I know of a case where numerous wintel-based ATM's got compromised by Nachi because they were years behind in patches. The vendor responsible for the ATM's? Diebold.
Sounds like the confidentiality & integrity of any data within this corporation should be called into question.
[For confidentiality purposes I can't name my source. It didn't make the news that I know of so I can't provide a link. Sorry.]
This does not bode well for the industry as a whole. Think about how many companies share Foundstone's silhouette - young company, killer app, grows fast from nothing - like netForensics, ISS, et. al.
In my experience as a security analyst, the industry is chock full 'o great products that large companies hesitate to invest in because they're not IBM, Symantec, or the like. Giving 6 digits of cash to a company that could concievably go under in a year is a hard sell on my boss's boss (who signs the contracts) - and with good reason. As a result, we're left with awesome support for products that aren't always the best (IBM), or worse yet, crappy products with no support from a big company (CA).
By doing this, Foundstone has hurt a good chunk of the industry holding some great products, and by association (albeit to a lesser extent) hurt end-users of security apps like me.
Competition from independant artists via the internet is not in their interests
I just had a thought... has anyone compared sales of Indie-label records over the past few years to those of RIAA-label records? The RIAA blames digital music and the internet directly, but consider this:
Napster, MP3's, KazAa, etc... expose more indie artists to a wider audience - this is indisputable. If Indie-label sales have increased, while RIAA-label sales have decreased, then MP3's are hurting the RIAA, but not because of illegal copying, as they claim. It would be due to the fact that more people are buying real music (from indipendent labels) as opposed to manufactured music.
I would love to see stats of indie-label sales compared to RIAA-label sales to see if this really is the case. If anyone has any data - PLEASE post!
**I'm a member of a small band that indipendently produces its own CD's, so this debate has always hit close to home for me**
It's important to remember that Kroger owns food stores other than "Kroger"-labeled stores. I'm not sure which other chains they own, but I know they're a nationwide company and I only seem to see "Kroger"-labeled stores in the Cincinnati / tri-state area. This is a very large company.
The test was only performed at sixty percent of full power since full power (40 kilowatts) wasn't available at this location. The system is actually capable of discharges of aproximately forty feet
I can see this causing brown outs if you do this in the local small town. Complete with stories of UFOs etc.
I seem to recall reading that the power company in Tesla's area refused to sell him electricity at one point, because he'd collapsed the grid a few times. Don't know how accurate that story (or my memory) is...
First off, according to SANS (guys that know more about security than most people), the hype of CodeRed is PRECISELY why it wasn't as damaging as it could have been.
Second, many of microsoft's shops, mine included, found themselves removing the mappings, etc... that exposed them to CodeRed, only to have MS's hostfixes unknowingly (undocumented, anyway) re-add them later on. THIS is what caused problems even at security-aware sites such as mine. And with hundreds of IIS servers, it's unreasonable to expect admin's to re-check each and every little change made since the system build to make sure every hotfix doesn't undo security settings. This is called THE VENDOR'S PROBLEM.
it's amazing how a globally distributed network...
on
Heart of the Net
·
· Score: 1
...can be so US-centric. Hel-lo!
The Net has become an economic and utilitarian rather than social, political or idealistic network.
Obviously you haven't set foot outside of the U.S. Ever. In developing and backward countries where people have no concept of "civil rights" and "freedom", the Net IS THE social, political, and idealistic outlet. Take China, for example. For the first time in half a century, people have found a public medium that they can voice dissent with their country's political views.
And yet you tell me it isn't social or political or idealistic. I say you're not opening your eyes and looking around much. The Net has, can, and hopefully WILL be this for millions worldwide who NEED it to be so.
Granted, you have to be using all the Altera stuff, but I understand that AHDL offers a lot of abstraction that is not possible with VHDL, and was recommended by all of my engineering professors in college (recent CPE grad), FWIW. This isn't my field of work, but everything I've read seems to indicate it's a fine PLC/FPGA language.
>Block all known VPN clients. These were sucking
>up tremendous amounts of bandwidth, since we
>are in a rural area and many people liked to
>telecommute using our service.
Oh yeah, this is smart. Did it ever occur to you or your management that many large companies... I'm thinking of one multibillion-dollar company (*cough*P&G*cough*) in particular... pay for thousands of their workers to work at home, generating millions of potential dollars in business to you and your ISP kindred? Isn't this exactly what you ISP's WANTED to happen?? Wired society! Dedicated connections! Never leave your home for anything! Yet now what you wanted is happening, and you're complaining about it. You're going back on what you claimed to deliver. I'm sorry, but you get NO sympathy for me. This is only one example of the broadband community as a whole totally dropping the ball.
Be careful what you wish for... you just may get it.
Maybe that's a good idea: let the technologists work it out. Was it a politician who developed the first firewall, IPSec, NIDS, etc.? I don't think so.
No, but I believe it was politicians that decided that ATM cells would have a payload of 48B. Why? Because the US wanted 64B payloads and Europe/Japan wanted 32B payloads. What was the compromise? the average: (64+32)/2=48B. Wow. Took a real genius to arbitrate that discussion. Morons.
While I do not support fining people who deploy sloppy software, or software with numerous security holes, I would like to see an interest-free software certification board formed strictly with security in mind. Such a board would not only certify software based on its code, but also the vendor's attitude towards security in general (designing security-friendly code, not feature-friendly code), and also its follow-up support (immediately addressing issues, releasing patches, etc.).
Another thing that would help GREATLY would be to push this up to an international level. We can do all we want to make the USA a happy-happy, joy-joy internet environment, but
it
don't
mean
jack.
The internet is GLOBAL, and as such the most effective solutions will be those developed at an international level. Push for a communications subcommittee in the UN to address international incidents. Apply pressure to foreign countries that are lax in cracking down on data security-related issues. France is currently one major target of complaints with the HUGE amount of scans that companies have seen from wanadoo.fr, yet neither the ISP nor the government seems concerned about it. Incidents.org has corroborated this traffic, and it is legit.
To summarize my comments: we need a way to globalize both data security issues and resolutions, as well as a certification board to offer a level of comfort to consumers that products won't be full of security holes. There are many other issues facing us out there, however I believe these two would be a HUGE step in the right direction and set the precedent for other issues to be addressed.
Althought I don't have a link, I know they've done this as far back as the first pentiums. If I recall correctly, this was the ONLY way they could get the very first [then] brand-spankin-new Pentium's to work.
I think I'll copy the impulse tone - used to generate h(t)->H(w) forming the basis of much of the wave theory I learned in my EE classes:). NOW YOU'RE ALL MINE!!! MWAHAHAHAHAHAHAHAHAHAHA!
(for those of you who may not know, an impulse signal is an infinitely short pulse containing ALL frequencies, and from it a frequency response h(t) can be determined to analyze how waves - electronic, sound, etc. - react to a circuit, system, or environment)
We're spending billions of dollars (a big chunk of our GDP) on national defense. And we never even use it! We shuffle our troops from base to base, sure, and we log our mileage and tally our days in service and hang our medals. But do we ever do anything productive? Do we ever kill anyone? Of course not.
Dude? Were you around for ANY of the cold war? We don't spend so much money on defense so we can kick peoples' asses. We spend the money so that we don't HAVE to kick peoples' asses. By being big and imposing, nobody's willing to challenge our INFINITE MILITARY MUSCLE (or so many would like to believe that's what it is). The point is, the reason the cold war never turned into a hot war is because we were so afraid of the Soviets AND they were so afraid of us. Of course nobody would ever DARE admit that at the time. I think Wesley Snipes in Crimson Tideputs it best:
In my opinion, in the nuclear world, the true enemy is war itself.
THAT'S why we'll never declare war on China, nor will they on us. 'Nuff said.
Slashdot Mirror
I know of a case where numerous wintel-based ATM's got compromised by Nachi because they were years behind in patches. The vendor responsible for the ATM's? Diebold. Sounds like the confidentiality & integrity of any data within this corporation should be called into question. [For confidentiality purposes I can't name my source. It didn't make the news that I know of so I can't provide a link. Sorry.]
This does not bode well for the industry as a whole. Think about how many companies share Foundstone's silhouette - young company, killer app, grows fast from nothing - like netForensics, ISS, et. al.
In my experience as a security analyst, the industry is chock full 'o great products that large companies hesitate to invest in because they're not IBM, Symantec, or the like. Giving 6 digits of cash to a company that could concievably go under in a year is a hard sell on my boss's boss (who signs the contracts) - and with good reason. As a result, we're left with awesome support for products that aren't always the best (IBM), or worse yet, crappy products with no support from a big company (CA).
By doing this, Foundstone has hurt a good chunk of the industry holding some great products, and by association (albeit to a lesser extent) hurt end-users of security apps like me.
Competition from independant artists via the internet is not in their interests
I just had a thought... has anyone compared sales of Indie-label records over the past few years to those of RIAA-label records? The RIAA blames digital music and the internet directly, but consider this:
Napster, MP3's, KazAa, etc... expose more indie artists to a wider audience - this is indisputable. If Indie-label sales have increased, while RIAA-label sales have decreased, then MP3's are hurting the RIAA, but not because of illegal copying, as they claim. It would be due to the fact that more people are buying real music (from indipendent labels) as opposed to manufactured music.
I would love to see stats of indie-label sales compared to RIAA-label sales to see if this really is the case. If anyone has any data - PLEASE post!
**I'm a member of a small band that indipendently produces its own CD's, so this debate has always hit close to home for me**
It's important to remember that Kroger owns food stores other than "Kroger"-labeled stores. I'm not sure which other chains they own, but I know they're a nationwide company and I only seem to see "Kroger"-labeled stores in the Cincinnati / tri-state area. This is a very large company.
The test was only performed at sixty percent of full power since full power (40 kilowatts) wasn't available at this location. The system is actually capable of discharges of aproximately forty feet
I can see this causing brown outs if you do this in the local small town. Complete with stories of UFOs etc.
I seem to recall reading that the power company in Tesla's area refused to sell him electricity at one point, because he'd collapsed the grid a few times. Don't know how accurate that story (or my memory) is...
First off, according to SANS (guys that know more about security than most people), the hype of CodeRed is PRECISELY why it wasn't as damaging as it could have been.
Second, many of microsoft's shops, mine included, found themselves removing the mappings, etc... that exposed them to CodeRed, only to have MS's hostfixes unknowingly (undocumented, anyway) re-add them later on. THIS is what caused problems even at security-aware sites such as mine. And with hundreds of IIS servers, it's unreasonable to expect admin's to re-check each and every little change made since the system build to make sure every hotfix doesn't undo security settings. This is called THE VENDOR'S PROBLEM.
...can be so US-centric. Hel-lo!
The Net has become an economic and utilitarian rather than social, political or idealistic network.
Obviously you haven't set foot outside of the U.S. Ever. In developing and backward countries where people have no concept of "civil rights" and "freedom", the Net IS THE social, political, and idealistic outlet. Take China, for example. For the first time in half a century, people have found a public medium that they can voice dissent with their country's political views.
And yet you tell me it isn't social or political or idealistic. I say you're not opening your eyes and looking around much. The Net has, can, and hopefully WILL be this for millions worldwide who NEED it to be so.
hands-free pr0n
Granted, you have to be using all the Altera stuff, but I understand that AHDL offers a lot of abstraction that is not possible with VHDL, and was recommended by all of my engineering professors in college (recent CPE grad), FWIW. This isn't my field of work, but everything I've read seems to indicate it's a fine PLC/FPGA language.
>Block all known VPN clients. These were sucking
>up tremendous amounts of bandwidth, since we
>are in a rural area and many people liked to
>telecommute using our service.
Oh yeah, this is smart. Did it ever occur to you or your management that many large companies... I'm thinking of one multibillion-dollar company (*cough*P&G*cough*) in particular... pay for thousands of their workers to work at home, generating millions of potential dollars in business to you and your ISP kindred? Isn't this exactly what you ISP's WANTED to happen?? Wired society! Dedicated connections! Never leave your home for anything! Yet now what you wanted is happening, and you're complaining about it. You're going back on what you claimed to deliver. I'm sorry, but you get NO sympathy for me. This is only one example of the broadband community as a whole totally dropping the ball.
Be careful what you wish for... you just may get it.
Maybe that's a good idea: let the technologists work it out. Was it a politician who developed the first firewall, IPSec, NIDS, etc.? I don't think so.
No, but I believe it was politicians that decided that ATM cells would have a payload of 48B. Why? Because the US wanted 64B payloads and Europe/Japan wanted 32B payloads. What was the compromise? the average: (64+32)/2=48B. Wow. Took a real genius to arbitrate that discussion. Morons.
While I do not support fining people who deploy sloppy software, or software with numerous security holes, I would like to see an interest-free software certification board formed strictly with security in mind. Such a board would not only certify software based on its code, but also the vendor's attitude towards security in general (designing security-friendly code, not feature-friendly code), and also its follow-up support (immediately addressing issues, releasing patches, etc.).
Another thing that would help GREATLY would be to push this up to an international level. We can do all we want to make the USA a happy-happy, joy-joy internet environment, but
it
don't
mean
jack.
The internet is GLOBAL, and as such the most effective solutions will be those developed at an international level. Push for a communications subcommittee in the UN to address international incidents. Apply pressure to foreign countries that are lax in cracking down on data security-related issues. France is currently one major target of complaints with the HUGE amount of scans that companies have seen from wanadoo.fr, yet neither the ISP nor the government seems concerned about it. Incidents.org has corroborated this traffic, and it is legit.
To summarize my comments: we need a way to globalize both data security issues and resolutions, as well as a certification board to offer a level of comfort to consumers that products won't be full of security holes. There are many other issues facing us out there, however I believe these two would be a HUGE step in the right direction and set the precedent for other issues to be addressed.
Althought I don't have a link, I know they've done this as far back as the first pentiums. If I recall correctly, this was the ONLY way they could get the very first [then] brand-spankin-new Pentium's to work.
I think I'll copy the impulse tone - used to generate h(t)->H(w) forming the basis of much of the wave theory I learned in my EE classes :). NOW YOU'RE ALL MINE!!! MWAHAHAHAHAHAHAHAHAHAHA!
(for those of you who may not know, an impulse signal is an infinitely short pulse containing ALL frequencies, and from it a frequency response h(t) can be determined to analyze how waves - electronic, sound, etc. - react to a circuit, system, or environment)
We're spending billions of dollars (a big chunk of our GDP) on national defense. And we never even use it! We shuffle our troops from base to base, sure, and we log our mileage and tally our days in service and hang our medals. But do we ever do anything productive? Do we ever kill anyone? Of course not.
Dude? Were you around for ANY of the cold war? We don't spend so much money on defense so we can kick peoples' asses. We spend the money so that we don't HAVE to kick peoples' asses. By being big and imposing, nobody's willing to challenge our INFINITE MILITARY MUSCLE (or so many would like to believe that's what it is). The point is, the reason the cold war never turned into a hot war is because we were so afraid of the Soviets AND they were so afraid of us. Of course nobody would ever DARE admit that at the time. I think Wesley Snipes in Crimson Tideputs it best:
In my opinion, in the nuclear world, the true enemy is war itself.
THAT'S why we'll never declare war on China, nor will they on us. 'Nuff said.
akad0nric0