I'm sooooo sorry that we couldn't bring you another story about SCO or Patent and Trademark Law today.
It is a story about what some people consider an innovative game. How is this any different than a one of the countless storys on here about someone building something out of lego mindstorms or some other percieved "toy"
You make some Interesting points but I do question one of your major ones.
You seem to indicate that the biggest problem your customers have is the time, knowledge and effort it takes to load patches for Windows and the solution to end this would be to provide them with Debian or Redhat on their computers. If you can't get people to install updates for Windows how are you going to get them to load updates for Linux, OS X, BSD, Amiga, BeOS or whatever the next hot OS is.
Neither Debian or Red Hat are going to be set and forget installs. At some point a home computer user is going to have to load updates for thier OS of choice, if the want to help insure the continued security of their computing enviroment. I think you are setting a bad example by implying to your customers and boss, that by loading Linux they will be forever free of having to load updates or be concerned about security of their computer. Things like that are going to get people burned by the next exploit script for Red Hat or Debian that they are not patched against.
I don't want to take away from the good points of your post. I think you point about Blinding Windows from the Network is an interesting one.
I can't say that I share you're level of rage against Microsoft I do agree that there is a problem with the closed source method of software distribution but I don't think that there is a OS today that is the single solution to all of these security problems. At some point there needs to be a balance between better products both open and closed source and better process and computing habits on the part of all computers users, not just the "stupid" ones. The latter is needs to invlove educating people with the best way to keep their computers up to date with patches, good password practices, good firewall setups, and smart email practices to help protect against spam and other email born threats.
I would agree with your statement that this has nothing to do with deregulation to the extent that there probably isn't a problem here where we will be able to point directly to deregulation causing.
The problem I see with deregulation is where it runs into your commnents about poor infrastructure design. Without regulation there is never going to be any motivation for the infrastructure providing power companies to do anything to make large changes to their distribution systems. From the power companies standpoint there is little payback on making changes to the infrastructure. As these are projects that do little to sell additional power or services
I think that the government needs to stike a better balance on the regulation issue and find ways to encourage utilites to invest in their infrastructure. I would imagine that in these days of terrorism fears the utilites could probably lobby the govt for money to invest in their power system or at the very least tax credits.
I just don't see that deregulation is providing any real benefits to the consumer. Personally as a result of deregualtion I have seen my power costs rise and the quality of service decrease.
This seems like a ploy by this "Charmed Technologies" to grab headlines. 100 IP Addresses per person? I would imagine we might need this someday, but when you follow the link to the Charmed Tech website you start to understand why that guy thinks this is an immediate need. They are trying to sell wearable computers and IP enabled sunglasses.
This seems like a sky is falling news release to get their name out there and get people thinking about wearable computing.
I wouldn't get too upset about it as it were. But this is no reason not to think about IP6 as we are going to need it eventually.
This almost seems like a pointless debate. The RIAA will never hold any position other than "all P2P networks can be used for is to share copyright protected works." Debating them on the power of Freenet to allow disidents to speak freely is in pointless IMHO. The RIAA has absolutely no concern about this they are simply trying to maintain the money making ability of their member companies.
I would also argue that the RIAA has no interest in debating the ability of P2P networks to distribute uncopyrighted material as that dilutes the power of their current distribution models.
I Personally think that Bugtraq does a pretty good job already. The problem I see happening with having multiple lists such as the one being presented here is a case of information overload. All I can think about is having to sift through a series of duplicate vulnerabilities that people posted to both lists. It already takes me long enough some mornings to keep up with everything that has posted to Bugtraq overnight.
Knowing this I would say if you want to do something, make it a couple degrees more useful than Bugtraq. I think a more interactive forum would be nice. I see some value in being able to perform advanced searches for vulnerabilities and code samples, as well as more filtering capabilties on the mailing list to sort out vulnerabilities that are only relevant to your enviroment.
Just some thoughts, but my impression is that the person who submitted the story doesn't want to do any real work anyway so this is all probably a moot point.
I spend a lot of time reading and training myself on how to prepare myself and the systems I manage against attacks and other hostile acts. I find much of this to be a fairly linear technical task.
I often find myself at a loss as to how to help train the end users at my company on how they can help insure the security of their systems and help prevent things like social engineering attacks and what good password practices are.
I usually run into problems of user apathy, training materials or discussions being too technical, or trying to apply to technical training techniques to sometimes non techncial problems such as the aforementioned social engineering attack.
Have you found a good way to educate largely non technical end users on ways that they can help contribute to the overall security of the systems of the company they work for. What should be included in the training? What should be left out?
I work in the IT group of a financial firm, members of our department have been tasked with running our base of clients through software that attempts to match them against known suspects wanted by various U.S. goverment departments such as the FBI and Secret Service as well as agencies of foreign government. If we find matches we are to freeze the assets of the individuals in question and notify the U.S. government. This are all to be done in accordance with the USA PATRIOT act.
The problem we ar having is that the software gives you a confidence rating of how sure it is that this person is actually the person wanted in connection with a crime. We are an IT department we have no legal powers to nor the means to investigate this individuals to insure that we are not freezing assets of innocent people. Thus far we have been holding back on actually freezing accounts until we have more information but with the specter of government fines being placed against we are eventually going to have to act.
I don't like the idea of the government having private citizens doing their dirty work. As I said earlier I have no investigative authority nor the means to perform investigations. This means that we need to make poorly educated decisions based only upon matching name(s) and addresses against those that the government is looking for. Eventually some one is going to get burned and have a potentially good name and reputation drug through the mud.
Everything that I have seen points to Windows Embedded. NCR just signed a big deal several months ago to begin developing and deploying their machines with Windows. I believe that Diebold is doing the same thing.
I have yet to see an ATM machine running any type of Linux install. The ATM networks and Data Processing vendors tend to be very picky about what types of equipment they will support and allow to interface and interchange with the network. Which probably explains why there haven't been any linux based machines widely deployed as of yet.
I don't know I have a bunch of Dell Servers that are using Fujitsu Hard Drives in RAID Arrays. In the past year and a half of using the dells with Fujitsu drives, we have only had one drive our of about 40 go bad. I can't speak to their IDE drives but the hot plug SCSI's are working pretty well.
Do you think that the folks running the Networks for the Winter Olympics are running Novell? It would seem like a real slap in the face to Novell for the Utah grown NOS to not have any place in the Salt Lake spotlight.
I'll agree with the Statement that due to it's closed nature they are likely as to yet undiscovered vulnerabilities waiting in Windows 2000. That said there are likely vulnerabilites waiting to be discovered in the Myriad of Linux distos and components out there. With this in mind what makes Windows far more dangerous is a real lack of understanding and experience that many NT admins suffer from. We all know someone who read the test preps and Brain dumps and got their MCSE without any real understanding of the nuts and bolts of NT. Therefore with no clue of what they are/were trying to secure. With good Engineers and Admins I am just as comfortable with the security of a Windows box as I am with a *NIX box.
The whole thing plays right into the whole guns don't kill people...people kill people argument. Operating Systems don't kill Admins...Admins kill Admins or something like that.
If Companies were adopting platforms based solely on security, then according to these numbers we would all be Novell shops.
Remember it is easy to hit the broadside of a barn, and the Linux and Windows barns are attractive targets.
Diebold (The Banking Equipment Maker) sells an off the shelf unit that records and indexes images by time and date using a SQL Server. The thing will run almost any b+w or color video camera. The thing runs a a web server so that you can grab pics from your browser.
Authentication comes from Accounts stored in the Database. If you can live with the fact that the thing runs on all MS software, it works great the thing has been running seamlessly 24hrs. a day for about nine months without any type of intervention. Depending on how you a adjust the image capture frequency we get about 3 and 1/2 months worth of recording on the thing.
I think the whole setup with 12 cameras, Software, and Server w/ about 100GB of Storage went for about $7000.
Slashdot Mirror
I'm sooooo sorry that we couldn't bring you another story about SCO or Patent and Trademark Law today.
It is a story about what some people consider an innovative game. How is this any different than a one of the countless storys on here about someone building something out of lego mindstorms or some other percieved "toy"
If you don't care about it don't read the story
You make some Interesting points but I do question one of your major ones.
You seem to indicate that the biggest problem your customers have is the time, knowledge and effort it takes to load patches for Windows and the solution to end this would be to provide them with Debian or Redhat on their computers. If you can't get people to install updates for Windows how are you going to get them to load updates for Linux, OS X, BSD, Amiga, BeOS or whatever the next hot OS is.
Neither Debian or Red Hat are going to be set and forget installs. At some point a home computer user is going to have to load updates for thier OS of choice, if the want to help insure the continued security of their computing enviroment. I think you are setting a bad example by implying to your customers and boss, that by loading Linux they will be forever free of having to load updates or be concerned about security of their computer. Things like that are going to get people burned by the next exploit script for Red Hat or Debian that they are not patched against.
I don't want to take away from the good points of your post. I think you point about Blinding Windows from the Network is an interesting one.
I can't say that I share you're level of rage against Microsoft I do agree that there is a problem with the closed source method of software distribution but I don't think that there is a OS today that is the single solution to all of these security problems. At some point there needs to be a balance between better products both open and closed source and better process and computing habits on the part of all computers users, not just the "stupid" ones. The latter is needs to invlove educating people with the best way to keep their computers up to date with patches, good password practices, good firewall setups, and smart email practices to help protect against spam and other email born threats.
I would agree with your statement that this has nothing to do with deregulation to the extent that there probably isn't a problem here where we will be able to point directly to deregulation causing.
The problem I see with deregulation is where it runs into your commnents about poor infrastructure design. Without regulation there is never going to be any motivation for the infrastructure providing power companies to do anything to make large changes to their distribution systems. From the power companies standpoint there is little payback on making changes to the infrastructure. As these are projects that do little to sell additional power or services
I think that the government needs to stike a better balance on the regulation issue and find ways to encourage utilites to invest in their infrastructure. I would imagine that in these days of terrorism fears the utilites could probably lobby the govt for money to invest in their power system or at the very least tax credits.
I just don't see that deregulation is providing any real benefits to the consumer. Personally as a result of deregualtion I have seen my power costs rise and the quality of service decrease.
I also understand that this box set will also include a bonus disc with Axl Rose's new Guns n Roses album on it as well.
This seems like a ploy by this "Charmed Technologies" to grab headlines. 100 IP Addresses per person? I would imagine we might need this someday, but when you follow the link to the Charmed Tech website you start to understand why that guy thinks this is an immediate need. They are trying to sell wearable computers and IP enabled sunglasses.
This seems like a sky is falling news release to get their name out there and get people thinking about wearable computing.
I wouldn't get too upset about it as it were. But this is no reason not to think about IP6 as we are going to need it eventually.
Do you mean illegal/copied software like the SCO code copied into Linux??? Thus ends the mandated SCO joke
This almost seems like a pointless debate. The RIAA will never hold any position other than "all P2P networks can be used for is to share copyright protected works." Debating them on the power of Freenet to allow disidents to speak freely is in pointless IMHO. The RIAA has absolutely no concern about this they are simply trying to maintain the money making ability of their member companies.
I would also argue that the RIAA has no interest in debating the ability of P2P networks to distribute uncopyrighted material as that dilutes the power of their current distribution models.
I Personally think that Bugtraq does a pretty good job already. The problem I see happening with having multiple lists such as the one being presented here is a case of information overload. All I can think about is having to sift through a series of duplicate vulnerabilities that people posted to both lists. It already takes me long enough some mornings to keep up with everything that has posted to Bugtraq overnight.
Knowing this I would say if you want to do something, make it a couple degrees more useful than Bugtraq. I think a more interactive forum would be nice. I see some value in being able to perform advanced searches for vulnerabilities and code samples, as well as more filtering capabilties on the mailing list to sort out vulnerabilities that are only relevant to your enviroment.
Just some thoughts, but my impression is that the person who submitted the story doesn't want to do any real work anyway so this is all probably a moot point.
I spend a lot of time reading and training myself on how to prepare myself and the systems I manage against attacks and other hostile acts. I find much of this to be a fairly linear technical task.
I often find myself at a loss as to how to help train the end users at my company on how they can help insure the security of their systems and help prevent things like social engineering attacks and what good password practices are.
I usually run into problems of user apathy, training materials or discussions being too technical, or trying to apply to technical training techniques to sometimes non techncial problems such as the aforementioned social engineering attack.
Have you found a good way to educate largely non technical end users on ways that they can help contribute to the overall security of the systems of the company they work for. What should be included in the training? What should be left out?
Thanks
I work in the IT group of a financial firm, members of our department have been tasked with running our base of clients through software that attempts to match them against known suspects wanted by various U.S. goverment departments such as the FBI and Secret Service as well as agencies of foreign government. If we find matches we are to freeze the assets of the individuals in question and notify the U.S. government. This are all to be done in accordance with the USA PATRIOT act.
The problem we ar having is that the software gives you a confidence rating of how sure it is that this person is actually the person wanted in connection with a crime. We are an IT department we have no legal powers to nor the means to investigate this individuals to insure that we are not freezing assets of innocent people. Thus far we have been holding back on actually freezing accounts until we have more information but with the specter of government fines being placed against we are eventually going to have to act.
I don't like the idea of the government having private citizens doing their dirty work. As I said earlier I have no investigative authority nor the means to perform investigations. This means that we need to make poorly educated decisions based only upon matching name(s) and addresses against those that the government is looking for. Eventually some one is going to get burned and have a potentially good name and reputation drug through the mud.
Maybe you could get a job with the DHS making sub sandwiches in their cafeteria
Everything that I have seen points to Windows Embedded. NCR just signed a big deal several months ago to begin developing and deploying their machines with Windows. I believe that Diebold is doing the same thing. I have yet to see an ATM machine running any type of Linux install. The ATM networks and Data Processing vendors tend to be very picky about what types of equipment they will support and allow to interface and interchange with the network. Which probably explains why there haven't been any linux based machines widely deployed as of yet.
I don't know I have a bunch of Dell Servers that are using Fujitsu Hard Drives in RAID Arrays. In the past year and a half of using the dells with Fujitsu drives, we have only had one drive our of about 40 go bad. I can't speak to their IDE drives but the hot plug SCSI's are working pretty well.
Don't forget to take some great music with you, nothing is complete without the perfect soundtrack to go with it. Happy Travels
Do you think that the folks running the Networks for the Winter Olympics are running Novell? It would seem like a real slap in the face to Novell for the Utah grown NOS to not have any place in the Salt Lake spotlight.
I'll agree with the Statement that due to it's closed nature they are likely as to yet undiscovered vulnerabilities waiting in Windows 2000. That said there are likely vulnerabilites waiting to be discovered in the Myriad of Linux distos and components out there. With this in mind what makes Windows far more dangerous is a real lack of understanding and experience that many NT admins suffer from. We all know someone who read the test preps and Brain dumps and got their MCSE without any real understanding of the nuts and bolts of NT. Therefore with no clue of what they are/were trying to secure. With good Engineers and Admins I am just as comfortable with the security of a Windows box as I am with a *NIX box. The whole thing plays right into the whole guns don't kill people...people kill people argument. Operating Systems don't kill Admins...Admins kill Admins or something like that.
If Companies were adopting platforms based solely on security, then according to these numbers we would all be Novell shops. Remember it is easy to hit the broadside of a barn, and the Linux and Windows barns are attractive targets.
Diebold (The Banking Equipment Maker) sells an off the shelf unit that records and indexes images by time and date using a SQL Server. The thing will run almost any b+w or color video camera. The thing runs a a web server so that you can grab pics from your browser. Authentication comes from Accounts stored in the Database. If you can live with the fact that the thing runs on all MS software, it works great the thing has been running seamlessly 24hrs. a day for about nine months without any type of intervention. Depending on how you a adjust the image capture frequency we get about 3 and 1/2 months worth of recording on the thing. I think the whole setup with 12 cameras, Software, and Server w/ about 100GB of Storage went for about $7000.