Found your problem. You seem to think that the web is about the data. Didn't flash give you a hint? Didn't the mac web design pros teach you anything? It's about the layout, stupid! This post optimized for 640 x480 and best viewed with netscape navigator using adobe type I Garamond font.
You're mostly correct - you are mentioning the problem with having a "Global Secret". In that sense, a personal password is little different than a "Global Secret" that hasn't been distributed, yet.
The larger issue is almost always endpoint security, though. Endpoints are *both* ends - your local PC, and the server at the far side. In this case, the cost of engineering a competent solution was more than the cost of a compromise - the bulk of the cost of this hack will be paid by anyone BUT Stratfor execs. Even if the company goes belly up, the execs won't lose a penny - they'll still walk away with a metric truckload of cash - cash that they didn't spend on a competent solution.
Wouldn't that be 668, the neighbor of the beast? Or 667, the guy who lives across the street from the beast, or perhaps even 666B, the guy who lives in the apartment loft above the beast (no doubt against local zoning law)? Seems that all of those would fit the condition of "closer".
> Alongside the constant drumbeat in some circles that the government is out to get them, it's important to understand there are actual legitimate reasons for things the TSA is doing, seen and unseen.
Name three.
Note that pumping billions into a crony corporation is not considered legitimate.
That's the problem - the senders often have a false expectation of email being real-time, and recipients feel that they are held-hostage to email being "high priority".
Your culture correctly asserts that an email demanding "immediate action" will be handled when you get to it, by virtue of the demand being sent via email. Other cultures stupidly assert that email has the exact same priority as a phone call - when a message comes in, everything stops until that message is inspected and prioritized, "just in case it requires immediate action". The end result is that ALL email "requires immediate action" until proven otherwise, under that scheme.
We used to get "crisis" text messages on our phones, for server-downs, building-on-fire, whatever. They were the only texts we'd get, so if you got that little "ding" sound on your phone... everything stopped. Now, there is so much crapflood via text that the scheme does not work - I've now made an outbound dialer that will call our cells instead. Your "if it's urgent, people will call" is not just for people.
I personally blame CIQ because the intercepted credentials are being sent to CIQ property; none of the items intercepted are incidental to providing any form of service; they then traffic a derivative of the intercepted credentials to the subscribing carrier.
If you seriously don't understand why this is a big deal... how many decades of jailtime would YOU get if you secretly did this to a SINGLE client's machine.
Tossing a skimmer onto an ATM does NOT become "legal" simply because you promise to "throw away the odd numbered digits".
Say, if they're not authorized to distribute because they are in violation of the license... I wonder if Fyodor can toss a DMCA takedown on them, then pull a RIAA and say each illegally distributed copy "stole" $2,943,809.00 from him. Although the humor would no doubt be lost on some...
Unlike most everything else mentioned here, they use a very novel approach that actually works, and scales. The challenge you've already run into is that every node on the network spends more time performing collision management than actually performing work. As things scale, this will get much, much, much worse.
Once you see their approach, you'll understand why the others suck in any non-trivial production.
There's nothing bad about it if you are of no merit.
For those who are... it's bad because carriers have no control of their infrastructure. It's bad because both the Chinese haxxors and the Russian mob have more control over that infrastructure than the carriers do. It's bad because the carriers have no accountability for their incompetence, negligence, or recklessness. It's bad because this package is trivial to hijack by an attacker - the attacker just needs to change some settings and then vanish. It's bad because the carriers have no incentive to stop the Russians and Chinese from farming you.
The carrier doesn't give two shits about why your phone died... there is no "customer support". If the phone dies, they either re-image or replace. Anything more will cost too much. The carrier isn't the one who'd triage the dead phone, anyway. It's the $7.00/hr schmuck in the shopping mall who does. I hope to god THEY do not have access to this CIQ data.
Slashdot Mirror
Found your problem. You seem to think that the web is about the data. Didn't flash give you a hint? Didn't the mac web design pros teach you anything? It's about the layout, stupid!
This post optimized for 640 x480 and best viewed with netscape navigator using adobe type I Garamond font.
will never feel bad about working there.
You're mostly correct - you are mentioning the problem with having a "Global Secret". In that sense, a personal password is little different than a "Global Secret" that hasn't been distributed, yet.
The larger issue is almost always endpoint security, though. Endpoints are *both* ends - your local PC, and the server at the far side. In this case, the cost of engineering a competent solution was more than the cost of a compromise - the bulk of the cost of this hack will be paid by anyone BUT Stratfor execs. Even if the company goes belly up, the execs won't lose a penny - they'll still walk away with a metric truckload of cash - cash that they didn't spend on a competent solution.
In related news, I know a PR guy who's looking for a job...
Wouldn't that be 668, the neighbor of the beast? Or 667, the guy who lives across the street from the beast, or perhaps even 666B, the guy who lives in the apartment loft above the beast (no doubt against local zoning law)? Seems that all of those would fit the condition of "closer".
Err, you may have confused the term "outburst" with the phrase "sustained, ongoing exchange".
> Alongside the constant drumbeat in some circles that the government is out to get them, it's important to understand there are actual legitimate reasons for things the TSA is doing, seen and unseen.
Name three.
Note that pumping billions into a crony corporation is not considered legitimate.
> The beauty of email is that it is asynchronous
That's the problem - the senders often have a false expectation of email being real-time, and recipients feel that they are held-hostage to email being "high priority".
Your culture correctly asserts that an email demanding "immediate action" will be handled when you get to it, by virtue of the demand being sent via email. Other cultures stupidly assert that email has the exact same priority as a phone call - when a message comes in, everything stops until that message is inspected and prioritized, "just in case it requires immediate action". The end result is that ALL email "requires immediate action" until proven otherwise, under that scheme.
We used to get "crisis" text messages on our phones, for server-downs, building-on-fire, whatever. They were the only texts we'd get, so if you got that little "ding" sound on your phone... everything stopped. Now, there is so much crapflood via text that the scheme does not work - I've now made an outbound dialer that will call our cells instead. Your "if it's urgent, people will call" is not just for people.
^^ Mod parent funny!
Pretty sure that Emperor Xenu already tried something like that.
Felony.
^^ someone clearly thinks that "software RAID" is actually RAID.
Get a clue.
You seem to have a very cavalier attitude toward costs that caused by, but not paid by you.
Gimme a few seconds, I'll have a wikipedia entry that'll confirm every claim he's making.
Err...
...only on Earth would someone actually name a country "Belgium".
...millions of thousandares.
I personally blame CIQ because the intercepted credentials are being sent to CIQ property; none of the items intercepted are incidental to providing any form of service; they then traffic a derivative of the intercepted credentials to the subscribing carrier.
If you seriously don't understand why this is a big deal... how many decades of jailtime would YOU get if you secretly did this to a SINGLE client's machine.
Tossing a skimmer onto an ATM does NOT become "legal" simply because you promise to "throw away the odd numbered digits".
Say, if they're not authorized to distribute because they are in violation of the license... I wonder if Fyodor can toss a DMCA takedown on them, then pull a RIAA and say each illegally distributed copy "stole" $2,943,809.00 from him. Although the humor would no doubt be lost on some...
I believe the void you refer to is called Sarchasm.
When you hear "Corporations are People", your perception is wrong.
Try thinking more along the lines of Soylent Green.
And with that, putting them through a tree chipper is a perfectly viable solution. With food coloring added before packaging, of course.
So in other words, they're intercepting my voicemail passwords and pins.
Hey, wasn't that in the news the other day?
http://www.merunetworks.com/
Unlike most everything else mentioned here, they use a very novel approach that actually works, and scales. The challenge you've already run into is that every node on the network spends more time performing collision management than actually performing work. As things scale, this will get much, much, much worse.
Once you see their approach, you'll understand why the others suck in any non-trivial production.
The "non-transferable license agreement" that is included in typical software means it's time to invest heavily in Vehicle Storage technology...
So Sayeth Litchfield:
http://seclists.org/bugtraq/2005/Oct/56
'nuff said
There's nothing bad about it if you are of no merit.
For those who are... it's bad because carriers have no control of their infrastructure. It's bad because both the Chinese haxxors and the Russian mob have more control over that infrastructure than the carriers do. It's bad because the carriers have no accountability for their incompetence, negligence, or recklessness. It's bad because this package is trivial to hijack by an attacker - the attacker just needs to change some settings and then vanish. It's bad because the carriers have no incentive to stop the Russians and Chinese from farming you.
The carrier doesn't give two shits about why your phone died... there is no "customer support". If the phone dies, they either re-image or replace. Anything more will cost too much.
The carrier isn't the one who'd triage the dead phone, anyway. It's the $7.00/hr schmuck in the shopping mall who does. I hope to god THEY do not have access to this CIQ data.