The National Communications System, which was part of DISA in the late 1990's, along with the President's National Security Telecommunications Advisory Committee (NSTAC), proposed this way back then. The NCS is now part of DHS. Whatever happened to that 20 year old proposal and similar ones since that this has still not been established?
Forty years ago IBM solved the problem of getting rid of people it didn't want anymore by moving them to another office, sometimes far from where they were currently located. Some people accepted this and ended up being moved to a new office every 2 or 3 years like a military brat. Many people refused and then were laid off for refusing the new assignment. In many circles working for IBM meant "I've Been Moved."
I wonder why they forgot about that strategy?
I'd like to see the organizers of the 2018 RSA Conference to be held in April invite Mr. Wray to join in the cryptographers panel to discuss this issue. They'll eat him alive.
As a home user, my copy of Office 2013 still works just fine for me. There just aren't enough new bells and whistles that I "need" in any of the newer releases. I see no reason to spend additional money.
"They're treated as authentication, which they are not. I can give you my password, but you don't become me."
Which is why they are lousy authenticators. That is exactly why the push for multi-factor authentication, to make it more difficult for someone to impersonate as someone else. Systems are only authenticating an account when they use a password. They are not authenticating the wetware that is using the account.
The password foobarbaz AUTHENTICATES user yadda to the system. What user yadda is AUTHORIZED to do on the system is a totally separate issue. Is user yadda an administrator or a general user? Something else provides that AUTHORIZATION.
Please take a Computer Security 101 class and then maybe you will begin to understand the difference.
Sorry, but you are wrong. "something you know, something you are, and something you have are all ways to authenticate. Authorization is deciding what you are allowed to see after you have authenticated that the identity you claimed is correct.
In this case, gmail assumes you are authorized for all aspects of your account once you have authenticated, but whatever means you use.
I invite you to read this discussion on authentication vs. authorization to learn the difference.
https://stackoverflow.com/ques...
There are plenty of other articles to read to learn the difference. But, no matter how you slice it, passwords are just another way to authenticate your claimed identity.
Passwords, Biometrics, and RSA key generators are all authentication. None of them are authorization.
The distinction is "what you know" vs. "what you are" vs. "what you have".
Using more than one of those methods is simply "multi-factor authentication".
Authorization is a whole other ballgame.
The problem of sampling all in one night was noted at the end of the article as another possible source of error, but no indication of a percentage amount.
What is interesting in Maryland, is that you do not need any ID in order to vote. Just go into your precinct, give your name and address, sign a card and vote. So, if you know the name and address of someone and beat them to the precinct, you can vote in their place (assuming the poll workers don't know you or the person being impersonated). Afterwards, if the real person comes in, they would need to file a provisional ballot and fight to have the other vote somehow taken away.
Why they can't require some form of photo ID is beyond me. Though, I have heard of lawsuits in other states that do require photo ID, as being intrusive and thus somehow impeding voter's rights. I guess they equate having to pay to get a state issued ID card as the same as paying a poll tax. That could be corrected by simply providing the state issued IDs (for those that don't drive) for free.
The judge did not say the internet emails were not reliable. RTFA. In the article, it says:
She said she found it "incomprehensible... that a corporation dealing primarily in Internet commerce finds Internet communications to lack reliability."
What she found "incomprehensible" was that a company dealing in internet commerce could claim that internet communication is not reliable.
What this shows, is that the judge really doesn't understand the internet, and all the different applications and protocols. Clearly there are ways to secure e-commerce transactions, and just as clearly, email can be faked.
I fail to understand the claim that this means there is no need to backup the data. There is no such thing as disk drive that can't break. The article makes the claim of backup not needed, but offers no evidence whatsoever as to why. I don't no about everyone else, but I'd hate to lose over a petabyte of data because I believed a claim of backup not needed.
Of course I haven't filled up my 60GB drive yet, so I don't think I'll need this much storage for a while anyway.
as the President has, according to some legal opinions, unlimited powers in wartime
The problem is that only Congress can declare war (See Article 1, Section 8), and Congress hasn't declared war on anyone since World War II. Korea, Vietnam, both Gulf Wars, and other skirmishes in Central America and elsewhere have not been declared wars, thus those powers of the President do not apply.
While it is feasible, please note that NSA is also one of the largest employers in the state, and also has many contractors working in its buildings. It probably is the largest set of office buildings for a single "business" in the state, and thus would be expected to consume the most electricity, without even considering anything nefarious.
Slashdot Mirror
PayPal announced they are closing their Hunt Valley, MD office as well, laying off about 300 people.
Or, since they would all look similar and not stand out from the norm, you'd probably not even notice.
The National Communications System, which was part of DISA in the late 1990's, along with the President's National Security Telecommunications Advisory Committee (NSTAC), proposed this way back then. The NCS is now part of DHS. Whatever happened to that 20 year old proposal and similar ones since that this has still not been established?
Forty years ago IBM solved the problem of getting rid of people it didn't want anymore by moving them to another office, sometimes far from where they were currently located. Some people accepted this and ended up being moved to a new office every 2 or 3 years like a military brat. Many people refused and then were laid off for refusing the new assignment. In many circles working for IBM meant "I've Been Moved." I wonder why they forgot about that strategy?
Too bad Foster Brooks is no longer available to test this AI.
Brian Krebs reported on this a week ago, and then followed up with another story about how attempting to report more of them was rebuffed.
I'd like to see the organizers of the 2018 RSA Conference to be held in April invite Mr. Wray to join in the cryptographers panel to discuss this issue. They'll eat him alive.
As a home user, my copy of Office 2013 still works just fine for me. There just aren't enough new bells and whistles that I "need" in any of the newer releases. I see no reason to spend additional money.
"They're treated as authentication, which they are not. I can give you my password, but you don't become me." Which is why they are lousy authenticators. That is exactly why the push for multi-factor authentication, to make it more difficult for someone to impersonate as someone else. Systems are only authenticating an account when they use a password. They are not authenticating the wetware that is using the account.
The password foobarbaz AUTHENTICATES user yadda to the system. What user yadda is AUTHORIZED to do on the system is a totally separate issue. Is user yadda an administrator or a general user? Something else provides that AUTHORIZATION. Please take a Computer Security 101 class and then maybe you will begin to understand the difference.
Sorry, but you are wrong. "something you know, something you are, and something you have are all ways to authenticate. Authorization is deciding what you are allowed to see after you have authenticated that the identity you claimed is correct. In this case, gmail assumes you are authorized for all aspects of your account once you have authenticated, but whatever means you use. I invite you to read this discussion on authentication vs. authorization to learn the difference. https://stackoverflow.com/ques... There are plenty of other articles to read to learn the difference. But, no matter how you slice it, passwords are just another way to authenticate your claimed identity.
Since I cannot have a cellphone in the office, no 2FA for gmail for me.
Passwords, Biometrics, and RSA key generators are all authentication. None of them are authorization. The distinction is "what you know" vs. "what you are" vs. "what you have". Using more than one of those methods is simply "multi-factor authentication". Authorization is a whole other ballgame.
The problem of sampling all in one night was noted at the end of the article as another possible source of error, but no indication of a percentage amount.
I'd be happy to provide them with a sample from my anal cavity. However, I don't want them trying to collect it themselves.
What is interesting in Maryland, is that you do not need any ID in order to vote. Just go into your precinct, give your name and address, sign a card and vote. So, if you know the name and address of someone and beat them to the precinct, you can vote in their place (assuming the poll workers don't know you or the person being impersonated). Afterwards, if the real person comes in, they would need to file a provisional ballot and fight to have the other vote somehow taken away.
Why they can't require some form of photo ID is beyond me. Though, I have heard of lawsuits in other states that do require photo ID, as being intrusive and thus somehow impeding voter's rights. I guess they equate having to pay to get a state issued ID card as the same as paying a poll tax. That could be corrected by simply providing the state issued IDs (for those that don't drive) for free.
The judge did not say the internet emails were not reliable. RTFA. In the article, it says:
... that a corporation dealing primarily in Internet commerce finds Internet communications to lack reliability."
She said she found it "incomprehensible
What she found "incomprehensible" was that a company dealing in internet commerce could claim that internet communication is not reliable.
What this shows, is that the judge really doesn't understand the internet, and all the different applications and protocols. Clearly there are ways to secure e-commerce transactions, and just as clearly, email can be faked.
I fail to understand the claim that this means there is no need to backup the data. There is no such thing as disk drive that can't break. The article makes the claim of backup not needed, but offers no evidence whatsoever as to why. I don't no about everyone else, but I'd hate to lose over a petabyte of data because I believed a claim of backup not needed. Of course I haven't filled up my 60GB drive yet, so I don't think I'll need this much storage for a while anyway.
See this article or this article for more details.
I agree. It is the "shutdown the computer" that is the denial of service.
Cheap and easy solution: unplug from the internet, shutdown the computer.
That would be a denial of service.....
as the President has, according to some legal opinions, unlimited powers in wartime
The problem is that only Congress can declare war (See Article 1, Section 8), and Congress hasn't declared war on anyone since World War II. Korea, Vietnam, both Gulf Wars, and other skirmishes in Central America and elsewhere have not been declared wars, thus those powers of the President do not apply.
While it is feasible, please note that NSA is also one of the largest employers in the state, and also has many contractors working in its buildings. It probably is the largest set of office buildings for a single "business" in the state, and thus would be expected to consume the most electricity, without even considering anything nefarious.
I thought they were only green when really angry.
Nope. They're green when they are envious.
For pigs with wings, see this.