What's to stop someone from sending a random nude pic they get from the Internet? I see that they also need to upload an ID card, but since it's being sent electronically, it would be trivial to replace the photo in the image of the ID card with the face of the person in the nude pic. It doesn't sound like a very reliable way to secure a lone. And there are some people who just don't care who sees them naked. If that weren't the case, there'd be no pornography industry. This really doesn't sound like a good business model.
amazon still failed to give ups / faa the right paper work.
Is it up to Amazon to file paperwork with the FAA? I would have thought that was UPS's responsibility. If you or I ship packages with UPS or FedEX, I don't think we interact with the FAA in any way.
If enough leaked to affect 9 employees handling the box after the flight then there's a reasonable possibility that the escaped liquid now poses a corrosion hazard to the aircraft structure. UPS should send them the bill for the complete inspection and overhaul of the affected areas of the aircraft used to transport it. Perhaps that will be more than the fine.
You say that because Amazon is a rich company. Suppose an old grandmother ships something to someone and doesn't properly fill out the form declaring hazardous materials and similar damage was done. Would you suggest UPS go after her for damages to the aircraft? Double standards shouldn't apply just because a party is wealthy.
Instead of basing access off of IP address, why don't they do it based on the issuing bank for customers' credit cards? It's an indicator of where the money is actually changing hands. I wonder what content owners would think of that.
That wouldn't work. I'm a Canadian citizen living in Canada, but I do have U.S. credit card and the billing address is a PO Box in the USA. (I live near the border.)
Nobody talks about any other internet when they say Internet. It's a proper place name just as much as Asia.
Exactly. I learned that "Internet" is capitalized because the word "internet" is a generic term for a network of networks. The Internet (with a capital "I") is the internet that most of us use.
At the end of the day, any fiat currency is only worth whatever you think it's worth. So you can really identify any money as poker chips.
Not true. U.S. currency, for instance, (and most legal currencies, in fact) is considered "legal tender". That means it can be used to pay your debts to the government. The government doesn't have to accept Bitcoin or anything else other than U.S. dollars when you pay your taxes.
All money laundering rules require is that you can trace the source of money and usually only require cursory checks unless significant money is involved. In the case of the hypothetical bank the fact you got the money you were at the bank and they were giving out money would be sufficient proof. You might be getting confused with bribery laws that state you can't give cash etc for favours and even then only specific situations.
Not true. There are strict rules about banks giving money away. For instance: suppose I were a drug dealer and I had $500,000 that needed to be laundered. I take it to my favorite bank and give it to them in a dark room at the back. Next day the bank, out of the goodness of their heart, decides to give me a "gift" of $450,000. (The bank gets their 10%). Voilà: perfectly laundered money!
but one would have to wonder why he would be trying to access systems of someone who wasn't his client.
Because it was anonymous FTP? That's the whole point of anon FTP, you know: that anybody is allowed to use it.
I do understand about anonymous FTP. The point I was trying to make is all that is moot if he was hired to test that security in the first place. I guess my question boils down to this: Who exactly hired him? I'm genuinely curious, cause to me this story doesn't make a whole lot of sense.
The article describes him as a "dental software security researcher". Does that means it's his job? If so, was he working for the company whose computer he accessed? If so, isn't this authorized access as part of his job? Or was he accessing the system of a competitor of his client? That would be almost certainly unauthorized. I read the linked article and it is light on those details. I think this case would come down to whether or not he was doing this as part of his job and was therefore authorized to access these records. If not, he could be a in a boatload of trouble, but one would have to wonder why he would be trying to access systems of someone who wasn't his client.
If they stick a sign outside saying "free money" and have an anonymous form at the door to fill out saying "add a tally for yourself if you took some free money" then yes, you fucking can
No, I don't think you can even then. Banks don't have any authority to give out "free money" and so any such sign would clearly have been put up by someone without authorization to do so. (Perhaps a disgruntled employee.) Since a reasonable person would have drawn that conclusion, I don't think you'd get away with taking money in that circumstance.
Back when I used to develop sites in Drupal (which was a few years ago), all SQL queries were parameterized, as opposed to passing variable data as part of the query string. I thought this was supposed to protect you from SQL injection attacks. Am I missing something, or are they attacking very, very old Drupal installations?
Knowing that the tech is worthless, that their intimidation tactic failed, and faced with the prospect of having to cover the defendant's legal fees, the prosecution retracted the "offer."
Technically, they didn't retract the offer, having never offered to pay the defendant's costs in the first place. The plaintiff asked the defendant to take a polygraph test. The defendant counter-offered that they would if the plaintiff would cover costs in the event of a negative result. The plaintiff refused the counter-offer. No polygraph test was taken. Nobody "retracted" any offer or backed off on their position.
I'd be curious to know how secure these apps are. I'm looking for a good messaging system and video chat system, but I don't want to move to something new unless I know my conversations are secured and chats aren't stored on some server somewhere. What kind of encryption do these apps feature?
The security used to be private, and let through 9/11. That's one of the basis of the TSA, though there was nothing let through that wasn't on the government's allowed list.
That's EXACTLY the point. The hijackers used box cutters which weren't on the list of prohibited items. 9/11 was NOT the result of a failure of airport security personnel. There is thus no rational basis for the existence of the TSA. Pre-9/11, I don't recall any significant security lines. The biggest worry was the line at the ticketing desk if one needed to check luggage. (Otherwise, back then, you could just check in right at the gate. No boarding passes were necessary to get through security.) Now, you need to get the the airport hours ahead of time (even for a 1 hour flight) to make sure you get through security in time to catch your flight. I didn't realize airports were allowed to fire the TSA and go back to their own security, but I don't understand why all airports don't do this right now!
If private companies can compel the FBI to disclose their secrets, the FBI could turn that around and say that turnabout is fair play and private companies should be compelled to disclose their secrets to the FBI. Best just to keep a respectful distance.
The commerce clause, as explained in a reply to AC's comment.
The commerce clause is part of the Constitution. The Constitution doesn't grant the FTC any authority whatsoever. It grants congress the right to regulate interstate commerce. Congress must then, in turn, grant authority to the FTC. It does so by means of statutes in the United States Code. The FTC doesn't have unlimited power to regulate any and all interstate commerce. So I'm wondering, under which statute do the claim to have the authority to order private companies to disclose security vulnerabilities and patch schedules?
While I'm all in favor of more transparency in security vulnerability and patching processes, I wonder where the FTC gets the authority to order phone manufacturers to disclose this information. Is there some congressional statute they're acting under, or did they just make this up? Do they have unlimited power to require any company that manufactures and sells any product whatsoever to disclose anything they (the FTC) wants, or is there some narrower law they are working under?
Slashdot Mirror
Finns get a lot of media considering it is an icey wasteland.
An icy wasteland that gave us Linux!
Your DNA will be used to convict you regardless of any objection you might have if you ever are accused of a crime.
Or it will exonerate you if you are innocent. Not that I'm for all this overreach but just stating the obvious.
People can always offer a DNA sample voluntarily if they feel it will exonerate them.
What's to stop someone from sending a random nude pic they get from the Internet? I see that they also need to upload an ID card, but since it's being sent electronically, it would be trivial to replace the photo in the image of the ID card with the face of the person in the nude pic. It doesn't sound like a very reliable way to secure a lone. And there are some people who just don't care who sees them naked. If that weren't the case, there'd be no pornography industry. This really doesn't sound like a good business model.
amazon still failed to give ups / faa the right paper work.
Is it up to Amazon to file paperwork with the FAA? I would have thought that was UPS's responsibility. If you or I ship packages with UPS or FedEX, I don't think we interact with the FAA in any way.
If enough leaked to affect 9 employees handling the box after the flight then there's a reasonable possibility that the escaped liquid now poses a corrosion hazard to the aircraft structure. UPS should send them the bill for the complete inspection and overhaul of the affected areas of the aircraft used to transport it. Perhaps that will be more than the fine.
You say that because Amazon is a rich company. Suppose an old grandmother ships something to someone and doesn't properly fill out the form declaring hazardous materials and similar damage was done. Would you suggest UPS go after her for damages to the aircraft? Double standards shouldn't apply just because a party is wealthy.
The problem with capitalism is that a company can be successful even if it's bad for everyone.
No it can't. If the company is bad for everyone, then no one will do business with that company and they will fail.
Umm, it's because he was actually knighted in 2004!
Instead of basing access off of IP address, why don't they do it based on the issuing bank for customers' credit cards? It's an indicator of where the money is actually changing hands. I wonder what content owners would think of that.
That wouldn't work. I'm a Canadian citizen living in Canada, but I do have U.S. credit card and the billing address is a PO Box in the USA. (I live near the border.)
Nobody talks about any other internet when they say Internet. It's a proper place name just as much as Asia.
Exactly. I learned that "Internet" is capitalized because the word "internet" is a generic term for a network of networks. The Internet (with a capital "I") is the internet that most of us use.
At the end of the day, any fiat currency is only worth whatever you think it's worth. So you can really identify any money as poker chips.
Not true. U.S. currency, for instance, (and most legal currencies, in fact) is considered "legal tender". That means it can be used to pay your debts to the government. The government doesn't have to accept Bitcoin or anything else other than U.S. dollars when you pay your taxes.
What if no one hired him? What if he just happened upon the FTP server?
The article specifically says he's a dental software security researcher. It's his job. Therefore it stands to reason, someone hired him.
Wrong.
All money laundering rules require is that you can trace the source of money and usually only require cursory checks unless significant money is involved. In the case of the hypothetical bank the fact you got the money you were at the bank and they were giving out money would be sufficient proof. You might be getting confused with bribery laws that state you can't give cash etc for favours and even then only specific situations.
Not true. There are strict rules about banks giving money away. For instance: suppose I were a drug dealer and I had $500,000 that needed to be laundered. I take it to my favorite bank and give it to them in a dark room at the back. Next day the bank, out of the goodness of their heart, decides to give me a "gift" of $450,000. (The bank gets their 10%). Voilà: perfectly laundered money!
but one would have to wonder why he would be trying to access systems of someone who wasn't his client.
Because it was anonymous FTP? That's the whole point of anon FTP, you know: that anybody is allowed to use it.
I do understand about anonymous FTP. The point I was trying to make is all that is moot if he was hired to test that security in the first place. I guess my question boils down to this: Who exactly hired him? I'm genuinely curious, cause to me this story doesn't make a whole lot of sense.
" What's the basis of that statement? Why can't a business give away money, if they wish, and there's internal approval?
Because there are money laundering statutes that say you can't.
The article describes him as a "dental software security researcher". Does that means it's his job? If so, was he working for the company whose computer he accessed? If so, isn't this authorized access as part of his job? Or was he accessing the system of a competitor of his client? That would be almost certainly unauthorized. I read the linked article and it is light on those details. I think this case would come down to whether or not he was doing this as part of his job and was therefore authorized to access these records. If not, he could be a in a boatload of trouble, but one would have to wonder why he would be trying to access systems of someone who wasn't his client.
If they stick a sign outside saying "free money" and have an anonymous form at the door to fill out saying "add a tally for yourself if you took some free money" then yes, you fucking can
No, I don't think you can even then. Banks don't have any authority to give out "free money" and so any such sign would clearly have been put up by someone without authorization to do so. (Perhaps a disgruntled employee.) Since a reasonable person would have drawn that conclusion, I don't think you'd get away with taking money in that circumstance.
Back when I used to develop sites in Drupal (which was a few years ago), all SQL queries were parameterized, as opposed to passing variable data as part of the query string. I thought this was supposed to protect you from SQL injection attacks. Am I missing something, or are they attacking very, very old Drupal installations?
Knowing that the tech is worthless, that their intimidation tactic failed, and faced with the prospect of having to cover the defendant's legal fees, the prosecution retracted the "offer."
Technically, they didn't retract the offer, having never offered to pay the defendant's costs in the first place. The plaintiff asked the defendant to take a polygraph test. The defendant counter-offered that they would if the plaintiff would cover costs in the event of a negative result. The plaintiff refused the counter-offer. No polygraph test was taken. Nobody "retracted" any offer or backed off on their position.
I'd be curious to know how secure these apps are. I'm looking for a good messaging system and video chat system, but I don't want to move to something new unless I know my conversations are secured and chats aren't stored on some server somewhere. What kind of encryption do these apps feature?
Apparently they posted reviews of some of the prostitutes online which is technically promoting.
The security used to be private, and let through 9/11. That's one of the basis of the TSA, though there was nothing let through that wasn't on the government's allowed list.
That's EXACTLY the point. The hijackers used box cutters which weren't on the list of prohibited items. 9/11 was NOT the result of a failure of airport security personnel. There is thus no rational basis for the existence of the TSA. Pre-9/11, I don't recall any significant security lines. The biggest worry was the line at the ticketing desk if one needed to check luggage. (Otherwise, back then, you could just check in right at the gate. No boarding passes were necessary to get through security.) Now, you need to get the the airport hours ahead of time (even for a 1 hour flight) to make sure you get through security in time to catch your flight. I didn't realize airports were allowed to fire the TSA and go back to their own security, but I don't understand why all airports don't do this right now!
If private companies can compel the FBI to disclose their secrets, the FBI could turn that around and say that turnabout is fair play and private companies should be compelled to disclose their secrets to the FBI. Best just to keep a respectful distance.
The commerce clause, as explained in a reply to AC's comment.
The commerce clause is part of the Constitution. The Constitution doesn't grant the FTC any authority whatsoever. It grants congress the right to regulate interstate commerce. Congress must then, in turn, grant authority to the FTC. It does so by means of statutes in the United States Code. The FTC doesn't have unlimited power to regulate any and all interstate commerce. So I'm wondering, under which statute do the claim to have the authority to order private companies to disclose security vulnerabilities and patch schedules?
While I'm all in favor of more transparency in security vulnerability and patching processes, I wonder where the FTC gets the authority to order phone manufacturers to disclose this information. Is there some congressional statute they're acting under, or did they just make this up? Do they have unlimited power to require any company that manufactures and sells any product whatsoever to disclose anything they (the FTC) wants, or is there some narrower law they are working under?
Human rights trump these "parental rights" of yours. Parents don't have rights, they have responsibilities.
Parents aren't humans?