The problem with your argument is that there are folks that CAN do the things that John Draper and others like him can do, but also have the ability to "work well with others"
I spent a number (10+)years as a manager - and I am very technically adept. I never found myself micromanaging, nor did I use my managerial postion to prove myself as a technical genius.
I was however able to identify when smoke was blowing blown up my nether region by my employees, vendors or my customer.
Plus, I have numerous people work for me at multiple jobs and tell me how great it is to work for a manager that knows what they are talking about.
If you add up the extra 1+ hours of show Monday-Thursday (I don't think he is EVER off the air before 11 and mostly runs to 11:30) and the fact that when he was on terrestrial radio, there were more commercials than content you still get more Howard with him taking off Fridays (anyway he does not take off every Friday - it appears to about 1/2).
Now if you dont like him, that is fine - but to use the Friday's off as a reason to move to XM is a poor argument to say the least.
I do agree with your point about some of the DJ's being way to absorbed in the sound of their own voices. However, some of them are interesting, you can always change the channel to hear music elsewhere and I have friends with XM and the DJs over there don't seem to be any better.
Now a truly secure password is something like "h3$xF1@"
Not necessarily true - pre-computed
"rainbow
tables" which benefit from use of time-memory tradeoff - no
password is safe, no matter how complex.
RainbowCrack is
available for LanMan, MD5, SHA, etc. hashes.
The only real protection from this attack is salting.
Strong authentication is the only way to go - I am very surprised that the
FBI is protecting its secret and top secret stuff with passwords only...maybe not so surprised
I concur 100%. This guy is a thief, plain and simple. For him to refer to the temptation to turn 300 dollars into thousands as a relapse is a horrible insult to the folks that have ascended above true addiction.
HIPAA is the defacto standard law for protection of medical records - further if you RTA, you will see that The Washington Post does not mention HIPAA by name until the 354th word of a 1200+ word article.
In any case, a law that is not properly enforced IS ineffectual.
In theory this might work to provide slower spreading infections, in practice
it will cause more problems than it solves .
As a security practitioner for more than ten years, I can tell you that this
type of diversity makes security management more difficult. Can you imagine
trying to troubleshoot a problem when you don't know what the code is supposed
to look like this time, or where it loads this time or how it
interacts with other components this time.
I can also say that pretty much without exception, from a security
perspective I recommend all of my clients create a standard base from which to
build their enterprise systems. Standardization makes patching,
maintenance and forensics much easier. This does not mean that I recommend
all systems are deployed on the same platform, just that for each platform,
application, system, the configuration and versions are the same.
While it is true that diversity
can be helpful and a totally homogenous environment is bad for security -
dynamic, morphing applications just smells like trouble to me.
Wal-mart encourages its employees to go on medicaid and welfare to make ends meet, and has programs and personnel whose roles are specifically to help new sales associates to enroll in these programs so that they can live on Wal-mart wages
This is an interesting statement if indeed it is true. I don't work at Walmart and I don't know anybody that does. Can someone confirm that this is true?
Your ignorance of what is involved in supporting IT is showing.
Although the cost of the drives may have come down, there are other costs associated with adding another drive - that additional 1 meg of on line messages multiplied by X numbers of users needs to be monitored, maintained, backed up and made redundant... and of course restored when somebody mistakenly deletes the wrong message.
I too am an InfoSec guy and I have seen exactly the opposite.
I work with fortune 500 clients and they are scared s-less - the threat of jail time makes the security concerns appear more real.
All of the services and products we have been pushing - identity management, e-mail archiving, log analysis, data correlation are all growing by leaps and bounds.
my sponsors are loving it as well. The projects they have been trying to jump-start for months if not years now are getting the go ahead due to SOX audit reports.
it is amazing that all of the concerns i have had for years are now important
I wish you could be modded up above 5. I have been saying this for years
Reminds me of a great story - a few years back a guy was being put to death for some horrific crime and his last words were
"I blame nobody but myself - not video games, not my parents, not music and not the movies or TV"
I wish more people placed the blame where it belongs
Poor comparison - Passwords to Bank Card Pins
on
Password Security Panned
·
· Score: 4, Insightful
The author of the article compares complicated and difficult passwords to 4 digit pins for ATM machines and points to the lack of fraud in the ATM situation. There is a significant difference between the two scenarios - with ATM access you need a card in addition to your pin - this is referred to as two-factor authentication.
Sidebar Factors are things you need to prove your identity and there are three types -
"what you know" - typically a password
"what you have" - typically a card, token, key fob, or digital certificate
"what you are" - typically biometrics End Sidebar
The ATM example is 2-factor, which is inherently more secure than a password which is single factor
A far more secure approach would be to implement a two-factor authentication mechanism, however this increases cost and overhead (AOL is now offering this as an option - for a fee or course). Some other options are one-time password schemes where the password changes after each use, or graphical based passwords.
While in theory and practice passwords are not very secure, it must be pointed out that the other options are more expensive and more difficult to manage. Imagine having to carry 20-30 key fobs or a disk with a digital certificate everywhere you go.
Deciphering encrypted language/words is much easier than pulling the raw key from a crypto system - you can use statistical anlysis and heuristics to do so. The fact is most results using the incorrect key look wrong and can be discounted.
In the case of these types of systems any key looks as correct as any other key.
Additionally, a 64 bit key provides 2^48 more possible keys than a 16 bit system (a 16 bit system has 65,536 keys and a 64 bit system has 18,446,744,073,709,551,616 keys).
hit child molesters extremely hard without any consequence
Why do you think this is the case? - Does it have anyhting to do with the type of crime that molestation is?
As far as I am concerned the only illogic here is the fact that these "people" are not being punished by the legal system for their behavior.
I am by no means trying to say that hardened criminal's morals are the norm. My point is that these "people" are commiting horribloe crimes and not being properly punished - My reference to their standing in jail was to show that even killers and other criminal even think this behavior is beyond reproach
I don't pretend to be an expert in the penal system - however I feel that the acts he committed are among the most egregious actions a human being can take (I believe we are bound to protect those that cannot protect themselves)
-it is likely that these girls and in fact all the victims of the perpetrators in the article will suffer for the rest of their lives -
and Roy needs to suffer some significant level of punishment. The fact that this girl looked to Roy as a trusted adult (due to his relationship with her mother) makes what he did even worse.
it is likely that my having a six year old daughter makes me somewhat bias in this situation - however Roy needs to be punished for his behavior - whether or not Roy will ever do this again is not relevant to me - Roy needs to suffer and his suffering should be subject to some magnifier vs. what the girls involved will likely suffer.
maybe you are correct that he could keep my daughter from being hit by a car - but many others could do the same without the threat that Roy represents.
I also take issue with your statement that almost anyone could commit such a crime - I believe in the good in human nature (maybe a bad idea) and the fact that child molesters are looked down upon by the most vicious hardened criminals in prison - in fact most child abusers are isolated - should indicate how out of main stream these crime are -
Please forgive my ramblings - I am a giant fan and am mourning the fact that the eagles are going to Jacksonville in two weeks (football for the Slashdot geeks who have no idea about the world of sports) and am drinking out my frustration.
He was a little more than just creepy - he touched two 12 year old girls and asked his step daughter to have sex with him.
as I have said above - what this man did was beyond reproach. What makes it worse is he did it to a girl he should have been protecting (part of the responsibilty you take when you marry someone with young children)
in any case the point I am trying to make - i guess not sucessfully - is that he needs to be punished for his actions and as far as i am concerned being subject to probation is not sufficient - these girl(s) lives will be forever stamped with the trauma which will be associated with this incedent
These people in general - and this animal Roy in particular have no business walking the street.
How do you think the mother of this girl feels? It is likely that this girl will be traumatized for the rest of her life.
And as far as I am concerned -
Slashdot Mirror
The problem with your argument is that there are folks that CAN do the things that John Draper and others like him can do, but also have the ability to "work well with others"
How is this an advertisement? SANS does not do background checks; they sell books and training.
I spent a number (10+)years as a manager - and I am very technically adept. I never found myself micromanaging, nor did I use my managerial postion to prove myself as a technical genius.
I was however able to identify when smoke was blowing blown up my nether region by my employees, vendors or my customer.
Plus, I have numerous people work for me at multiple jobs and tell me how great it is to work for a manager that knows what they are talking about.
If you add up the extra 1+ hours of show Monday-Thursday (I don't think he is EVER off the air before 11 and mostly runs to 11:30) and the fact that when he was on terrestrial radio, there were more commercials than content you still get more Howard with him taking off Fridays (anyway he does not take off every Friday - it appears to about 1/2).
Now if you dont like him, that is fine - but to use the Friday's off as a reason to move to XM is a poor argument to say the least.
I do agree with your point about some of the DJ's being way to absorbed in the sound of their own voices. However, some of them are interesting, you can always change the channel to hear music elsewhere and I have friends with XM and the DJs over there don't seem to be any better.
Not necessarily true - pre-computed "rainbow tables" which benefit from use of time-memory tradeoff - no password is safe, no matter how complex.
RainbowCrack is available for LanMan, MD5, SHA, etc. hashes.
The only real protection from this attack is salting.
Strong authentication is the only way to go - I am very surprised that the FBI is protecting its secret and top secret stuff with passwords only...maybe not so surprised
I concur 100%. This guy is a thief, plain and simple. For him to refer to the temptation to turn 300 dollars into thousands as a relapse is a horrible insult to the folks that have ascended above true addiction.
Stop! my brain is bleeding
HIPAA is the defacto standard law for protection of medical records - further if you RTA, you will see that The Washington Post does not mention HIPAA by name until the 354th word of a 1200+ word article.
In any case, a law that is not properly enforced IS ineffectual.
In theory this might work to provide slower spreading infections, in practice it will cause more problems than it solves .
As a security practitioner for more than ten years, I can tell you that this type of diversity makes security management more difficult. Can you imagine trying to troubleshoot a problem when you don't know what the code is supposed to look like this time, or where it loads this time or how it interacts with other components this time.
I can also say that pretty much without exception, from a security perspective I recommend all of my clients create a standard base from which to build their enterprise systems. Standardization makes patching, maintenance and forensics much easier. This does not mean that I recommend all systems are deployed on the same platform, just that for each platform, application, system, the configuration and versions are the same.
While it is true that diversity can be helpful and a totally homogenous environment is bad for security - dynamic, morphing applications just smells like trouble to me.
Wal-mart encourages its employees to go on medicaid and welfare to make ends meet, and has programs and personnel whose roles are specifically to help new sales associates to enroll in these programs so that they can live on Wal-mart wages
This is an interesting statement if indeed it is true. I don't work at Walmart and I don't know anybody that does. Can someone confirm that this is true?
Your ignorance of what is involved in supporting IT is showing.
... and of course restored when somebody mistakenly deletes the wrong message.
Although the cost of the drives may have come down, there are other costs associated with adding another drive - that additional 1 meg of on line messages multiplied by X numbers of users needs to be monitored, maintained, backed up and made redundant
Uhm, this is a pretty blanket statement - care to support it with facts
I too am an InfoSec guy and I have seen exactly the opposite.
I work with fortune 500 clients and they are scared s-less - the threat of jail time makes the security concerns appear more real.
All of the services and products we have been pushing - identity management, e-mail archiving, log analysis, data correlation are all growing by leaps and bounds.
my sponsors are loving it as well. The projects they have been trying to jump-start for months if not years now are getting the go ahead due to SOX audit reports.
it is amazing that all of the concerns i have had for years are now important
Too late - Hil's peeps already have it. http://hillaryclinton2008.org/
Expecting common sense is rather presumptuous of you - don't you think
and it's fact that a video game can seriously affect a childs behavior
Do you have any actual basis for this little factoid.
I wish you could be modded up above 5. I have been saying this for years
Reminds me of a great story - a few years back a guy was being put to death for some horrific crime and his last words were
"I blame nobody but myself - not video games, not my parents, not music and not the movies or TV"
I wish more people placed the blame where it belongs
The author of the article compares complicated and difficult passwords to 4 digit pins for ATM machines and points to the lack of fraud in the ATM situation. There is a significant difference between the two scenarios - with ATM access you need a card in addition to your pin - this is referred to as two-factor authentication.
Sidebar
Factors are things you need to prove your identity and there are three types -
"what you know" - typically a password
"what you have" - typically a card, token, key fob, or digital certificate
"what you are" - typically biometrics
End Sidebar
The ATM example is 2-factor, which is inherently more secure than a password which is single factor
A far more secure approach would be to implement a two-factor authentication mechanism, however this increases cost and overhead (AOL is now offering this as an option - for a fee or course). Some other options are one-time password schemes where the password changes after each use, or graphical based passwords.
While in theory and practice passwords are not very secure, it must be pointed out that the other options are more expensive and more difficult to manage. Imagine having to carry 20-30 key fobs or a disk with a digital certificate everywhere you go.
Deciphering encrypted language/words is much easier than pulling the raw key from a crypto system - you can use statistical anlysis and heuristics to do so. The fact is most results using the incorrect key look wrong and can be discounted.
In the case of these types of systems any key looks as correct as any other key.
Additionally, a 64 bit key provides 2^48 more possible keys than a 16 bit system (a 16 bit system has 65,536 keys and a 64 bit system has 18,446,744,073,709,551,616 keys).
hit child molesters extremely hard without any consequence
Why do you think this is the case? - Does it have anyhting to do with the type of crime that molestation is?
As far as I am concerned the only illogic here is the fact that these "people" are not being punished by the legal system for their behavior.
I am by no means trying to say that hardened criminal's morals are the norm. My point is that these "people" are commiting horribloe crimes and not being properly punished - My reference to their standing in jail was to show that even killers and other criminal even think this behavior is beyond reproach
I don't pretend to be an expert in the penal system - however I feel that the acts he committed are among the most egregious actions a human being can take (I believe we are bound to protect those that cannot protect themselves)
-it is likely that these girls and in fact all the victims of the perpetrators in the article will suffer for the rest of their lives -
and Roy needs to suffer some significant level of punishment. The fact that this girl looked to Roy as a trusted adult (due to his relationship with her mother) makes what he did even worse.
it is likely that my having a six year old daughter makes me somewhat bias in this situation - however Roy needs to be punished for his behavior - whether or not Roy will ever do this again is not relevant to me - Roy needs to suffer and his suffering should be subject to some magnifier vs. what the girls involved will likely suffer.
maybe you are correct that he could keep my daughter from being hit by a car - but many others could do the same without the threat that Roy represents.
I also take issue with your statement that almost anyone could commit such a crime - I believe in the good in human nature (maybe a bad idea) and the fact that child molesters are looked down upon by the most vicious hardened criminals in prison - in fact most child abusers are isolated - should indicate how out of main stream these crime are -
Please forgive my ramblings - I am a giant fan and am mourning the fact that the eagles are going to Jacksonville in two weeks (football for the Slashdot geeks who have no idea about the world of sports) and am drinking out my frustration.
He was a little more than just creepy - he touched two 12 year old girls and asked his step daughter to have sex with him.
as I have said above - what this man did was beyond reproach. What makes it worse is he did it to a girl he should have been protecting (part of the responsibilty you take when you marry someone with young children)
in any case the point I am trying to make - i guess not sucessfully - is that he needs to be punished for his actions and as far as i am concerned being subject to probation is not sufficient - these girl(s) lives will be forever stamped with the trauma which will be associated with this incedent
I am assuming that you do not have any children -
These people in general - and this animal Roy in particular have no business walking the street.
How do you think the mother of this girl feels? It is likely that this girl will be traumatized for the rest of her life. And as far as I am concerned -
in all likelyhood he will not reoffend
what if he did and it was YOUR daughter?
Perchance you might change your mind
"I was sentenced," Roy continued with his introduction, "to 20 years suspended after 30 days, with 35 years probation"
Anybody else have a problem with the fact that this guy did not do any significant jail time for what he did?
The amount of energy required to move anything with any kind of mass to the speeds mentioned in the article would be prohibitive