating of 0. The only reason I even see your stupid ass is because I feel like giving people a chance. Sadly the system doesn't let me filter out AC trolls. Which is a big design flaw.
First, I know you're not the stalker. You're actually attempting to be rational. Bingo doesn't do that.
Second, your third option is to say you're the Amish.
Did the Amish stop the industrial revolution?
No they did not.
Your refusal to participate will merely set you apart and make you an anachronism. Your engineered peers will be healthier, better looking, smarter, longer lived, etc.
Keep in mind, I actually am glad there are people like you. You are useful to me. You'll be a pristine gene bank. In the event that there are problems and we need samples of baseline humans, we can compare what went wrong with our mod with you.
So I'm glad you're there. You'll also be a useful scientific counter point. We will point at various human statistics in the future and compare them against past humans. And its hard to do that because how do you know that some of it isn't education or something. But then you'll be there. Unmodified and fully able to show us emperically what the stats would be if we didn't get the mods.
That's useful... for science.
At best that is your role. But your belief that you can outright stop it because perhaps a few hundred million people don't like it? No. You can't stop it.
Yes, you can become the Amish, a heritage gene bank, and a statistical benchmark. Look forward to that.
And what makes you think Pakistan is an ally of China?
You can move economic goods that way. But then the US believes in free trade so we wouldn't interfere with that in any case.
Now imagine what happens if Chinese troops enter pakistan? The chinese are not muslim.;) So the fun is pretty predictable. The beardy death cultists will cause problems.
What is more, pakistan is very unstable. They've a very tense relationship with India and the two can be played off against each other if you need them to change policy. China's road further doesn't get them out of the box.
To get out of the box, China would need a network of contracted ports that they could dock warships in at any time for supply/repair/RR for crew. And then china would need a large Navy to make use of that.
China is a land power. Not an air power. Not a sea power. They are a LAND power.
Land powers very rarely are able to field credible navies or to invest the time to really understand what they are doing.
When land powers go to sea, they are frequently incompentent, their designs are comically bad, they easily lose interest and go back to their land issues, and even if they aren't... you can intentionally distract them very easily.
It takes a special mentality and commitment and experience to be able to pull it off. The chinese have none of it. None.
They don't think in terms of the sea. They think in terms of their borders.
Think of the US. Do we think in terms of OUR borders? No. Our borders are the least of our concerns. America is the world's largest Island naval power. North America is our island. At a strategic level, we dominate it utterly. China can't make that claim. Russia can't make that claim. The UK can. The US can. Japan can. And this means that such powers can project without having to man expensive forts or whatever along our borders because we can more easily intercept things at sea long before they get to us. And since we're already out there ready to intercept... we can use the same force to project power.
China also has iffy relations with their islamic population. The chinese love pork. They're not big fans of foreign religions. And they're pretty xenophobic compared to most people... and there are some muslims living in China. And that means that with some frequency the Chinese crack down on them whenever they get uppity.
Beyond that, to secure Pakistan, China would have to PAY them. I mean MONEY. Not public works. Cash. That's what the Pakistanis really want. Mostly to keep their government from collapsing and to keep the political wheels greased in what is one of the most corrupt societies possible. The US pays Pakistan. If Pakistan flips on us, we'll double down on India, stop sending checks to Pakistan... and then China is going to have fun dealing with the shit storm that creates.
The thing I find the most interesting about these discussions is that people don't appreciate that Americans not only are capable of but have generally thought through the geopolitics through in greater detail than most nations. We after all must consider wider spans of the globe. We balance one area that is getting pissy with another.
We are not a stupid people. To the contrary, we have a better handle on how to manage these issues than most powers can imagine.
Wrong. Because my opinion was 100 percent what the AI expert's opinion was before he even opened his fucking mouth.
Why is that?
Coincidence? I randomly had the right opinion? Or maybe I actually do know something about AI systems as demonstrated by my further comments but I wouldn't call myself an expert.
I don't program the fucking things. I work with some expert systems at work and they're useful tools. But take over the world? Not on their own. Maybe if someone told them to.
AIs don't want anything. They have no will. They have no sense of self preservation.
All the AI fear is based on cartoonish anthropomorphizations of what are machines.
Most of the speculation makes about as much sense as the movie "cars" where all the cars are self aware people.
AIs are not self aware and they're not people. They don't have our genetic history.
Now if you want to fear something... fear cyborgs. A cyborg could be pretty fucking scary. All the power of your best AI/robot with the core mind of a man/woman. Then you're dealing with something legitimately dangerous. Not because the machine is dangerous. But rather because the man was always dangerous. The machine just let him do things he couldn't do before.
I want you to know I feel for you and it isn't your fault. Some people can't protect themselves from this sort of gaslighting.
You need a very strong mental constitution to be able to digest, filter, and process that shit we're fed on a regular basis into useful information.
Today, the average Russian earns about 25 percent what the average American earns. Their per person adjusted earning power is lower than Slovakia.
SLOVAKIA out performs modern Russia.
And we can go through all the other communist failed states which is redundant because communism does nothing but fail. You'll find nothing but a pitiful record of disappointment.
I can't have a discussion that is logical with someone if they believe in a fantasy world.
You are entitled to your own opinions. You are not entitled to your own facts. The only remnants of communism left are some cultural marxists hiding like rats between the walls in our liberal arts departments. And their days are numbered as well because rather then being subtle they're just creating one social media and political disaster after another.
In another 50 years or so they'll be largely purged from places that cause us any trouble... and what remains will be sort of a cute harmless throwback that no one takes seriously.
The average in and out has a line going around the fucking block every time I see one.
Around. The fucking Block.
In and out isn't saying they're having financial problems and they haven't changed their menu in decades.
Where as McDs is often as not full of homeless people, the primary selling point is the 24 hour drive through, they're constantly complaining about missed sales projections, their menu is changing constantly because they can't figure out what people want (because they're stupid), and oh yeah, their CEO had to step down because of all the fucking missed sales projections.
As to people buying garbage... fewer people are and it is causing an existential crisis for McDs. Instead of offering apple slices and fucking salads. They should have offered a real burger with a real cut of meat. And while they're at it... recycle that beef tallow from the real burgers to make your fries.
I'm almost positive this is what happened to their frying operation. They shifted to garbage meat, the lost access to the free tallow produced by cooking real meat, and thus had to resort of various bullshit substitutes.
As to me being unique... not that unique. McD's sales are poor. Going with salads and apple slices did NOTHING for them. It just cost them money. No one wanted their wilted salads or browning apples.
Go to a fat burger if you can find one or an In and Out. Very popular. Very good food.
Slashdot Mirror
Okay so you're saying you're going to hack my system by first hacking someone I talk to...
Okay, but the information sent back and forth is highly specific... and contains no executable code. You can't send commands over those channels. There's nothing "listening".
A few databases are accessed... I'm not sure how you're compromising my system yet?
I mean if you get their codes and access from their systems... then you can access me using their codes and get access to what they have access to. But that's about it. You can't upload anything that doesn't squeeze into a database variable at our systems.
That said, I do grant you that if you totally compromised a trusted system... you might be able to introduce something. There is a high probability it wouldn't work for a lot of reasons and the mere attempt would be very likely to set off alarms. But assuming you were really lucky... Maybe.
Ideally the security I'm talking about would be uniformly employed at any trusted system which would make doing this harder.
There is no defense against a full breach of physical security. I can't stop you from doing whatever it you get that deep into my systems. I'm not seeing how your hack of the rival would give you much. You couldn't just access whatever you wanted.
You're comment doesn't make any sense. Whatever happened with their wireless service they have lots of other products inside ATT that are not advertised. And the internal corporate structure is a fucking rat's nest.
I've dealt with them over many years over many different products.
I've bought a lot of very expensive services from them and every time I have to make any kind of change... even when I'm going through my "personal" business agent, the mother fucker doesn't know what is going on any more than I do... and he fucking works there. That I don't know what is going on in his company is to be expected. I'm not there. I wouldn't know. But that none of the product and customer service agents know? That's a fucking problem.
Big companies shouldn't be so large that they don't even know what they do anymore.
Imagine if Ford Motors made pogosticks on top of everything else... but no one knew that... including most of ford?
Either break it up and market separately or at the very fucking least make sure your people are aware of your full range of products. Either.
Oh and since you concluded with a line that read "you either admit everything you said in previous posts was wrong or you're a liar and a child"
Fuck you, princess. You can either have a discussion with me or not. Your choice. But your little judgements don't mean squat to me.
My server doors have fancy locks on them, thanks.
As to physical security... they're not getting into the server room without compromising someone with access or coming in with a command squad... maybe tom cruise could come in on wires from the ceiling?... I don't know.
One thing I'm noticing from around here is that people don't have a lot of experience with high security. Buildings that you can't get into the lobby without being buzzed in... where you can't go the right floor without a key card.
That is the sort of security you'd go through to get the headquarters of Dennys... that isn't even high security. That's just standard corporate security theater.
And you think my server doors aren't locked? They have locks.
As to issues of physical security, this is actually my biggest worry at this point. I've set up a lot of things to make that harder. Everything is really in the server rooms. The workstations are thin clients. If you unplugged one and went digging for its storage... you'd find a little SD card with some config information. Nothing sensitive.
As to people plugging stuff into our network. There are a lot of ways to make it so people can't do that. Again, mostly from the server room. Most cisco routers can stop it if you configure them properly.
But is the security vulnerable to someone physically inside the network? Here I'm a little more iffy. I'm not a 100 percent. From outside attack? They're not getting in. Internally... I've done everything I can think of to make it quickly detected and very difficult. That's all I think that is possible without... owning a network company and designing some enterprise switches that are more sophisticated.
I'm interested as to how you you're using the heatbleed bug in this scenario to get anything. I'm well aware of how the bug works and I was passively immune to the issue in like five different ways. I'm just not getting how you're doing this...
You're not talking to my server unless you're contacting me from an approved IP address. And if you spoof the IP... you're not getting a return.
There are many other reasons why this wouldn't work in my case but I think I'll just stop there. That seems pretty solid. How are you talking to the server at all when the server won't talk to you?
Yeah but you'd have to intercept the service in question. Can you detail how you would do that specifically? Because I know of several ways that is done and I believe I have accounted for all of them.
Why is the firewall or router even letting your communication through? And even if you were able to send data and it were allowed through... you'd never hear anything back from my system unless you're residing at an approved IP address... which is unlikely. I don't just open port 222222 or whatever and route it all to some internal IP address. The IP address on both ends is specified. So best case I'd be replying to your communication... to a completely different IP address. You wouldn't see it.
I'm not seeing how you would establish two way communications with my systems.
As to the Iranian stuxnet thing, from what I understand some dope took a USB key from a low security area that was infected and plugged it into the airgapped systems.
that was just an exploit of sloppy USB drive policy.
Please correct me if I'm wrong. Honestly. If I've made an error, then enlighten me.
As to software with no vulnerabilities... I find this argument to be a bit mystical. We could go over every vulnerability you think my network has and I think you'll find that it doesn't exist in my case.
My security is brutal, simplistic, ridged, and I don't see how you're going to get anything through it that I don't let through it.
Hierarchical organization helps with that kind of stuff.
Also... I can't think of any organization that actually needs several hundred services piped to each workstation... I'm trying really hard to think of what those would all even be...
Okay... lets say the company has 10 databases because they're too lazy to integrate them.
That's ten databases.
Then lets say they need email? In my experience they tend to actually need a way of passing information around the organization rather than accepting and sending information out of it. Email is like 99 percent memos and reports and stuff from inside the organization. To conflate that with the 1 percent of stuff going in and out... Ideally I wouldn't do that.
Then what else... a web browser with access to a finite and specific number of domains. Is this where you're getting hundreds of services? I don't know. Anyway, I don't know why you'd need users to be able to access that many sites. At least not in a high security environment.
In a low security environment... I don't know. I'm a little lost in that situation. Its out of my wheel house. I'm pathological about controlling EVERYTHING. And I do. Some of the security is bought but a lot of it is proprietary. The likelihood of something people don't have any experience with falling to hackers is "less"... Known bugs of other systems are not applicable to mine. Does mine have bugs? Possibly. More likely something else has a bug in it that will betray my system. But there are so many fucking fail safes.
it seems like most of your premise is that low security is the only way to go in unskilled environments where even the IT department doesn't understand their jobs. I suppose but if your security department doesn't understand security then you don't have a security department. :D
Who is to say what is false or what is true?
And consider that simply challenging someone on that level can be a chilling effect.
As to the blood of your people... I assume you're Estonian. Let me first say that I have a lot of respect for Estonia and for your information the US has great hope for your future. We're hoping you do well and we've been watching you. That said, while many Americans are callow morons... this is unavoidable in any population. You must understand that the US constitution is almost a religious document in my country.
So the constitution isn't just a collection of laws. It is the law above all other laws. To oppose it is often seen as taboo and immoral.
Does that mean that other people should be able to lie about you? What is a lie and what is an opinion?
Lets say I think you're a pedophile. Are you a pedophile? Maybe you are or not but that I think you are is my opinion. And I have the right to express my opinion and be free of legal consequences should you feel my opinion is wrong.
The law here can get a bit complicated and I have to simplify it for this setting. But the point is that your best defense in the US against statements like that is to either say nothing and hope no one heard what you said OR you express your opinion that the first opinion was in error or you can offer evidence or something. its up to you what you want to do. But you don't get to silence the other person.
People have a right to say what they want. Even if what they say is untrue or even mean spirited. You have a right to say what you like in response however you like.
And the public will decide.
That is basically how our system works.
And as the most successful society in history and a model for most other societies in regards to freedoms and rights... maybe you should take a tip from us. Just saying. You risk far more than you gain by engaging in that. And what is more, your efforts will be ineffective because people will just bypass your jurisdiction. You're making the cardinal mistake of any government by passing a law that will not be obeyed and that will actually diminish your power.
I wish your nation well and I wish nothing but destruction upon this foolish law you're supporting. Its a bad idea. It will fail. If your country specifically has these sorts of laws and I can evade them by putting my business outside your territory... then I can avoid your regulation very easily and your people lose out on jobs etc.
Again... I wish your nation all the luck in the world. The US is truly hoping the best of things for you. :-)
As to your users needing to exchange information with unknown third parties... depends on the security environment. High security environment? No. You cannot do that.
The corporate headquarters for Denny's? Probably.
You can establish protocols for file transfers. Host a file server and grant access to whomever to upload or download a specific file at time X.
As to compromised endpoints, I sort that by denying unauthorized code to run and the systems are refreshed from a template on login. You can't infect the workstations. And even if you could, they'd purge the infection simply by logging off and on again. Beyond that, the workstations can't communicate with each other. At the appliance level they can communicate with whatever servers they're supposed to be able to talk to and the firewall. Communication between the work stations or to unauthorized servers on the network is not allowed... again, at the appliance level. You'd have to hack the router and firewall to do more.
As to emails, you make a good point that this is a serious vulnerability. However, do you need to accept emails from any server on earth? What is more, who needs to receive outside email and who does not? And what about attachments? Do we need to permit them or not? These are questions you're not asking here.
I prefer to route files through a special file server. People can give other people the ability to upload files to it or give other people the ability to download specific files from it. I generally don't like the concept of attachments on emails in a secure environment.
That said, even if you downloaded BestTrojanEVER.exe and tried to run it on one of those machines. It literally would not run. I make this impossible through about four different changes to the way the computers work. But the result is that only specific Exes in specific places can even run. And those Exes cannot be modified or deleted or renamed. So BestTrojanEver.exe won't even run.
I do other things to unknown scripts from running. Mostly by controlling the programs that ultimately process the scripts so that they can't be accessed arbitrarily or in some cases at all.
I could go on. The system I've set up is the firmest security I've heard of short of building a secret air gapped network run by mole people under the earth with no door in or out.
Is there a way into my system? I can't think of one and nor have I even heard of one that didn't involve getting bit of hardware into my server rooms. At which point that isn't the system's fault... that is whomever let that person or bit of gear into the server room.
An attack with no physical component though? Correct me... I just don't see how you could do it.
And I'll point out again, the sort of system I'm talking about... Doesn't get hacked. Its never happened. Ever.
Am I daring fate? I'm not superstitious.
that doesn't give you access to my systems. That gives you access to someone else's systems... possibly using my authentication... which with an RSA keychain... you won't be able to use. So maybe you'll be able to see what I see on SOMEONE ELSES system.
Even so, you're assuming you were able to infect either system with the heartbleed bug. How would you do that?
I think you're misunderstanding what I mean when I say LOCKED DOWN.
For example, 99 percent of the workstations I administer draw from a general template that is effectively write locked. Even if you could install or put something on one of those workstations, it would be back to the default template on next logon. And how are you introducing this to our systems if our systems are INCAPABLE of going to anything besides our target systems.
How are you perpetrating this man in the middle attack?
Nearly all casual breaches come from people going to places they don't need to go or installing things that don't need to be installed. And then badda bing badda boom they get virus or a worm. Then the network is often left entirely unsecured from within, which means worms etc run rampant infecting everything, and eventually the whole situation becomes so toxic that the malware/virus/worm authors/operators take a peak into the nextwork... their software holding the door open for them... also most people don't set up fire walls so this whole thing becomes possible. Etc etc.
What I see again and again is people using the example of SHIT security being used as an example for why security is imperfect.
That's a bullshit argument. Security CAN be perfect. It requires specificity. Rigidity.
The gateway doesn't need to allow EVERYTHING in and EVERYTHING out.
You set it up so that it just can't do anything besides what the company does. How are you going to trick internal systems into talking to you? Those systems could be entirely proprietary. Have fun even figuring out how to handshake with them.
And there are about a million places where your fooling around COULD trigger a security alarm if they've implemented those.
The best way to secure a system is to make it so ridged in the way that it operates that nothing can happen on it like that. No flexibility.
Hey bingo. So after threatening to come to my parents house and... what hurt my parents? You're now just continuing with your empty violent threats?
You want me to take you seriously so badly.
I feel for you bingo... I really do... but you're as likely to intimidate me as your dog is to impregnate that couch he's humping behind you. ;p
It ain't gonna happen. I'll never take you seriously. :)
And what would that get you? You're saying you could some sort of man in the middle attack?
That's easily defeated by connecting remote offices via VPN.
Look, the security set up that would be hackers always assume is a low one. One where any dipshit user can do pretty much whatever they want with their workstation. Install angry birds? Sure. Connect to face book? Sure.
A high security environment doesn't let you do these things. You try to run unauthorized code or executable... execution denied. You try to connect to something I don't need you to connect to? Access denied.
Your man in the middle attack would have to be between the system and a third party we couldn't run a VPN to...
And lets say you man in the middle attacked that. What does that get you? Access to our systems? Nope. Access to someone else's systems using some users password? MAYBE. It depends on if people are being stupid and not using multifactor authentication. A damn RSA keychain would make any scalped passwords of dubious value.
These things can be locked down so they don't get hacked. Systems like the ones I'm describing are not hacked. Ever. Not by the NSA. Not the Russians. Not by the Chinese.
If they want into these systems they have to send someone to the front door and either ask or demand to be let in... physically.
The hacks we see at Sony, OPM, etc... they have garbage security. You know that.
Can you think of any system that had the level of security I am talking about that ever got busted?
Ever?
Is it impossible? Depends. Computer security CAN be perfect. It just takes humility, disapline, purpose, a clear idea of what you want to do, and no compromising of the system for any reason after its been put in place.
You have issues in security because the systems are too adaptable. A hacker works by exploiting flexibility. If there is none, then there is nothing to exploit.
You don't know what I mean.
You have only machines that need to talk to each be able to talk to each other. You have only protocols you need enabled. You have an internal DNS server and you only permit access to domains ... to or from those domains.
I could go on. You get the idea. Tell me how you'd hack that?
You secure a network by locking down its capabilities to what you need to do and NOTHING else. Hacking then becomes basically impossible... right there.
Are you really so bad at judging personalities? Bingo, am profoundly neurologically atypical. I don't think like you. My emotions are things you wouldn't even begin to understand. There are no words for most of them.
I don't get angry.
I actually tend to laugh or make jokes when people like you get upset. I just can't take it seriously. Its so childish.
As to my responding to you means I fear you... nah... it means I have no one else to respond to right now so I might as well respond to my pal, bingo. :D
There's nothing you could do that would scare me. You're too cute.
As to my karma rating... currently execellent as usual, shit for brains.
When I get downvoted I tend to actually get more upvotes for it than the down votes. About a week ago I think I had something like 20 downvotes... it had to be 50 upvotes.
Shame it caps at 5. My e-penise would have been so big that day. :D
And sure, some group of pearl clutching nitwits will occasionally down vote something i say... but then I have more that are upvoted. So it balances out. I do a tally every so often when that "comment moderation" tab shows up. And I think my balance for today was something like 7 in my favor. I got about 5 downvotes. Mostly on posts were I just won and the poor sport probably logged in on a sock puppet account to downvote. It was so deep in the thread I can't imagine anyone else actually read that far into it.
Anyway... my tally for the day is positive.
Suck it.
As to my parent's address... I'd love to see one you troglodytes take on my parents. You'd get such a spanking. :D
Impress me by citing their address at any time. Or show up any time uninvited. Just say hello and introduce yourself as bingo. I will pour you a cold beer. Or if you're a wine man, I have a really great selection of wines and I would be happy to share a bottle with you. Truly. I won't even call the cops. Assuming you behave yourself. if you don't... what happens in the backyard under the rose bush stays in the back yard under the rose bush... am I right, Bingo? :)
It apparently would amaze you how fast they can get teams of guys with machine guns to drop out of helicopters if they feel threatened.
The obesity issue is not caused by a lack of bike paths...
Try harder.
There aren't a lot of people getting fat on salad.
All the big carriers... excluding t-mobile from my own experience... are these disorganized corporate monsters that don't even know what they're doing half the time.
I don't think they're half as evil as they appear... its just this relentless incompetence. Most of it is in the management structure.
A good thing ATT should do is split in maybe a dozen different companies. And then NOT immediately fucking merge back together again. Yes it improves your stock value but you're well past your peter principle with anything that big.
Anyone had to fight with ATT to get them to admit they said something or did something or said they were going to do something? Even pulling up my account when I had the 15 million digit number was hard on a few occasions. They have so many databases, so many departments, so many overlapping jurisdictions...
I was switching some old copper phone lines over to a VOIP system and at first ATT was saying "not possible"... then they said "we'll do it for you and it will cost you basically nothing for all the bells and whistles"... then the people I was talking to had black bags thrown over their heads, tossed in unmarked vans, and flown by cargo planes to a black site somewhere that involves a lot of BDSM for some reason.
The whole process was so rediculious that I just said f' it... and set up an asterisk box. We still get a good portion of our internet access from ATT but I refuse to talk to them about any other service besides internet at this point.
Listen ATT, at the very least, create subsidiary companies. You don't need to call EVERYTHING ATT. Have it be owned and controlled by ATT. But give it its own website, marketing, phone numbers, etc. If the service is worth any money to you then it is in your interest to make the customer know you EVEN DO IT. A lot of ATTs services are effectively fucking secrets. They don't tell anyone they can do it. And that's just stupidity because the services are awesome. But try to get that department tomorrow through their corporate phone maze... and fail. If ATT mobile became a different company from att copper from att voip from att broad band from att fiber... etc. Each should just be their own thing. you can put att in the name if you want. But make it a different largely independent management structure.
There's nothing angry about me, bingo. I swear for emphasis and because it hurts your precious wuddle feelings. :)
not because I'm mad. You're annoying at worst.
I think I've explained to you before that anger requires FEAR. I'd have to FEAR you to be angry.
What possible reason could I have to fear "you"? You "are" garbage. ;)
Anyone that interacts with you for even a few seconds knows you're garbage. Notice all the people that take you seriously or upvote you? No one does which is why you post AC. You're so afraid of being being identified as the garbage you are that you askew all karma and records... and post every post with a karma rating of 0. The only reason I even see your stupid ass is because I feel like giving people a chance. Sadly the system doesn't let me filter out AC trolls. Which is a big design flaw.
Garbage doesn't threaten me. *kiss kiss*
First, I know you're not the stalker. You're actually attempting to be rational. Bingo doesn't do that.
Second, your third option is to say you're the Amish.
Did the Amish stop the industrial revolution?
No they did not.
Your refusal to participate will merely set you apart and make you an anachronism. Your engineered peers will be healthier, better looking, smarter, longer lived, etc.
Keep in mind, I actually am glad there are people like you. You are useful to me. You'll be a pristine gene bank. In the event that there are problems and we need samples of baseline humans, we can compare what went wrong with our mod with you.
So I'm glad you're there. You'll also be a useful scientific counter point. We will point at various human statistics in the future and compare them against past humans. And its hard to do that because how do you know that some of it isn't education or something. But then you'll be there. Unmodified and fully able to show us emperically what the stats would be if we didn't get the mods.
That's useful... for science.
At best that is your role. But your belief that you can outright stop it because perhaps a few hundred million people don't like it? No. You can't stop it.
Yes, you can become the Amish, a heritage gene bank, and a statistical benchmark. Look forward to that.
And what makes you think Pakistan is an ally of China?
You can move economic goods that way. But then the US believes in free trade so we wouldn't interfere with that in any case.
Now imagine what happens if Chinese troops enter pakistan? The chinese are not muslim. ;) So the fun is pretty predictable. The beardy death cultists will cause problems.
What is more, pakistan is very unstable. They've a very tense relationship with India and the two can be played off against each other if you need them to change policy. China's road further doesn't get them out of the box.
To get out of the box, China would need a network of contracted ports that they could dock warships in at any time for supply/repair/RR for crew. And then china would need a large Navy to make use of that.
China is a land power. Not an air power. Not a sea power. They are a LAND power.
Land powers very rarely are able to field credible navies or to invest the time to really understand what they are doing.
When land powers go to sea, they are frequently incompentent, their designs are comically bad, they easily lose interest and go back to their land issues, and even if they aren't... you can intentionally distract them very easily.
It takes a special mentality and commitment and experience to be able to pull it off. The chinese have none of it. None.
They don't think in terms of the sea. They think in terms of their borders.
Think of the US. Do we think in terms of OUR borders? No. Our borders are the least of our concerns. America is the world's largest Island naval power. North America is our island. At a strategic level, we dominate it utterly. China can't make that claim. Russia can't make that claim. The UK can. The US can. Japan can. And this means that such powers can project without having to man expensive forts or whatever along our borders because we can more easily intercept things at sea long before they get to us. And since we're already out there ready to intercept... we can use the same force to project power.
China also has iffy relations with their islamic population. The chinese love pork. They're not big fans of foreign religions. And they're pretty xenophobic compared to most people... and there are some muslims living in China. And that means that with some frequency the Chinese crack down on them whenever they get uppity.
Beyond that, to secure Pakistan, China would have to PAY them. I mean MONEY. Not public works. Cash. That's what the Pakistanis really want. Mostly to keep their government from collapsing and to keep the political wheels greased in what is one of the most corrupt societies possible. The US pays Pakistan. If Pakistan flips on us, we'll double down on India, stop sending checks to Pakistan... and then China is going to have fun dealing with the shit storm that creates.
The thing I find the most interesting about these discussions is that people don't appreciate that Americans not only are capable of but have generally thought through the geopolitics through in greater detail than most nations. We after all must consider wider spans of the globe. We balance one area that is getting pissy with another.
We are not a stupid people. To the contrary, we have a better handle on how to manage these issues than most powers can imagine.
Wrong. Because my opinion was 100 percent what the AI expert's opinion was before he even opened his fucking mouth.
Why is that?
Coincidence? I randomly had the right opinion? Or maybe I actually do know something about AI systems as demonstrated by my further comments but I wouldn't call myself an expert.
I don't program the fucking things. I work with some expert systems at work and they're useful tools. But take over the world? Not on their own. Maybe if someone told them to.
AIs don't want anything. They have no will. They have no sense of self preservation.
All the AI fear is based on cartoonish anthropomorphizations of what are machines.
Most of the speculation makes about as much sense as the movie "cars" where all the cars are self aware people.
AIs are not self aware and they're not people. They don't have our genetic history.
Now if you want to fear something... fear cyborgs. A cyborg could be pretty fucking scary. All the power of your best AI/robot with the core mind of a man/woman. Then you're dealing with something legitimately dangerous. Not because the machine is dangerous. But rather because the man was always dangerous. The machine just let him do things he couldn't do before.
By what measure are you saying that?
GDP adjusted for inflation contradicts your position.
Look at this graph:
http://www.multpl.com/us-gdp-i...
*looks sadly at poster*
I'm afraid you've been brain washed.
*tears up a little bit*
I want you to know I feel for you and it isn't your fault. Some people can't protect themselves from this sort of gaslighting.
You need a very strong mental constitution to be able to digest, filter, and process that shit we're fed on a regular basis into useful information.
Today, the average Russian earns about 25 percent what the average American earns. Their per person adjusted earning power is lower than Slovakia.
SLOVAKIA out performs modern Russia.
And we can go through all the other communist failed states which is redundant because communism does nothing but fail. You'll find nothing but a pitiful record of disappointment.
I can't have a discussion that is logical with someone if they believe in a fantasy world.
You are entitled to your own opinions. You are not entitled to your own facts. The only remnants of communism left are some cultural marxists hiding like rats between the walls in our liberal arts departments. And their days are numbered as well because rather then being subtle they're just creating one social media and political disaster after another.
In another 50 years or so they'll be largely purged from places that cause us any trouble... and what remains will be sort of a cute harmless throwback that no one takes seriously.
What?
I'm assuming you're kidding.
The average in and out has a line going around the fucking block every time I see one.
Around.
The fucking
Block.
In and out isn't saying they're having financial problems and they haven't changed their menu in decades.
Where as McDs is often as not full of homeless people, the primary selling point is the 24 hour drive through, they're constantly complaining about missed sales projections, their menu is changing constantly because they can't figure out what people want (because they're stupid), and oh yeah, their CEO had to step down because of all the fucking missed sales projections.
As to people buying garbage... fewer people are and it is causing an existential crisis for McDs. Instead of offering apple slices and fucking salads. They should have offered a real burger with a real cut of meat. And while they're at it... recycle that beef tallow from the real burgers to make your fries.
I'm almost positive this is what happened to their frying operation. They shifted to garbage meat, the lost access to the free tallow produced by cooking real meat, and thus had to resort of various bullshit substitutes.
As to me being unique... not that unique. McD's sales are poor. Going with salads and apple slices did NOTHING for them. It just cost them money. No one wanted their wilted salads or browning apples.
Go to a fat burger if you can find one or an In and Out. Very popular. Very good food.