On the other hand, in 10.4.app extensions show whether or not you're hiding extensions. People complain about that, too, but it's a different set of people.
Who says it has anything to do with physical fitness? Bad ergonomics *make* physically unfit, by encouraging all sorts of problems. In the computer industry it's rsi, carpal tunnel syndrome, back problems, etc. As to the comment regarding companies fighting tooth and nail for employees, that assumes demand for employees, which is why computer companies are currently one of the few industries that pay attention to ergonomic issues. What about people in mcjobs? They can be fired at will, they have no job security, "why did you leave your last job?" "they weren't concerned about ergonomics" "don't call us, we'll call you."
As to the question of typing, many many jobs today require typing. To say that anyone that wants to avoid injuries *that could be avoided if companies weren't too cheap to essentially trade off their employees' well being for quicker profits* is to suggest that anyone who wants to avoid injuries should limit themselves to working at Burger King (where OSHA regulations are already in place).
VC, for the most part, do not sign NDAs. Even asking for one is considered a sign of naivete by many of them. On the other hand, there are other things you can do to protect yourself.
However, if you're talking to VC, rather than concentrating on the idea, it might be better to concentrate in the idea itself. It's a cliche, but VCs don't invest in ideas, they invest in businesses, which means in investing in the teams that will deliver. Your track record is important. Details like figuring out a viable business plan are important. Knowing where your strengths are and who you need to hire are important. Having someone who can sell the thing is important. Having contacts in the target market is important. If you can arrange sales ahead of time, even better (VCs like proof that the idea can make money). Your great idea may be combined with $1.50 to procure a hot caffeinated beverage.
I thought the article as a whole was fairly good in regards to coverage of CBRN / "weapons of mass destruction" attacks. Unfortunately, it melded Cyberwar (or "Infowar" as it is more commonly known in industry) into the description of CBRN attacks which caused it to miss the point.
Infowar is inherently different from other forms of attacks. As several others have pointed out, Infowar attacks aim to disrupt critical infrastructure by undermining the computational basis of that infrastructure, as opposed to conventional attacks which just blow up the infrastructure, or CBRN attacks which kill all the people in/near the infrastructure.
IMHO, this is not the critical difference, as all these forms of attacks focus on disrupting the infrastructure.
The real difference, then, is in delivery. Conventional weapons must be built at physical locations, then transported (by land, sea or air) and delivered (by hand delivery, shelling, missile, etc.) All of these operations take place in more or less the same fashion regardless of whether the end munitions are explosive, chemical, biological, radioactive, or what have you.
On the other hand, the munitions of Infowar are constructed on computer and delivered by computers, with no transport phase. A competent cracker can understand, create, and deliver an attack without leaving his bedroom. The parts he needs are the same computers and modems that you and I buy off the shelves and the same software development tools (to create the attacking software) that all software developers use.
This raises another issue, which is competence. So called "script kiddies" may be able to take out a public web site, but it takes a lot more knowledge and effort to bring down critical infrastructure pieces (communications networks, power networks, banking networks) that are not connected to public networks, have some experience being attacked, and have the money to pay for better defense.
A country cannot hire a 15 year old off the streets to go take out the credit card networks. On the other hand, they can find some very bright 15 year olds and give them computers and pay them to sit around for five years until the now 20 year olds have the experience to make such an attack. The problem here is that such a strategy would be very hard to notice - satellites and HUMINT will help find a chemical weapons manufacturing facility, but they won't tell you which 6 post-adolescents in a company of millions are browsing amazon.com, which are downloading pornography, and which are preparing to eliminate steal the pension plans of all the toll collectors in the state of New York.
This example highlights another problem: the sheer variety of targets. Information technology touches so much of modern post-industrial society that just about anything you can think of has some form of vulnerability. We cannot patch all those holes - we cannot even identify them. What is vital? What can we live without? How much do we have to defend? A power company can harden its systems all it wants, as can a bank, but if the connection between the two is vulnerable they both suffer, along with all of both their customers. Your security is only as good as your weakest link.
As to specific questions asked:
* Using CT, how easy or otherwise is it to bring down or attack vital systems?
It depends largely on the people involved and the systems involved. Various people claim to be able to knock out vital systems today. An NSA experiment found that a group of trained crackers were able to penetrate the Pacific Fleet's infrastructure within a matter of weeks, without detection.
* What sort of skills would be needed to do so, and are they common/teachable?
For simple attacks against undetected targets on public nets, the skills necessary would be mostly social, and would involve getting access to pre-packaged attack software and using it. These skills can be learned online with very little effort.
For more complex attacks the attacker will need to be proficient in computer programming, computer system designs, and will need to spend time understanding the mechanisms and vulnerabilities in the target system. The attacker will need motivation, intelligence, intellectual curiosity, and will need to be comfortable with computers. The specific skills related to attacking (beyond knowing how to program, etc.) can be learned in months, with the techniques for any given attack needing to be developed on a case-by-case basis.
* Commercial-off-the-shelf software: can it really do CT?
To the best of my knowledge there is no COTS software that is designed for system attacks. However, there are many pieces of software available on the Internet that are used for such attacks, both as detection devices (a security tool that finds holes in your system can also be used against you) and as attack devices (programs which exploit specific features of known systems to attack the system, e.g. the notorious AOHell program for gaining free access to AOL).
* Which systems are actually attackable?
Any and all. There is no such thing as a completely secure system (or if there is, no one I know has ever seen it), only progressively more difficult systems. For modern Infowar the primary concern will be for systems that have some form of outside network access from which they can be attacked (e.g. anything on the Internet). Most intelligence agencies have "physically secure" networks, which indicates that they are never connected to other networks (such as the Internet). Someone attacking the NSA networks would have to actually enter an NSA facility to gain access to one of these networks.
* Can a recovery be made from such attacks?
It depends on the attack. If the attack intends to merely disrupt the quality of information (e.g. corrupt a target database to produce unreliable output) the system can generally be brought back from backup. If the attack triggers a event (such as launching a nuclear missile), recovery means reaction to the event rather than resetting the system to the status-quo ante.
* Is it likely to improve/get worse?
It is likely to get worse and worse and worse as the number of computers in the world continues to increase. It will probably get dramatically better at some point as people finally become security conscious, then continue getting worse again.
* What sort of preventative work would you recommend them to carry out?
The best preventative work will involve security audits for critical systems, improved security measures for those systems, and training and protocol. Some examples of better techniques include: better training for personnel dealing with computers. 80% of attacks are facilitated by poor security policies at the attacked organization. ubiquitously available public-key encryption. public-key encryption brings two forms of security: secured transport of information, and authentication of the transmitting parties.
Yeah, it's got a nice Mac interface. But it isn't a Palm Desktop. It's Claris Organizer with the Palm Desktop name. The data model doesn't match the Palm handheld. It's about as seamlessly matched to the handheld as Microsoft Outlook.
The Palm developers were too busy adding gee whiz features like different colored window backgrounds to concentrate on making the data match up. Look at the newsgroups. You see two kinds of posts: 1. "I love the new interface!", 2. "WHY DOESN'T MY DATA SYNC!?"
Idiotic.
-faisal -the only reason it gets good reviews is that the Mac reviewers look at it, go "ooh, pretty, feel like a Mac", and don't use it long enough to realize that half the features don't transfer -THE SECURITY DOESN'T EVEN WORK
Slashdot Mirror
Apple users complain about this a lot.
.app extensions show whether or not you're hiding extensions. People complain about that, too, but it's a different set of people.
On the other hand, in 10.4
This suggestion is ridiculous.
Who says it has anything to do with physical fitness? Bad ergonomics *make* physically unfit, by encouraging all sorts of problems. In the computer industry it's rsi, carpal tunnel syndrome, back problems, etc. As to the comment regarding companies fighting tooth and nail for employees, that assumes demand for employees, which is why computer companies are currently one of the few industries that pay attention to ergonomic issues. What about people in mcjobs? They can be fired at will, they have no job security, "why did you leave your last job?" "they weren't concerned about ergonomics" "don't call us, we'll call you."
As to the question of typing, many many jobs today require typing. To say that anyone that wants to avoid injuries *that could be avoided if companies weren't too cheap to essentially trade off their employees' well being for quicker profits* is to suggest that anyone who wants to avoid injuries should limit themselves to working at Burger King (where OSHA regulations are already in place).
VC, for the most part, do not sign NDAs. Even asking for one is considered a sign of naivete by many of them. On the other hand, there are other things you can do to protect yourself.
However, if you're talking to VC, rather than concentrating on the idea, it might be better to concentrate in the idea itself. It's a cliche, but VCs don't invest in ideas, they invest in businesses, which means in investing in the teams that will deliver. Your track record is important. Details like figuring out a viable business plan are important. Knowing where your strengths are and who you need to hire are important. Having someone who can sell the thing is important. Having contacts in the target market is important. If you can arrange sales ahead of time, even better (VCs like proof that the idea can make money). Your great idea may be combined with $1.50 to procure a hot caffeinated beverage.
I thought the article as a whole was fairly good in regards to coverage of CBRN / "weapons of mass destruction" attacks. Unfortunately, it melded Cyberwar (or "Infowar" as it is more commonly known in industry) into the description of CBRN attacks which caused it to miss the point.
Infowar is inherently different from other forms of attacks. As several others have pointed out, Infowar attacks aim to disrupt critical infrastructure by undermining the computational basis of that infrastructure, as opposed to conventional attacks which just blow up the infrastructure, or CBRN attacks which kill all the people in/near the infrastructure.
IMHO, this is not the critical difference, as all these forms of attacks focus on disrupting the infrastructure.
The real difference, then, is in delivery. Conventional weapons must be built at physical locations, then transported (by land, sea or air) and delivered (by hand delivery, shelling, missile, etc.) All of these operations take place in more or less the same fashion regardless of whether the end munitions are explosive, chemical, biological, radioactive, or what have you.
On the other hand, the munitions of Infowar are constructed on computer and delivered by computers, with no transport phase. A competent cracker can understand, create, and deliver an attack without leaving his bedroom. The parts he needs are the same computers and modems that you and I buy off the shelves and the same software development tools (to create the attacking software) that all software developers use.
This raises another issue, which is competence. So called "script kiddies" may be able to take out a public web site, but it takes a lot more knowledge and effort to bring down critical infrastructure pieces (communications networks, power networks, banking networks) that are not connected to public networks, have some experience being attacked, and have the money to pay for better defense.
A country cannot hire a 15 year old off the streets to go take out the credit card networks. On the other hand, they can find some very bright 15 year olds and give them computers and pay them to sit around for five years until the now 20 year olds have the experience to make such an attack. The problem here is that such a strategy would be very hard to notice - satellites and HUMINT will help find a chemical weapons manufacturing facility, but they won't tell you which 6 post-adolescents in a company of millions are browsing amazon.com, which are downloading pornography, and which are preparing to eliminate steal the pension plans of all the toll collectors in the state of New York.
This example highlights another problem: the sheer variety of targets. Information technology touches so much of modern post-industrial society that just about anything you can think of has some form of vulnerability. We cannot patch all those holes - we cannot even identify them. What is vital? What can we live without? How much do we have to defend? A power company can harden its systems all it wants, as can a bank, but if the connection between the two is vulnerable they both suffer, along with all of both their customers. Your security is only as good as your weakest link.
As to specific questions asked:
* Using CT, how easy or otherwise is it to bring down or attack vital systems?
It depends largely on the people involved and the systems involved. Various people claim to be able to knock out vital systems today. An NSA experiment found that a group of trained crackers were able to penetrate the Pacific Fleet's infrastructure within a matter of weeks, without detection.
* What sort of skills would be needed to do so, and are they common/teachable?
For simple attacks against undetected targets on public nets, the skills necessary would be mostly social, and would involve getting access to pre-packaged attack software and using it. These skills can be learned online with very little effort.
For more complex attacks the attacker will need to be proficient in computer programming, computer system designs, and will need to spend time understanding the mechanisms and vulnerabilities in the target system. The attacker will need motivation, intelligence, intellectual curiosity, and will need to be comfortable with computers. The specific skills related to attacking (beyond knowing how to program, etc.) can be learned in months, with the techniques for any given attack needing to be developed on a case-by-case basis.
* Commercial-off-the-shelf software: can it really do CT?
To the best of my knowledge there is no COTS software that is designed for system attacks. However, there are many pieces of software available on the Internet that are used for such attacks, both as detection devices (a security tool that finds holes in your system can also be used against you) and as attack devices (programs which exploit specific features of known systems to attack the system, e.g. the notorious AOHell program for gaining free access to AOL).
* Which systems are actually attackable?
Any and all. There is no such thing as a completely secure system (or if there is, no one I know has ever seen it), only progressively more difficult systems. For modern Infowar the primary concern will be for systems that have some form of outside network access from which they can be attacked (e.g. anything on the Internet). Most intelligence agencies have "physically secure" networks, which indicates that they are never connected to other networks (such as the Internet). Someone attacking the NSA networks would have to actually enter an NSA facility to gain access to one of these networks.
* Can a recovery be made from such attacks?
It depends on the attack. If the attack intends to merely disrupt the quality of information (e.g. corrupt a target database to produce unreliable output) the system can generally be brought back from backup. If the attack triggers a event (such as launching a nuclear missile), recovery means reaction to the event rather than resetting the system to the status-quo ante.
* Is it likely to improve/get worse?
It is likely to get worse and worse and worse as the number of computers in the world continues to increase. It will probably get dramatically better at some point as people finally become security conscious, then continue getting worse again.
* What sort of preventative work would you recommend them to carry out?
The best preventative work will involve security audits for critical systems, improved security measures for those systems, and training and protocol. Some examples of better techniques include:
better training for personnel dealing with computers. 80% of attacks are facilitated by poor security policies at the attacked organization.
ubiquitously available public-key encryption. public-key encryption brings two forms of security: secured transport of information, and authentication of the transmitting parties.
"pushed so hard"?
The new MacPac is *a joke*.
Yeah, it's got a nice Mac interface. But it isn't
a Palm Desktop. It's Claris Organizer with the Palm Desktop name. The data model doesn't match the Palm handheld. It's about as seamlessly matched to the handheld as Microsoft Outlook.
The Palm developers were too busy adding gee whiz features like different colored window backgrounds to concentrate on making the data match up. Look at the newsgroups. You see two kinds of posts: 1. "I love the new interface!", 2. "WHY DOESN'T MY DATA SYNC!?"
Idiotic.
-faisal
-the only reason it gets good reviews is that the Mac reviewers look at it, go "ooh, pretty, feel like a Mac", and don't use it long enough to realize that half the features don't transfer
-THE SECURITY DOESN'T EVEN WORK