Just replying to myself here with some statistics for anyone else who is interested:
11 replies 9 of them with no content to speak of 6 of those with ad-hom attacks 1 dissenting reasoned argument (to which I concur, nobody is saying IT security isn't important) 1 in support of my position (antisocial behavior is and should be unacceptable no matter where it happens)
This is about what I expected, but it's disheartening to see so many knee-jerk reactions in favor of malice, theft and schadenfreude. Surely we can think of a way to raise awareness of security, without the extra make-someone's-life-miserable that these Anonymous-affiliated hacker groups seem to favor?
This needs to stop. I can't wait for long prison sentences for all of the people involved in this. It's like Anonymous tried to figure out how they could be even more evil, by exposing unsuspecting randoms to identity theft risk "because they can." It's no longer making a statement, it's the online equivalent of a gang of punks going around smashing in car windows and robbing old ladies of their social security when they leave the ATM.
Only one thing will come of all this, and honestly I'm damn near the point of embracing it instead of fighting it: severe restrictions on Internet freedom and intense monitoring and logging by ISPs and the Government. I want my game servers to be up, I want my credit card information not to be stolen, and if I look at pornography I want that fact to be between me and my hand and not posted to a web site. The Internet should be a place of freedom, but this isn't freedom, it's anarchy and if the choices are between a regulated Internet relatively free of this kind of malicious disruption of innocent bystanders or the "Wild West" over a fiber optic link, I'm just going to have to take the former.
This must be happening with cooperation of the phone manufacturers, if the device is able to work with over 3000 models of phones and defeat password protection. Which phones aren't easily scanable?
Whisper Systems offers a few applications for Android phones to mitigate the risk of this attack. TextSecure hooks and intercepts SMS and MMS messages, storing them locally encrypted (and offering transport-layer protection based on the OTR protocol to another Android handset using TextSecure), Red Phone to make end-to-end encrypted VoIP calls from one Android handset to another running the application, and WhisperCore to perform full system encryption for phones that support that feature.
They're effective enough their author Moxie Marlinspike is harassed and his equipment seized every time he crosses the U.S. border, so I'd expect it's enough to keep "overly motivated" Michigan State Police out of the phone as well.
If it looks the same and is called the same, people are going to expect it to behave the same. But I suspect this will be handled like the Apple transition from POWER to Intel chips - fat binaries for new apps, the Common Language Runtime and other runtimes ported to ARM, and an emulation layer (probably based on VirtualPC) to handle stuff that really can't be easily handled any other way such as legacy apps.
I think the Loudness War hit CDs, too. I picked up a large collection of discs stamped in the '90s/very early 2000s. I happen to also have a 1-year-old copy of the same album, something by Pearl Jam. The older CD sounds considerably better than the new CD. Much more dynamic range. Have to turn the stereo up a little more to hear it, though.
VPN service can start as low as $20/year. You'd be hard-pressed to spend over $100 for a year of full-speed access via OpenSSL or something. (I'd recommend that, something where the certificate and key are exchanged before you go China, just to be sure there's no MITM going on.)
I doubt your time is so worthless that you would be better served by setting up your own method on Linux, than by skipping Starbucks for a week before you leave and putting that money into a turnkey solution.
It lets you reach the other person via phone number, even though the communication itself will be taking place over the data/IP channels. SMS to exchange IPs, and then the connection goes through.
Sounds like the Germans have it right. Having been a victim of homeschooling myself for 7 years, I think it should be illegal. I received a good education (better, arguably, than I would have received in a proper school) but got dumped out into high school without the vaguest idea how to socialize with others. It took me all of high school and into college to learn the social rules I was deliberately sheltered from and it caused me extreme psychological distress. My parents even made considerable extra effort to ensure I'd have friends, etc. that I'd meet at "homeschooling support groups" and such. It just wasn't enough: eight hours per week of socializing with kids equally maladapted as I was just isn't going to cut it.
It's been over a decade since this all ended, and I am still incredibly angry at my parents for the whole thing.
Auto-suggest tends to be generated based on search popularity. If not a lot of people are typing the terms you want to see, they're not going to show up in auto-suggest. Unless someone added them manually, I suppose -- but that's where the REAL bias would be.
The sample group is highly self-selected to be geeks. Geeks, most of whom hate Vista (but were willing to try the 7 RC) and are aware of alternatives to Microsoft Office. The IE thing, is probably pretty representative of the general population.
I imagine they're doing it all via the MMC/System Center apps. It connects via WMI to remote services and lets you manage them as if you were sitting at the console. That's how we do it all here at my office, to manage close to 100 remotely located servers. Need to manage one of the various SQL boxes? Fire up SQL Enterprise Manager MMC, add the servers to the console, and go. Need to manage Exchange? Fire up Exchange Administration, add the server and go. Need to manage remote services? Computer Management MMC. Hyper-V? Hyper-V MMC is pretty solid, although System Center Virtual Machine Manager makes it even easier.
The only times I need to get directly into a server are where I haven't bothered to install a couple of little-used MMCs onto my workstation.
Centralized Windows administration in a domain environment is ridiculously easy.
Whole-Disk AES via TrueCrypt is only BARELY above the "acceptable" threshold on a Core Solo. I cringe to think what it'd be like on an Atom. A better bet would be to use a container-hosted TrueCrypt volume, and set your My Documents folder into that volume.
Assuming low watts overall, he could probably achieve satisfactory performance from a 70V or 105V constant-voltage audio system over phone wiring. Added benefit of not requiring any real consideration to serial/parallel arrangements, too.
The bottle itself is a polymer of Bisphenol-A sub-units. As the bottle itself naturally breaks down from exposure to light, heat, etc. the polymer sub-units are liberated into the free BPA that is a problem. As long as there's a bottle made of polycarbonate, the water stored in it will have BPA.
People who you trust, are more likely to know more details about your life. So, of course, they may come across information that could also be used for a secret question. But, then again, they are people you trust so it's less of a big deal. I've never known personally, and have only heard once on the Internet, of someone whose close friend cleaned out their bank account by guessing their secret questions.
The real problem is that 17% of non-trusted individuals were able to piece together some of those answers.
Why do 3G data plans cost this much? Why are providers fighting to drop unlimited data plans whenever they've existed to go back to tiered models?
I was looking into purchasing a 3G data card to use as my primary Internet connection, since I primarily use a laptop anyway and frequently am traveling or otherwise on the road.
Verizon: $59.99/mo for 5GB (or $199.99/mo for 10GB, which is only available by request and not advertised.) AT&T: $59.99/mo for 5GB Sprint: $59.99/mo for 5GB T-Mobile: Had trouble finding specifics for a standalone card, gave up looking.
So, there you have it: all the major carriers offering this service, offer the exact same product at the exact same price. (The product being wireless 3G data access, anyone who wants to mention the modulation differences is being pedantic.) Price-fixing and collusion, anyone? Sprint used to offer an actually-unlimited data plan, but as far as I know, that ended quickly and their pricing fell right in line with that of their "competitors." It would actually be cheaper for me to purchase multiple 5GB accounts than to just use a single device the entire time.
Why is it like this? Surely, the cellular networks aren't so much lower capacity than regular networks are. It's not like everyone would suddenly ditch their cable/DSL/fiber service and switch to 3G anyway: most people don't need or even want that. I'd be willing to pay about $100/month for true-unlimited 3G service, but I just can't find anyone willing to sell it to me.
I think the FTC and FCC should open some investigations on this subject. Especially with these companies spending billions to "upgrade their infrastructure" in a way that, apparently, provides consumers with fewer choices and more restrictions.
That's an amazing site. A few years ago, I hosted a special about appreciating "indie" music from the legal perspective -- right about the time the litigation campaign really started -- and shared that web site with the listeners of a prime-time show on WREK-FM Atlanta, and mentioned how people could look up if their IP addresses were among those on the lawsuit lists based on data I found on PACER.
Obviously, it's not an exact science the IP correlation, but the first round of lawsuits was against some fellow students at my college at the time and all had static IPs and knew it so it proved effective enough.
I haven't really thought about that for a while, so thanks for the cool throwback!
Local police departments are woefully incompetent. I was once asked to consult for a local Sheriff's Office Economic Crimes Unit (handled their fraud cases and computer crimes--including physical theft of computers apparently), based on the word of mouth of a victim of a crime telling the investigating officer "I don't know much about what I had, but you should call my IT guy, he'll tell you."
I ended up answering a few calls from someone who claimed to be relatively high-up, at least -- stuff about serial numbers, etc. and what is, or is not, "unique" to a machine and could be used for identification purposes. To the best of my knowledge, they did actually recover some of the stolen goods and no private data was compromised.
My guess is there's just no resources left for local police departments to handle this sort of thing. Prosecuting "sexting" (I hate that word) and arresting 17-year-olds for saying "fuck" during a 911 call about her father dying from a seizure are far, far more important.
Agreed. My Comcast broadband connection is not fast enough to play back a Hulu stream without freezing while it re-buffers every few minutes. I think they're shaping the traffic, or something.
But, yeah. I've used Hulu exactly twice. Once to see what it was like, and once to watch an episode of the Office my Tivo missed because I'd accidentally disconnected the power. Not being able to buffer up is a huge problem.
Someone I know was being considered for an internship. They were basically going to be a courier/secretary/office assistant type of thing. She, dutifully, set her Facebook profile to the second-most restrictive setting (Search by name reveals that you have a profile and shows your avatar, but you must request to be added as a friend to see anything beyond name and picture.) Short of a security exploit, there was no way anyone could find out anything about her (and hence, no information that could potentially make the employer "look bad" for things the employee did off the clock.)
As a part of the interview process, she reported that the interviewer logged into Facebook, searched for her, saw she had a profile and told her to log in under her own account and show its contents, or the interview was over.
The worst part is, she did it. (And she did get the job.)
Slashdot Mirror
Just replying to myself here with some statistics for anyone else who is interested:
11 replies
9 of them with no content to speak of
6 of those with ad-hom attacks
1 dissenting reasoned argument (to which I concur, nobody is saying IT security isn't important)
1 in support of my position (antisocial behavior is and should be unacceptable no matter where it happens)
This is about what I expected, but it's disheartening to see so many knee-jerk reactions in favor of malice, theft and schadenfreude. Surely we can think of a way to raise awareness of security, without the extra make-someone's-life-miserable that these Anonymous-affiliated hacker groups seem to favor?
This needs to stop. I can't wait for long prison sentences for all of the people involved in this. It's like Anonymous tried to figure out how they could be even more evil, by exposing unsuspecting randoms to identity theft risk "because they can." It's no longer making a statement, it's the online equivalent of a gang of punks going around smashing in car windows and robbing old ladies of their social security when they leave the ATM.
Only one thing will come of all this, and honestly I'm damn near the point of embracing it instead of fighting it: severe restrictions on Internet freedom and intense monitoring and logging by ISPs and the Government. I want my game servers to be up, I want my credit card information not to be stolen, and if I look at pornography I want that fact to be between me and my hand and not posted to a web site. The Internet should be a place of freedom, but this isn't freedom, it's anarchy and if the choices are between a regulated Internet relatively free of this kind of malicious disruption of innocent bystanders or the "Wild West" over a fiber optic link, I'm just going to have to take the former.
http://en.wikipedia.org/wiki/Radiotrophic_fungus comes to mind.
This must be happening with cooperation of the phone manufacturers, if the device is able to work with over 3000 models of phones and defeat password protection. Which phones aren't easily scanable?
Whisper Systems offers a few applications for Android phones to mitigate the risk of this attack. TextSecure hooks and intercepts SMS and MMS messages, storing them locally encrypted (and offering transport-layer protection based on the OTR protocol to another Android handset using TextSecure), Red Phone to make end-to-end encrypted VoIP calls from one Android handset to another running the application, and WhisperCore to perform full system encryption for phones that support that feature.
They're effective enough their author Moxie Marlinspike is harassed and his equipment seized every time he crosses the U.S. border, so I'd expect it's enough to keep "overly motivated" Michigan State Police out of the phone as well.
Easy answer: doing those things will hurt Facebook's bottom line. So, they won't until forced.
If it looks the same and is called the same, people are going to expect it to behave the same. But I suspect this will be handled like the Apple transition from POWER to Intel chips - fat binaries for new apps, the Common Language Runtime and other runtimes ported to ARM, and an emulation layer (probably based on VirtualPC) to handle stuff that really can't be easily handled any other way such as legacy apps.
I think the Loudness War hit CDs, too. I picked up a large collection of discs stamped in the '90s/very early 2000s. I happen to also have a 1-year-old copy of the same album, something by Pearl Jam. The older CD sounds considerably better than the new CD. Much more dynamic range. Have to turn the stereo up a little more to hear it, though.
VPN service can start as low as $20/year. You'd be hard-pressed to spend over $100 for a year of full-speed access via OpenSSL or something. (I'd recommend that, something where the certificate and key are exchanged before you go China, just to be sure there's no MITM going on.)
I doubt your time is so worthless that you would be better served by setting up your own method on Linux, than by skipping Starbucks for a week before you leave and putting that money into a turnkey solution.
It lets you reach the other person via phone number, even though the communication itself will be taking place over the data/IP channels. SMS to exchange IPs, and then the connection goes through.
Sounds like the Germans have it right. Having been a victim of homeschooling myself for 7 years, I think it should be illegal. I received a good education (better, arguably, than I would have received in a proper school) but got dumped out into high school without the vaguest idea how to socialize with others. It took me all of high school and into college to learn the social rules I was deliberately sheltered from and it caused me extreme psychological distress. My parents even made considerable extra effort to ensure I'd have friends, etc. that I'd meet at "homeschooling support groups" and such. It just wasn't enough: eight hours per week of socializing with kids equally maladapted as I was just isn't going to cut it.
It's been over a decade since this all ended, and I am still incredibly angry at my parents for the whole thing.
Auto-suggest tends to be generated based on search popularity. If not a lot of people are typing the terms you want to see, they're not going to show up in auto-suggest. Unless someone added them manually, I suppose -- but that's where the REAL bias would be.
Why? Who cares what the actual URL is after the redirect. You still got there, didn't you?
The sample group is highly self-selected to be geeks. Geeks, most of whom hate Vista (but were willing to try the 7 RC) and are aware of alternatives to Microsoft Office. The IE thing, is probably pretty representative of the general population.
I imagine they're doing it all via the MMC/System Center apps. It connects via WMI to remote services and lets you manage them as if you were sitting at the console. That's how we do it all here at my office, to manage close to 100 remotely located servers. Need to manage one of the various SQL boxes? Fire up SQL Enterprise Manager MMC, add the servers to the console, and go. Need to manage Exchange? Fire up Exchange Administration, add the server and go. Need to manage remote services? Computer Management MMC. Hyper-V? Hyper-V MMC is pretty solid, although System Center Virtual Machine Manager makes it even easier.
The only times I need to get directly into a server are where I haven't bothered to install a couple of little-used MMCs onto my workstation.
Centralized Windows administration in a domain environment is ridiculously easy.
Whole-Disk AES via TrueCrypt is only BARELY above the "acceptable" threshold on a Core Solo. I cringe to think what it'd be like on an Atom. A better bet would be to use a container-hosted TrueCrypt volume, and set your My Documents folder into that volume.
Assuming low watts overall, he could probably achieve satisfactory performance from a 70V or 105V constant-voltage audio system over phone wiring. Added benefit of not requiring any real consideration to serial/parallel arrangements, too.
The bottle itself is a polymer of Bisphenol-A sub-units. As the bottle itself naturally breaks down from exposure to light, heat, etc. the polymer sub-units are liberated into the free BPA that is a problem. As long as there's a bottle made of polycarbonate, the water stored in it will have BPA.
People who you trust, are more likely to know more details about your life. So, of course, they may come across information that could also be used for a secret question. But, then again, they are people you trust so it's less of a big deal. I've never known personally, and have only heard once on the Internet, of someone whose close friend cleaned out their bank account by guessing their secret questions.
The real problem is that 17% of non-trusted individuals were able to piece together some of those answers.
Why do 3G data plans cost this much? Why are providers fighting to drop unlimited data plans whenever they've existed to go back to tiered models?
I was looking into purchasing a 3G data card to use as my primary Internet connection, since I primarily use a laptop anyway and frequently am traveling or otherwise on the road.
Verizon: $59.99/mo for 5GB (or $199.99/mo for 10GB, which is only available by request and not advertised.)
AT&T: $59.99/mo for 5GB
Sprint: $59.99/mo for 5GB
T-Mobile: Had trouble finding specifics for a standalone card, gave up looking.
So, there you have it: all the major carriers offering this service, offer the exact same product at the exact same price. (The product being wireless 3G data access, anyone who wants to mention the modulation differences is being pedantic.) Price-fixing and collusion, anyone? Sprint used to offer an actually-unlimited data plan, but as far as I know, that ended quickly and their pricing fell right in line with that of their "competitors." It would actually be cheaper for me to purchase multiple 5GB accounts than to just use a single device the entire time.
Why is it like this? Surely, the cellular networks aren't so much lower capacity than regular networks are. It's not like everyone would suddenly ditch their cable/DSL/fiber service and switch to 3G anyway: most people don't need or even want that. I'd be willing to pay about $100/month for true-unlimited 3G service, but I just can't find anyone willing to sell it to me.
I think the FTC and FCC should open some investigations on this subject. Especially with these companies spending billions to "upgrade their infrastructure" in a way that, apparently, provides consumers with fewer choices and more restrictions.
That's an amazing site. A few years ago, I hosted a special about appreciating "indie" music from the legal perspective -- right about the time the litigation campaign really started -- and shared that web site with the listeners of a prime-time show on WREK-FM Atlanta, and mentioned how people could look up if their IP addresses were among those on the lawsuit lists based on data I found on PACER.
Obviously, it's not an exact science the IP correlation, but the first round of lawsuits was against some fellow students at my college at the time and all had static IPs and knew it so it proved effective enough.
I haven't really thought about that for a while, so thanks for the cool throwback!
Local police departments are woefully incompetent. I was once asked to consult for a local Sheriff's Office Economic Crimes Unit (handled their fraud cases and computer crimes--including physical theft of computers apparently), based on the word of mouth of a victim of a crime telling the investigating officer "I don't know much about what I had, but you should call my IT guy, he'll tell you."
I ended up answering a few calls from someone who claimed to be relatively high-up, at least -- stuff about serial numbers, etc. and what is, or is not, "unique" to a machine and could be used for identification purposes. To the best of my knowledge, they did actually recover some of the stolen goods and no private data was compromised.
My guess is there's just no resources left for local police departments to handle this sort of thing. Prosecuting "sexting" (I hate that word) and arresting 17-year-olds for saying "fuck" during a 911 call about her father dying from a seizure are far, far more important.
That's so spot-on, it actually animated in my head when I read it. Kudos.
Agreed. My Comcast broadband connection is not fast enough to play back a Hulu stream without freezing while it re-buffers every few minutes. I think they're shaping the traffic, or something.
But, yeah. I've used Hulu exactly twice. Once to see what it was like, and once to watch an episode of the Office my Tivo missed because I'd accidentally disconnected the power. Not being able to buffer up is a huge problem.
I posted this re: another comment, but it fits here too.
http://tech.slashdot.org/comments.pl?sid=1214901&cid=27763607
Someone I know was being considered for an internship. They were basically going to be a courier/secretary/office assistant type of thing. She, dutifully, set her Facebook profile to the second-most restrictive setting (Search by name reveals that you have a profile and shows your avatar, but you must request to be added as a friend to see anything beyond name and picture.) Short of a security exploit, there was no way anyone could find out anything about her (and hence, no information that could potentially make the employer "look bad" for things the employee did off the clock.)
As a part of the interview process, she reported that the interviewer logged into Facebook, searched for her, saw she had a profile and told her to log in under her own account and show its contents, or the interview was over.
The worst part is, she did it. (And she did get the job.)
I was appalled.