What do we do if the Tamper tape gets ripped?
So you mean if I am a poll worker who tends to vote for party A, and I know that I work in a precinct that predominately favors party B, All I have to do is wait until no one is looking, (except people who I like or can pay off) and rip that tamper tape slightly. Bingo! I have just disenfranchised hundreds of voters, a majority of whom voted in a way that I don't approve. Good Idea, tamper tape. They didn't think that one through very carefully did they?
This is probably a bit thick for most people, but the point is that it just isn't cut and dry. It's like comparing an X86 processor with a RISC processor on MHz alone.
Besides RSA Security, other companies analysts lump into Certicom's peer group include Symantec Corp, Check Point Software, VeriSign Inc., Gemplus Interntional, SafeNet Inc., Netegrity Inc. and Entrust Inc. However, none of them work directly with patented ECC-related technology.
The link above disproves that as well.
Also, the article says.
A much smaller 224-bit ECC key offers the same level of encryption as 2048-bit key in the competing RSA format. In other words, a company would need 16 times stronger encryption to get the same level of protection that Certicom offers in the ECC format.
I'm not sure, but does that make sense? I don't think it does. If they mean a key length that is 16 times longer, that doesn't make sense either as the algorithms are completely different.
This really does read like a Certicom PR piece too. 3 strikes your out Toronto Star!
Actually the Dated....sorry I mean Digital Encrytpion Standard has become fairly insecure, so most people now use 3DES or RC5. AES will be the next iteration with some people choosing twofish as an alternative. Nice to have several to choose from.
I guess you didn't notice the recent GAO Report which tells us that the DoD PKI has issued over 9 million certificates. I am not saying it works well, but it does work on large scale. Frankly PKI really isn't cost effective for smaller companies either. It is the larger companies and governments that benefit the most in my opinion. Reason: initial setup costs can be high, unless you are willing to outsource your security, a decision that I personally frown on (but that is another discussion).
Another thing: EPM is probably not the best idea for providing a legal signature that is meant to last for the life of a long term legal document such as a 30 year lease, or a passport (10 years in the U.S.). The reason is that in 30 years the algorithms used to perform the digital signature will be easily defeated, thus making that signature easily forgeable. EPM's best use is as a certification that a document was sent by person X at time Y and that it hasn't changed since it was signed. This would also have value in financial transactions that are short lived in nature, but not with transactions that need verifiability over any long period of time.
The comparison to a postmark is a bit anomalous as someone else pointed out, because while a postmark does attest to a certain date and time of stamp cancellation, it does not assert the identity of the sender. It does attest to the originating location of the letter, which EPM does not do.
Lastly, I find the prospect of E.M.P. in the hands of postal workers to be a frightening prospect and...OH E-P-M....
To start with, Gartner estimates 70% so I guess I was being a little conservative.
To finish with, it sounds like you really have done some homework. Originally, when you threw that comment out it sounded like you were just saying that if it isn't on the internet it will be secure. That of course is simply not true, as you are clearly well aware.
"I work in health care, and with HIPAA coming into effect, we've been moving a substantial part of our network off the internet -- if there's no physical connection, we can't get hacked. "
Oh really? Something like 60% of breaches are internal. What are you going to do now? Put everyone on their own separate network? We are going to see a lot of medical data stolen since Bush took the teeth out of the HIPAA requirements.
But in a 2002 survey of Internet address buyers, VeriSign found that 87 percent of them were familiar with the name "Network Solutions" and could identify it as a domain name seller, while few recognized the name "VeriSign,"
I find this hard to believe. I mean I have read several articles about Verisign's DNS in mainstream press much less technical type publications. I think that Verisign either got screwed on that poll, or they are lying to provide a justification for the switch.
i.e. people who like Lou Reed tend to like Bob Nobody, whatever. Like everything else, the problem is the start-up and organization Yes but if your idea gains enough popularity, then the whole thing could survive off of investment capital and massive expansion. You could operate at a loss almost indefinitely. Oh wait, that's Amazon.
Maybe it is not so much ironic as causitive:
Maybe the obscure nature of his work led him to the conclusion that he could be writing just about anything and no one would notice because they don't really understand it. Sort of like sheep reading Nietsche. So he decided to see if it was true. It even sounds like a bar conversation.
Sokal: "Look at this reviewer comment! he doesn't understand anything. Why I bet I could write that lattices are more stable when roses are growing on them and they wouldn't bat an eye."
Sokal's drinking buddy: "Aw come on, they're not that bad."
Sokal: Hmmm...
One of the biggest problems I have with IQ tests such as Weschler and Stanford-Binet is that they are cuturally biased. For instance, they use knowledge of vocabulary and comprehension as metrics. An example question from the Weschler page: "Describe how the following pair of words are alike or the same--hamburger and pizza." A correct response would be "Both are things to eat."
Well what if I am a vegetarian from new Dehli? Would you have known the answer if I had said Pakora and Naan?
Bounties and cracking contests are complete snake oil
I thought that was called "putting your money where your mouth is". I am not denying that there is a strong publicity aspect to them, but contests do give a security company some credibility. Do you think that the type of folks who appear in Bruce Schneier's doghouse would run a contest? Of course not. Contest runners are saying, 'give us your best shot, so that we can all learn from it.' It doesn't hurt that they get publicity, but to me that simply makes it a win-win situation for all the participants.
The American Civil War was fought over state sovereignty, not emancipation. That's not what the most recent news report that I read said. Here is a reprint:
Civil War Historians Posit 'You Had To Be There' Theory
ATLANTA--After years of conflicting approaches to interpreting the Civil War, a coalition of historians on Tuesday posited the non-specific theory that "you had to be there" to fully understand the complexities of the war. "It's not just a matter of 'Were the Southern forces as confident and dedicated as their Northern counterparts?' or 'Was Gettysburg the turning point?'" said conference chairman Shelby Foote. "The whole gist of the war is just hard to really get unless, you know, you were there and saw it happen." The coalition also advanced a theory that the Great Migration, wherein one million African-Americans moved to northern cities between 1915 and 1920, was "a black thing."
I disagree. CmdrTaco's story selection is completely objective, and the anonymous reader's story submission is very well balanced. Now where did I put the rest of that acid. Welcome to Slashdot.
No offense intended, but/. is not a forum for bug reports in security/software systems
So are you saying that brand new, and critical information about a widely used software system does not qualify as "News for Nerds?" Hmmmm.
Is that like condesing this: "Microsoft has told him that it plans eventually to eliminate..."
to this: "Microsoft has told...that it plans eventually to eliminate..." ?
Clever poster saved two whole spaces!
Poor chrisd is having a bad day. More coffee chrisd!
Agreed. We don't even have a complete picture of our own planet's ecology from 3.5 million years ago.
It is worth studying the unique Andean environment anyway, simply because it is there, so I suppose if they have to use BS like this to get the grant, I will excuse it. I just hope that they keep their focus broad.
Also, I am a little concerned that they intend to dive into the frigid lake to collect water and sediment samples. Doesn't this introduce danger and contamination to the ecosystem that they are trying to study? They should realize this considering that they admit that Perhaps humans - either the Incas in the distant past, or recreational mountain climbers more recently - introduced life to the lake in the first place. I just hope that they take the kinds of precautions that were taken at Lechiguilla where they also are drawing analogies to the Martian ecosystem.
If the alcohol is purer it becomes "undenatured" meaning that you can drink it and you have to tax it. Ethanol used in fuels and solvents is generally "denatured" meaning there is some poison crap in there and therefore it is not subject to liquor taxes, making it economically attractive.
Slashdot Mirror
What do we do if the Tamper tape gets ripped? So you mean if I am a poll worker who tends to vote for party A, and I know that I work in a precinct that predominately favors party B, All I have to do is wait until no one is looking, (except people who I like or can pay off) and rip that tamper tape slightly. Bingo! I have just disenfranchised hundreds of voters, a majority of whom voted in a way that I don't approve. Good Idea, tamper tape. They didn't think that one through very carefully did they?
This is probably a bit thick for most people, but the point is that it just isn't cut and dry. It's like comparing an X86 processor with a RISC processor on MHz alone.
Also, the article says: The link above disproves that as well. Also, the article says
This really does read like a Certicom PR piece too. 3 strikes your out Toronto Star!
Actually the Dated....sorry I mean Digital Encrytpion Standard has become fairly insecure, so most people now use 3DES or RC5. AES will be the next iteration with some people choosing twofish as an alternative. Nice to have several to choose from.
I guess you didn't notice the recent GAO Report which tells us that the DoD PKI has issued over 9 million certificates. I am not saying it works well, but it does work on large scale. Frankly PKI really isn't cost effective for smaller companies either. It is the larger companies and governments that benefit the most in my opinion. Reason: initial setup costs can be high, unless you are willing to outsource your security, a decision that I personally frown on (but that is another discussion).
Another thing: EPM is probably not the best idea for providing a legal signature that is meant to last for the life of a long term legal document such as a 30 year lease, or a passport (10 years in the U.S.). The reason is that in 30 years the algorithms used to perform the digital signature will be easily defeated, thus making that signature easily forgeable. EPM's best use is as a certification that a document was sent by person X at time Y and that it hasn't changed since it was signed. This would also have value in financial transactions that are short lived in nature, but not with transactions that need verifiability over any long period of time.
The comparison to a postmark is a bit anomalous as someone else pointed out, because while a postmark does attest to a certain date and time of stamp cancellation, it does not assert the identity of the sender. It does attest to the originating location of the letter, which EPM does not do.
Lastly, I find the prospect of E.M.P. in the hands of postal workers to be a frightening prospect and...OH E-P-M....
To start with, Gartner estimates 70% so I guess I was being a little conservative.
To finish with, it sounds like you really have done some homework. Originally, when you threw that comment out it sounded like you were just saying that if it isn't on the internet it will be secure. That of course is simply not true, as you are clearly well aware.
"I work in health care, and with HIPAA coming into effect, we've been moving a substantial part of our network off the internet -- if there's no physical connection, we can't get hacked. " Oh really? Something like 60% of breaches are internal. What are you going to do now? Put everyone on their own separate network? We are going to see a lot of medical data stolen since Bush took the teeth out of the HIPAA requirements.
Hmmm, there are 2600 schools in the Kerala school district according to that memo. Coincidence? I think not! poof! (disappears in a puff of logic)
i.e. people who like Lou Reed tend to like Bob Nobody, whatever. Like everything else, the problem is the start-up and organization
Yes but if your idea gains enough popularity, then the whole thing could survive off of investment capital and massive expansion. You could operate at a loss almost indefinitely. Oh wait, that's Amazon.
Maybe it is not so much ironic as causitive:
Maybe the obscure nature of his work led him to the conclusion that he could be writing just about anything and no one would notice because they don't really understand it. Sort of like sheep reading Nietsche. So he decided to see if it was true. It even sounds like a bar conversation. Sokal: "Look at this reviewer comment! he doesn't understand anything. Why I bet I could write that lattices are more stable when roses are growing on them and they wouldn't bat an eye."
Sokal's drinking buddy: "Aw come on, they're not that bad."
Sokal: Hmmm...
Anyone still confused? I was, so I went Here
One of the biggest problems I have with IQ tests such as Weschler and Stanford-Binet is that they are cuturally biased. For instance, they use knowledge of vocabulary and comprehension as metrics. An example question from the Weschler page: "Describe how the following pair of words are alike or the same--hamburger and pizza." A correct response would be "Both are things to eat." Well what if I am a vegetarian from new Dehli? Would you have known the answer if I had said Pakora and Naan?
Bounties and cracking contests are complete snake oil
I thought that was called "putting your money where your mouth is". I am not denying that there is a strong publicity aspect to them, but contests do give a security company some credibility. Do you think that the type of folks who appear in Bruce Schneier's doghouse would run a contest? Of course not. Contest runners are saying, 'give us your best shot, so that we can all learn from it.' It doesn't hurt that they get publicity, but to me that simply makes it a win-win situation for all the participants.
That's not what the most recent news report that I read said. Here is a reprint:
Yes it's from http://onion.com/
I disagree. CmdrTaco's story selection is completely objective, and the anonymous reader's story submission is very well balanced. Now where did I put the rest of that acid.
Welcome to Slashdot.
No offense intended, but /. is not a forum for bug reports in security/software systems
So are you saying that brand new, and critical information about a widely used software system does not qualify as "News for Nerds?" Hmmmm.
Your wish is my command.
Is that like condesing this:
"Microsoft has told him that it plans eventually to eliminate..."
to this:
"Microsoft has told...that it plans eventually to eliminate..." ?
Clever poster saved two whole spaces!
Poor chrisd is having a bad day. More coffee chrisd!
I wonder what a redundant reply to a redundant post would be. Informative?
Agreed. We don't even have a complete picture of our own planet's ecology from 3.5 million years ago. It is worth studying the unique Andean environment anyway, simply because it is there, so I suppose if they have to use BS like this to get the grant, I will excuse it. I just hope that they keep their focus broad. Also, I am a little concerned that they intend to dive into the frigid lake to collect water and sediment samples. Doesn't this introduce danger and contamination to the ecosystem that they are trying to study? They should realize this considering that they admit that Perhaps humans - either the Incas in the distant past, or recreational mountain climbers more recently - introduced life to the lake in the first place. I just hope that they take the kinds of precautions that were taken at Lechiguilla where they also are drawing analogies to the Martian ecosystem.
From the article:
"It is very effective, and it appears that there are no side effects."
Except that some of the test subjects later reported being able to replace their noses with their ears. http://www.hasbropreschool.com/mrpotatohead/
What do you mean delusions? There is no way that that could be a natural formation. I mean really!
Fighting to maintain over $10 million a year in revenue? Naaaah.
Oops, my sarcasm is dripping again.
If the alcohol is purer it becomes "undenatured" meaning that you can drink it and you have to tax it. Ethanol used in fuels and solvents is generally "denatured" meaning there is some poison crap in there and therefore it is not subject to liquor taxes, making it economically attractive.