Congress loves to pass laws regarding "cyber security" without understanding a thing about it. Forget that most attacks are through compromised devices anymore, or via cloud hosts. Most companies that get "hacked" are that way due to poor security in the first place. To think they would be smart enough or robust enough to turn around and hack the people who hacked them, is pure stupidity. Recall that FISMA was suppose to stop the government PC's and networks from being hacked, but it did not, nor did it stop stolen devices from being compromised. SIPR and NIPR were suppose to be separate, but in many cases they run on the same network gear. Congress should get a real CISO in there, to help teach them what security is, before they try anymore laws regarding it.
Wow. If they want me to go see movies more, then make the cost be reasonable and less confusing for people to pick where to go.
For example, in my area, there are 5 AMC theaters close by. Each one has at least 4 ways to see movies, some have 6. On their site, its hard to tell sometimes what the difference is, other than 2 are for 3D movies and 2 are for "regular" (or 3 and 3 for the 6 theater). So I decide I want to see the noon showing of movie X. That used to be a lower cost. Nope, not anymore that is now $10 for cheap / lowest end viewing. You want Atmos (spelling?) sound, that is $15. IMAX is $17. Real 3D is $17.50 and IMAX 3D is $18.50. This does not cound the new GDX or 4K that they are offering....
Oh you want a 32 oz drink, that is $10....
So for me to see the cheap movie X, I am out $25 right off the bat. Oh but wait, you have a new fee (they did get new reserved seating) which is $1.50 per seat, and you have to pay 9% tax on all three items (movie, drink, and seat fee), since the local market hits you with 2% more for "entertainment" and "food". So its almost $30.
Easier to wait, and go big, buying the Bluray/DVD/Digital copy, and still save money.
Last year, before all the theaters upgraded, we were able to see a movie for $5, and get a soda for $5 (still a little high, but that is at least bearable).
Your post was good and well defined. So the question I pose to you, what if the women seeking services are NOT in fact Christians or of the same faith as you? Most of the debates I have heard are how "God would not want this", which means that non-Christians are having Christian beliefs forced upon them. In this nation of freedom to believe what ever religious ways you wish, at what point do we stop using a book for force views upon others??
By that same token, using the book to say "This is God's will" (or other similar statement) begs the alternative questions. IF its God's will and we are created by him to fulfill his desires, why did he not prevent the creation of abortion? Why does he not just stop the process from working?
Actually, I understand exactly what a Search Head cluster (put it behind a Load Balancer to handle the traffic, not the DNS round robin) with multiple Search Heads does. It allows you to share all your user load over several servers, which does help performance, when some people are doing huge searches and some just want to watch a dashboard. Beyond that, not everyone understands that separating your apps over multiple search heads actually helps as well. DBConnect for instance, if you have that on a SH with some other apps, you have a lot of back end work, which will lower your performance. Of course, using Heavy Forwarders to gather data and do some preparsing helps even better.
Having used numerous other SIEM or Log aggregation tools on the market over the last 10 years, I can say that Splunk does scale better than any other commercial SIEM. It also allows you to take any data feed and get results and mappings faster with a lot less work. But just as with any other SIEM, you have to plan out your install and run before you build it or you will kill your performance.
You also have to understand the search formatting. The order of things like Deduping data (or using the NOT perm in a search) matters with Splunk, and affects your performance big time.
As for your statement "Here you are talking about separating search-heads from indexers and you should know that most customers already have small clusters with that separation, and yes performance still sucks." This is contrary to what I have heard. Of the people I know who run Splunk, many did not separate out their install until a year or so into the install. This I think is a failing of the Splunk documentation for real world load. Once you go beyond the 10 gig a day license you MUST separate the servers to keep performance higher. Just like how you should not put ES and the PCI app on the same server (even though its supported)
The SIEMs that use a SQL backend (like LogRhythm) cannot return data as fast as Splunk, nor are they are versatile in allowing searches.
It seems you do not understand how Splunk runs entirely. Running the same searches over and over does nothing to improve performance. Its when you "accelerate" them or add them to a summary index that speeds it up. In a VERY real world environment, I search millions of records many times an hour, depending on what I am looking for or the request I get, Some of these are even over several (or all) of my indexes. Currently my install averages 130 million records a day, from about 15 different source feeds (with many source types per, such as Network gear). When I run some monthly data that is a LOT of records, which pulls in minutes or less.
I would suggest reviewing your SOW with their professional services and asking them to build you out a Index and Search Head cluster. Heck even just separating the search head and indexes to separate servers will improve your performance.
Sounds like you do not have your build setup correctly. If you scale out Splunk correctly, 3 8 core / 8 gig of ram boxes in a Search head cluster, can pull MILLIONS of records in seconds. We went from 2 indexers and one search head, to a Index cluster and Search head cluster, and noticed a 1000% increase in performance. Also pulling in billions of log records a day with no issues. All of our indexers are recycled servers that were EOL.
Um, but WoW has been going for over 10 years, and still have a higher number of players than any other MMO out there. Most MMO's still wish they were even a fraction of successful as WoW.
This is the first big name AR game, and I am guessing that it will get better, and be copied, just like WoW was.
It would definitely be harder to show that you were innocent if the VPN service is in your name. While not impossible for someone to hijack a VPN connection, My personal opinion is that such an argument without proof would be an uphill battle in court. Note: I am not a lawyer.
So, having been to court many times, both with a lawyer and acting Pro Se, I can assure you that (in civil court at least), it HAS to be proven that it was actually YOU who did it. A log by itself is not enough.
What I mean by this, a cell phone in my name, could be left on the counter and a child could have used it to make a phone call. While that is my phone and in my name, no one witnessed the call, and the log file cannot attest to it having been me make that call
Not sure about criminal court, but the rules of evidence are the same, so would have to assume that someone would have to witness you doing it or provide attestation that it was truly you. Which would be hard in this case
I'm a Network Engineer and I have worked in the I.T. field for 30 years. I specialize in computer forensics.
This is completely correct. In this age of cyber attacks, malware, ransomware, viruses, and hacks, it is very common for somebody else to seize control over a computer remotely and make your computer do things without your noticing it or leaving any trace.
Anybody ever accused of such a crime, should remember that a vast majority of cases depends on an admission of guilt. a VAST majority. In fact, the only ones that don't are the few cases with absolute no doubt, rock solid evidence of who was "driving", and what they were doing, and that only happens if a person is completely stupid.
FYI, a VPN connection, provides proof that YOU were the person driving since it's password protected and paid for with your credit card.
Really, a VPN connection can only be established by you?
Yet if someone else already has access and control of your pc, likely with a keylogger on the pc, what stops them from using the VPN as you? Nothing, that is what.
Maybe cut down on the government waste and actually train the FBI agents better? How many things did they know about in advance and say "Hey this guy is alright" or "Well we should wait till we can get more of the bigger fish through this guy"
DDOS and actual hacking are not the same thing. Therefore your message is wrong. No one cares if you DDOS Trump or Clinton, will not even make the news.....
Then what would you call the civil war? Was that "legal" as well? Or the fight for our independence where we threw off our government overloads? In both cases many more people were wounded and killed in one day. While I find what happened to be horrible, I cannot understand someone saying it was the worst mass shooting in US history (Heard it both US History and in "recent" history)
Oh, also forgot, I use some Marcos to merge several CSV files into one document at work in Excel, then put the outcome into Pivot Charts, Libre did not support them yet. Perhaps one day they can do all of this, but I do not believe that all users of Excel use complex formulas or Macros, so I could be in that 10% or so, that uses spreadsheets for more than basic expense reports.
Well, I cannot comment for the AC, but I agree that the Ribbon has not really changed since it was introduced.
As for Excel, I use it to do some calendars and cost tracking at home and user several functions to auto fill cells based on numerous other cells. The last time I tried Libre, it could not use some of the formulas that had 15 or 16 IF statements in one line. (Think of calculating base cost of something, based on what was used in its build. Where it looks at cost of packaging (which was a formula itself), cost of casing (which was a formula from another sheet), cost of hardware used (Could be one piece or 20), etc.) All this while tracking the part numbers used in each item. Libre could not do that, but Excel could.
I believe that Backdoor is accurate, after reading the story and link to Cisco's Talos labs. This application created a way for the software dev to push ads and software to your PC, without your knowledge. AND to bypass local AV to do it.
I am at a loss, since it said in one report she received Top Secret emails. IF they were classified as Top Secret, then they would have to be on the SIPRNET, which cannot email NIPRNET or the Internet. So if that is the case, HOW did the emails get to her own server on the internet?
If she was sending, and they were classified as Top Secret, who did she send to the SIPRNET?
Not condoning her actions or anything else supporting or bashing her. I am merely curious how this connection worked, since they are defied as to NOT be connected.
Oh I read your comment. Have you not been listening to the news. The latest statement by the government staff was that "TOP Secrect and Classified emails where FORWARDED to Mrs. Clinton's personal server" Forget the retyping, which is something that government staff is trained NOT to go. So I guess we are at a spot, do we believe the Government official that stated they were forwarded and not retyped, OR do we not believe anything they say, which means that she did not in fact get this material. Either way, this story is lacking in details, rules were broken by more than her, yet she is the scapegoat and the OPM breach is swept under the rug.
The story says the email was "Forwarded" to her. Not a new typed email. Again, my point is that the Government network is not setup to follow their own rules, and that the issue is larger than Mrs. Clinton. She is a scapegoat to hide that fact. Have you not noticed that the last OPM breach new coverage went away as soon as this came up? Rather than fix the issue, hide it. Its what they do best.
Slashdot Mirror
Congress loves to pass laws regarding "cyber security" without understanding a thing about it. Forget that most attacks are through compromised devices anymore, or via cloud hosts. Most companies that get "hacked" are that way due to poor security in the first place. To think they would be smart enough or robust enough to turn around and hack the people who hacked them, is pure stupidity. Recall that FISMA was suppose to stop the government PC's and networks from being hacked, but it did not, nor did it stop stolen devices from being compromised. SIPR and NIPR were suppose to be separate, but in many cases they run on the same network gear. Congress should get a real CISO in there, to help teach them what security is, before they try anymore laws regarding it.
Wow. If they want me to go see movies more, then make the cost be reasonable and less confusing for people to pick where to go.
For example, in my area, there are 5 AMC theaters close by. Each one has at least 4 ways to see movies, some have 6. On their site, its hard to tell sometimes what the difference is, other than 2 are for 3D movies and 2 are for "regular" (or 3 and 3 for the 6 theater). So I decide I want to see the noon showing of movie X. That used to be a lower cost. Nope, not anymore that is now $10 for cheap / lowest end viewing. You want Atmos (spelling?) sound, that is $15. IMAX is $17. Real 3D is $17.50 and IMAX 3D is $18.50. This does not cound the new GDX or 4K that they are offering....
Oh you want a 32 oz drink, that is $10....
So for me to see the cheap movie X, I am out $25 right off the bat. Oh but wait, you have a new fee (they did get new reserved seating) which is $1.50 per seat, and you have to pay 9% tax on all three items (movie, drink, and seat fee), since the local market hits you with 2% more for "entertainment" and "food". So its almost $30.
Easier to wait, and go big, buying the Bluray/DVD/Digital copy, and still save money.
Last year, before all the theaters upgraded, we were able to see a movie for $5, and get a soda for $5 (still a little high, but that is at least bearable).
Your post was good and well defined. So the question I pose to you, what if the women seeking services are NOT in fact Christians or of the same faith as you? Most of the debates I have heard are how "God would not want this", which means that non-Christians are having Christian beliefs forced upon them. In this nation of freedom to believe what ever religious ways you wish, at what point do we stop using a book for force views upon others??
By that same token, using the book to say "This is God's will" (or other similar statement) begs the alternative questions. IF its God's will and we are created by him to fulfill his desires, why did he not prevent the creation of abortion? Why does he not just stop the process from working?
In other news. Paid Analyst makes up numbers to help improve Apple's stock and further drop the price on Samsung stock........
Actually, I understand exactly what a Search Head cluster (put it behind a Load Balancer to handle the traffic, not the DNS round robin) with multiple Search Heads does. It allows you to share all your user load over several servers, which does help performance, when some people are doing huge searches and some just want to watch a dashboard. Beyond that, not everyone understands that separating your apps over multiple search heads actually helps as well. DBConnect for instance, if you have that on a SH with some other apps, you have a lot of back end work, which will lower your performance. Of course, using Heavy Forwarders to gather data and do some preparsing helps even better.
Having used numerous other SIEM or Log aggregation tools on the market over the last 10 years, I can say that Splunk does scale better than any other commercial SIEM. It also allows you to take any data feed and get results and mappings faster with a lot less work. But just as with any other SIEM, you have to plan out your install and run before you build it or you will kill your performance.
You also have to understand the search formatting. The order of things like Deduping data (or using the NOT perm in a search) matters with Splunk, and affects your performance big time.
As for your statement "Here you are talking about separating search-heads from indexers and you should know that most customers already have small clusters with that separation, and yes performance still sucks." This is contrary to what I have heard. Of the people I know who run Splunk, many did not separate out their install until a year or so into the install. This I think is a failing of the Splunk documentation for real world load. Once you go beyond the 10 gig a day license you MUST separate the servers to keep performance higher. Just like how you should not put ES and the PCI app on the same server (even though its supported)
The SIEMs that use a SQL backend (like LogRhythm) cannot return data as fast as Splunk, nor are they are versatile in allowing searches.
It seems you do not understand how Splunk runs entirely. Running the same searches over and over does nothing to improve performance. Its when you "accelerate" them or add them to a summary index that speeds it up. In a VERY real world environment, I search millions of records many times an hour, depending on what I am looking for or the request I get, Some of these are even over several (or all) of my indexes. Currently my install averages 130 million records a day, from about 15 different source feeds (with many source types per, such as Network gear). When I run some monthly data that is a LOT of records, which pulls in minutes or less.
I would suggest reviewing your SOW with their professional services and asking them to build you out a Index and Search Head cluster. Heck even just separating the search head and indexes to separate servers will improve your performance.
Sounds like you do not have your build setup correctly. If you scale out Splunk correctly, 3 8 core / 8 gig of ram boxes in a Search head cluster, can pull MILLIONS of records in seconds. We went from 2 indexers and one search head, to a Index cluster and Search head cluster, and noticed a 1000% increase in performance. Also pulling in billions of log records a day with no issues. All of our indexers are recycled servers that were EOL.
This sounds interesting, but what about the growing number of people are allergic to Soy? They sure could not consume this.
Water Pistol emoji's with poison do...... damn you Apple and your poisonous ways.....
Um, but WoW has been going for over 10 years, and still have a higher number of players than any other MMO out there. Most MMO's still wish they were even a fraction of successful as WoW.
This is the first big name AR game, and I am guessing that it will get better, and be copied, just like WoW was.
It would definitely be harder to show that you were innocent if the VPN service is in your name. While not impossible for someone to hijack a VPN connection, My personal opinion is that such an argument without proof would be an uphill battle in court. Note: I am not a lawyer.
So, having been to court many times, both with a lawyer and acting Pro Se, I can assure you that (in civil court at least), it HAS to be proven that it was actually YOU who did it. A log by itself is not enough.
What I mean by this, a cell phone in my name, could be left on the counter and a child could have used it to make a phone call. While that is my phone and in my name, no one witnessed the call, and the log file cannot attest to it having been me make that call
Not sure about criminal court, but the rules of evidence are the same, so would have to assume that someone would have to witness you doing it or provide attestation that it was truly you. Which would be hard in this case
Another good point.
I believe AC not to be as good a computer forensics expert as he claims.
Once your PC is compromised, nothing can be assured on it, that it is done by the user at the keyboard versus some other malicious actor.
I'm a Network Engineer and I have worked in the I.T. field for 30 years. I specialize in computer forensics.
This is completely correct. In this age of cyber attacks, malware, ransomware, viruses, and hacks, it is very common for somebody else to seize control over a computer remotely and make your computer do things without your noticing it or leaving any trace.
Anybody ever accused of such a crime, should remember that a vast majority of cases depends on an admission of guilt. a VAST majority. In fact, the only ones that don't are the few cases with absolute no doubt, rock solid evidence of who was "driving", and what they were doing, and that only happens if a person is completely stupid.
FYI, a VPN connection, provides proof that YOU were the person driving since it's password protected and paid for with your credit card.
Really, a VPN connection can only be established by you?
Yet if someone else already has access and control of your pc, likely with a keylogger on the pc, what stops them from using the VPN as you? Nothing, that is what.
Maybe cut down on the government waste and actually train the FBI agents better? How many things did they know about in advance and say "Hey this guy is alright" or "Well we should wait till we can get more of the bigger fish through this guy"
Shhhhh, do not mock the FBI here, they could be spying on all of us talking about the F up, again.
Ah true. Then he would say that he is really really rich, and can afford it.
DDOS and actual hacking are not the same thing. Therefore your message is wrong. No one cares if you DDOS Trump or Clinton, will not even make the news.....
Then what would you call the civil war? Was that "legal" as well? Or the fight for our independence where we threw off our government overloads? In both cases many more people were wounded and killed in one day. While I find what happened to be horrible, I cannot understand someone saying it was the worst mass shooting in US history (Heard it both US History and in "recent" history)
Oh, also forgot, I use some Marcos to merge several CSV files into one document at work in Excel, then put the outcome into Pivot Charts, Libre did not support them yet. Perhaps one day they can do all of this, but I do not believe that all users of Excel use complex formulas or Macros, so I could be in that 10% or so, that uses spreadsheets for more than basic expense reports.
Well, I cannot comment for the AC, but I agree that the Ribbon has not really changed since it was introduced. As for Excel, I use it to do some calendars and cost tracking at home and user several functions to auto fill cells based on numerous other cells. The last time I tried Libre, it could not use some of the formulas that had 15 or 16 IF statements in one line. (Think of calculating base cost of something, based on what was used in its build. Where it looks at cost of packaging (which was a formula itself), cost of casing (which was a formula from another sheet), cost of hardware used (Could be one piece or 20), etc.) All this while tracking the part numbers used in each item. Libre could not do that, but Excel could.
I believe that Backdoor is accurate, after reading the story and link to Cisco's Talos labs. This application created a way for the software dev to push ads and software to your PC, without your knowledge. AND to bypass local AV to do it.
I'm not a writer, I'm a typoist.
Why are you on Slashdot? Go finish the next novel in the Lacuna saga. Been too long since the last one. :-)
Oh, please and thank you. :-)
I am at a loss, since it said in one report she received Top Secret emails. IF they were classified as Top Secret, then they would have to be on the SIPRNET, which cannot email NIPRNET or the Internet. So if that is the case, HOW did the emails get to her own server on the internet? If she was sending, and they were classified as Top Secret, who did she send to the SIPRNET? Not condoning her actions or anything else supporting or bashing her. I am merely curious how this connection worked, since they are defied as to NOT be connected.
Oh I read your comment. Have you not been listening to the news. The latest statement by the government staff was that "TOP Secrect and Classified emails where FORWARDED to Mrs. Clinton's personal server" Forget the retyping, which is something that government staff is trained NOT to go. So I guess we are at a spot, do we believe the Government official that stated they were forwarded and not retyped, OR do we not believe anything they say, which means that she did not in fact get this material. Either way, this story is lacking in details, rules were broken by more than her, yet she is the scapegoat and the OPM breach is swept under the rug.
The story says the email was "Forwarded" to her. Not a new typed email. Again, my point is that the Government network is not setup to follow their own rules, and that the issue is larger than Mrs. Clinton. She is a scapegoat to hide that fact. Have you not noticed that the last OPM breach new coverage went away as soon as this came up? Rather than fix the issue, hide it. Its what they do best.