Compromising a fax requires either hardware access or hacking their phone server.
Snooping email can happen in the following way (all wold have worked at my last employer):
-Infecting senders or recipients client machine -Infecting any machine in one of senders or recipients LAN and ARP spoofing the SMTP or IMAP servers address -DHCP spoofing and replacing servers -Infecting the DHCP Server, the IMAP server, the SMTP server -DNS spoofing - that may have been problematic -routing is not safe and can be manipulated -PEBKAC was never educated to use PKI end-to-end encryption/signing, even if own company-wide CA existed and issued keys for persons to access the vpn (i could import the key into my mail program and sign mails with it)
Me (being a physicist) would prefer the flares. a 1W laser with a bad efficiency will (for the sizes of batteries you can carry) not last very long. And the beam will be so narrow that you essentially have to hit the plan looking for you. Unless you widen it and then i looks like a flare, just less efficient.
Tanks are not stealthy at all. If i look at recent wars the need to disguise a single tank is not there. On the contrary. Usually putting a tank somewhere has been a show of force. The typical IED rigged on the roadside will not be operated by somebody having a infrared optics, sitting 2km away in a cold-war style observation vehicle/plane, but somebody with perfect visible light view on the vehicle. Moreover it would not be "army" vs. "army" clashing somewhere in the middle where the tanks could try to hide from the enemy Helicopters/planes
More important: it is not appropriate to disguise army vehicles as civilian vehicles in the visible wavelengths, so why should it be in the infrared? Doing so would significantly increase civilian deaths on the long term. If a distant observer cant distinct between refugees fleeing a city and an army retreating resources from there this would be *bad*.
I am happy to see that an iphone is not at all similar in shape and layout of the buttons to an Sony CLIE PEG-TH55 (to name a very similar device). On palms multiple app screens and a central button to switch on the homescreen was unheard of.
i bought a first gen galaxy-tab and it has proven to be what i expected it to be:
-Universal e-book reader -good device for viewing documents of all kind -fits in the pocket of my hiking trouser -reasonable web browser -excellent software selection -easy to develop your own small apps
i find the hickups which seem to be related to samsung using an own filesystem a little annoying, but overall the decision was right.
Clever, Apple, clever. Today from the "How do i make my competitor look more important than he probably is"-department.
Attention for free. Show you tablet one day on a Exhibition, then get the free headlines that "It was pulled due to a court order from Apple".
This directly makes the tables an competitor to the ipad (which they are not, they have different audiences, different sizes, and different advantages/disadvantages; i could well imagine to buy both).
And right now, somewhere... somebody of the highly knowledgeable penetration team says something like "phew i thought these stupid punks get us caught".
But WL is at fault for not following standard security practices like:
a) dont use the same pwd twice
b) dont mix the functions of systems in an uncontrolled way
c) generate a key, secure it by a phrase (or by many), hand over the key and tell the phrase separately
d) if you give sbd access, be explicit on what he should do and not do. I was often laughed at as a sysadmin for explaining where which things are stored and explaining explicitly if a pwd is critical, but that sby would not explain a non-technical person how devastating mishandling of a specific password is is *not cool*.
This all indicates JA arrogance and incompetence in these matters.
No i am not. follow the full story and you get a different picture.
a) Torrenting is just a very spectacular way to insure the existence of a document. Among all possible ways it is the least preferable. The preferred on involves copying the data on 50 DVDs and sending or giving these to the partner newspapers. The decision to use torrent in this way was the wrong one, no matter if you agree with it or not, since it only left one barrier (obtaining a not-so-high entropy password) for any interested party.
b) the standard way to handle encrypted material is *not* to give pwds directly. The standard way is to hand over the key, which is protected by a passphrase, and give this passphrase separately. This was the standard procedure in the last company where i worked for something as mundane as.pk12 certificates for wlan clients, or ssh certificates.
c) mixing the functions of being secured by the torrent and transmitting it to the journalist in a cool way was completely irresponsible. It was JAs decision to transmit key material for a secret document to this person. It was his decision alone. He did *not* communicate it to others, he did not ask for permission, and as far as i understood this was one of the points which made the conflict with DDB more severe. AFAIU JA always resisted rules inside WL to which he could be bound. But believe me, rules, even informal ones are a god thing. Rules like 'who can take money' 'who has access the servers' 'which persons share the key material in a way that only a majority of them can reconstruct the key'. But this would have pushed JA from a throne of a king to the chair of a leader.
d) AFAIU the persons torrenting in a wave of unqualified paranoia were not aware that these documents are contained within the file they are torrenting since JA did not inform anybody on this. I take this point with a grain of salt, since it is DDBs interpretation, but the German Lawyer of WL only complained to DDB about htese severe claims and did not ask him for a "unterlassungserklaerung" (a legal binding document which you can use to stop somebody for making flase statements which harm you). This fact tells me DDBs story is essentially right.
No. It means that hey want to cover up the fuckup which JA and *only* JA is responsible for to the media.
He gave the password without specific instructions. He put the files somewhere where they don't belong (i think not mixing redacted and unredacted material would be a good principle) and did not inform the administrator that these are there. He lacked responsiveness in communicating with the responsible admistrator. He lacked openness to address the issue and take control of it of give the responsibility in a controlled way to somebody else. He did not delete the documents which he put there. He chose a single, simple password instead of a two-factor authorization. He did not (as would have been appropriate) use a physically safe way of transferring the data to the journalist (1 DVD would have been enough). He did not make sure the journalists computer is safe.
Software engineer is a quite abstract job to describe, as opposed to programmer.
My best bet would be - depending on the time you have to spend and how far you want to get them involved: If you have a LEGO mindstorm or something, build a small car out of it and ask them to describe when it should stop, turn etc. to drive a given course and implement it.
JA copies confidential files into a secret directory on a server and does not warn the people who have the right and the access to the parent directory, then does not delete these after transmission, and he chooses a simple password transmitted in a public place AFAIU (instead of a larger key transmitted on a physical medium, like a cd or an sd card) which he does not warn his partner never to reveal it and handle it with care, does not make sure he has the organizational, physical and administrative control over this server.
Holy shit this guy fucked up. For acting cool he compromised *all* security principles. In the company where i worked security was hanging not so high, but putting data, even encrypted to a server outside the companies full control was *strictly* forbidden.
If i would have to design something which is easy to give, i would choose a bootable linux read-only USB stick (so that anybody can just freshly boot) with networking turned off and an encrypted container and instruct my partner to open it on a freshly bought random netbook. Easy, cheap, fast, safe.
But not as cool and you have to explain a few minutes.
Actually, i think you are wrong. As far as i understand the repository is not checked during a commit. Edit directly in the repository and your modification will only be uncovered by git-fsck AFAIU.
Slashdot Mirror
Compromising a fax requires either hardware access or hacking their phone server.
Snooping email can happen in the following way (all wold have worked at my last employer):
-Infecting senders or recipients client machine
-Infecting any machine in one of senders or recipients LAN and ARP spoofing the SMTP or IMAP servers address
-DHCP spoofing and replacing servers
-Infecting the DHCP Server, the IMAP server, the SMTP server
-DNS spoofing - that may have been problematic
-routing is not safe and can be manipulated
-PEBKAC was never educated to use PKI end-to-end encryption/signing, even if own company-wide CA existed and issued keys for persons to access the vpn (i could import the key into my mail program and sign mails with it)
Me (being a physicist) would prefer the flares. a 1W laser with a bad efficiency will (for the sizes of batteries you can carry) not last very long. And the beam will be so narrow that you essentially have to hit the plan looking for you. Unless you widen it and then i looks like a flare, just less efficient.
I fully agree. I (being a physicist) can not imagine any purpose for this laser outside a firmly mounted case inside a lab or workshop.
If you write on the lase: don't point it to aircrafts, then this is exactly what some asshats are going to do.
A good security system is not as weak as the weakest link.
Excuse me. If there is no intent to sell a specific functionality to customers, then why demonstrate it?
I still think that is is a problem to disguise weapons in active combat as civilian vehicles.
I wonder what this should be good for.
Tanks are not stealthy at all. If i look at recent wars the need to disguise a single tank is not there. On the contrary. Usually putting a tank somewhere has been a show of force. The typical IED rigged on the roadside will not be operated by somebody having a infrared optics, sitting 2km away in a cold-war style observation vehicle/plane, but somebody with perfect visible light view on the vehicle. Moreover it would not be "army" vs. "army" clashing somewhere in the middle where the tanks could try to hide from the enemy Helicopters/planes
More important: it is not appropriate to disguise army vehicles as civilian vehicles in the visible wavelengths, so why should it be in the infrared? Doing so would significantly increase civilian deaths on the long term. If a distant observer cant distinct between refugees fleeing a city and an army retreating resources from there this would be *bad*.
Yes that is why i love my sony reader more for ebooks than my android tablet. I am a distracted kid.
I am happy to see that an iphone is not at all similar in shape and layout of the buttons to an Sony CLIE PEG-TH55 (to name a very similar device). On palms multiple app screens and a central button to switch on the homescreen was unheard of.
i bought a first gen galaxy-tab and it has proven to be what i expected it to be:
-Universal e-book reader
-good device for viewing documents of all kind
-fits in the pocket of my hiking trouser
-reasonable web browser
-excellent software selection
-easy to develop your own small apps
i find the hickups which seem to be related to samsung using an own filesystem a little annoying, but overall the decision was right.
Clever, Apple, clever. Today from the "How do i make my competitor look more important than he probably is"-department.
Attention for free. Show you tablet one day on a Exhibition, then get the free headlines that "It was pulled due to a court order from Apple".
This directly makes the tables an competitor to the ipad (which they are not, they have different audiences, different sizes, and different advantages/disadvantages; i could well imagine to buy both).
An introduction to Database systems, C. S. Date
Algorithms, Sedgewick
The dragon book.
there is an (android) app for that. But without a stylus it is not as good....
Yes. Graffiti was one of the best inputs. It requires a stylus but then its very efficient. only it cripples your handwriting.
And right now, somewhere... somebody of the highly knowledgeable penetration team says something like "phew i thought these stupid punks get us caught".
Besides the fact that the Spiegel (as a WL partner) is heavily involved in mud-slinging towards OL/DDB.
To me it is obvious that OL/DDB had nothing to do with this problem. I get more and more the feeling that this problem was the reason DDB left.
The idea that any intelligence agency needed the help of openleaks to test the guardian pwd against any encrypted document they find is funny.
But WL is at fault for not following standard security practices like:
a) dont use the same pwd twice
b) dont mix the functions of systems in an uncontrolled way
c) generate a key, secure it by a phrase (or by many), hand over the key and tell the phrase separately
d) if you give sbd access, be explicit on what he should do and not do. I was often laughed at as a sysadmin for explaining where which things are stored and explaining explicitly if a pwd is critical, but that sby would not explain a non-technical person how devastating mishandling of a specific password is is *not cool*.
This all indicates JA arrogance and incompetence in these matters.
No i am not. follow the full story and you get a different picture.
a) Torrenting is just a very spectacular way to insure the existence of a document. Among all possible ways it is the least preferable. The preferred on involves copying the data on 50 DVDs and sending or giving these to the partner newspapers. The decision to use torrent in this way was the wrong one, no matter if you agree with it or not, since it only left one barrier (obtaining a not-so-high entropy password) for any interested party.
b) the standard way to handle encrypted material is *not* to give pwds directly. The standard way is to hand over the key, which is protected by a passphrase, and give this passphrase separately. This was the standard procedure in the last company where i worked for something as mundane as .pk12 certificates for wlan clients, or ssh certificates.
c) mixing the functions of being secured by the torrent and transmitting it to the journalist in a cool way was completely irresponsible. It was JAs decision to transmit key material for a secret document to this person. It was his decision alone. He did *not* communicate it to others, he did not ask for permission, and as far as i understood this was one of the points which made the conflict with DDB more severe. AFAIU JA always resisted rules inside WL to which he could be bound. But believe me, rules, even informal ones are a god thing. Rules like 'who can take money' 'who has access the servers' 'which persons share the key material in a way that only a majority of them can reconstruct the key'. But this would have pushed JA from a throne of a king to the chair of a leader.
d) AFAIU the persons torrenting in a wave of unqualified paranoia were not aware that these documents are contained within the file they are torrenting since JA did not inform anybody on this. I take this point with a grain of salt, since it is DDBs interpretation, but the German Lawyer of WL only complained to DDB about htese severe claims and did not ask him for a "unterlassungserklaerung" (a legal binding document which you can use to stop somebody for making flase statements which harm you). This fact tells me DDBs story is essentially right.
No. It means that hey want to cover up the fuckup which JA and *only* JA is responsible for to the media.
He gave the password without specific instructions. He put the files somewhere where they don't belong (i think not mixing redacted and unredacted material would be a good principle) and did not inform the administrator that these are there. He lacked responsiveness in communicating with the responsible admistrator. He lacked openness to address the issue and take control of it of give the responsibility in a controlled way to somebody else. He did not delete the documents which he put there. He chose a single, simple password instead of a two-factor authorization. He did not (as would have been appropriate) use a physically safe way of transferring the data to the journalist (1 DVD would have been enough). He did not make sure the journalists computer is safe.
Software engineer is a quite abstract job to describe, as opposed to programmer.
My best bet would be - depending on the time you have to spend and how far you want to get them involved: If you have a LEGO mindstorm or something, build a small car out of it and ask them to describe when it should stop, turn etc. to drive a given course and implement it.
But actually it hase been already like this for a long time. You could prevent loading the explorer.
JA copies confidential files into a secret directory on a server and does not warn the people who have the right and the access to the parent directory, then does not delete these after transmission, and he chooses a simple password transmitted in a public place AFAIU (instead of a larger key transmitted on a physical medium, like a cd or an sd card) which he does not warn his partner never to reveal it and handle it with care, does not make sure he has the organizational, physical and administrative control over this server.
Holy shit this guy fucked up. For acting cool he compromised *all* security principles. In the company where i worked security was hanging not so high, but putting data, even encrypted to a server outside the companies full control was *strictly* forbidden.
If i would have to design something which is easy to give, i would choose a bootable linux read-only USB stick (so that anybody can just freshly boot) with networking turned off and an encrypted container and instruct my partner to open it on a freshly bought random netbook. Easy, cheap, fast, safe.
But not as cool and you have to explain a few minutes.
But anybody would let MS know.
Actually, i think you are wrong. As far as i understand the repository is not checked during a commit. Edit directly in the repository and your modification will only be uncovered by git-fsck AFAIU.
Ahem. i did not leave my email there to notify me the last time i downloaded the tarball