We've had phishing for a while. Recently people have been talking about "pharming" or "phlashing" --- it's getting to the point where replacing an f with a ph is the industry-standard way of denoting something as malicious.
You can't buy a house on NZ$55k (well, not in the cities), and supporting a family would require careful budgeting, but if you're single you can live pretty comfortably and put away some savings too.
I was flying internationally (Wellington to Sydney) recently. The security guards stopped me after x-raying my bag --- turned out that I had some roll-on deoderant in there that I had forgotten about. Oops.
So I apologise and hand it over. The security officer places the deoderant in a plastic bag, hands it back to me, and sends me on my way.
Clearly the bag was made of some kind of special anti-explosive plastic...
People know that they have to look after their passport. Will they realise that if they lose (or throw away) their ticket, it could become a vector for someone to steal their identity?
I dunno --- I'm still waiting for someone who actually watched the video to post in this thread:-)
I guess the question is: can the SYSTEM account access encrypted volumes? In XP, if you encrypted your home directory, the Administrator user could read your files (by default; you could change that).
Without having a secure phone line (not available to many people) you are still creating a weak spot in your plan.
Yeah, but you're changing the nature of the risk.
If I stick the data on a thumb drive and carry / courier it to the consultant, the primary risk is that either I or the courier company will lose the thumb drive and that an opportunistic finder will take advantage of the sensitive data.
A secondary risk is that I will be mugged, or the courier company robbed. Much lower.
Finally, we get to the risk you're talking about: that a malicious organisation has tapped my phones, and plans to track and intercept the courier carrying the data. As a risk, this seems to me vanishingly small, unless you work with incredibly sensitive data. And, hell, if your enemies can tap your phones, they've probably got better ways of getting at your data anyway.
Remember, you can't eliminate risk. There's always the chance that someone will grab your encrypted data and guess the password. You have to choose what level of risk you're comfortable with.
Seriously --- why not? Stick the data into a truecrypt volumne on a USB thumb drive (or USB hard drive, for big data). If the contractor is nearby, walk over and type the password in yourself. If not, courier it and use encrypted email to transmit the password (or just tell the guy over the phone).
Fair enough. I just thought you might have misunderstood the term "formal verification" (which would be easy enough to do, if you haven't met the word "formal" in the mathematics or abstract CS sense).
Not sure OSS could even exist in a world like that. After all, 'formal verification' isn't free. And you wouldn't be allowed to modify your own source... the liability issues alone!
I'm not sure you've got the right end of the stick, here. "formal verification" doesn't mean "code review by some officially-sanctioned third party". It means "verification using formal methods".
As such, the only cost is time. People already volunteer their time to work on open source projects; there's no particular reason [other than mind-numbing tedium] why they wouldn't volunteer time for this too.
Wiki has list. But it's disappointingly short (even if you go to the creative extras list). Perhaps you could devote some of your spare time to updating it!
My name is Benjamin M. Duckworth. I live at 1594 Sweetwood Drive, Greenwood Village, CO 80111. My credit card number is 5312 0830 9546 2162, expiry 10/2010, SSN 522-68-2397. HTH!
It may be interesting discourse, but it can be difficult to get a balanced discourse -- and this is something the Post is committed to
Yeah? They're more noble than our newspapers. Both major news sits in New Zealand have recently allowed user comments and the end of some articles. The comments are mostly on-topic at the moment, but whenever the site reports on reader feedback, they are only interested in those comments that promote their own sensationalist angle. Try to inject reason or fact into a debate and they're uninterested..
You're making a video with your phone, when it rings. Unwilling to interrupt your filming, you hit the divert button, redirecting the call to your MP3 player. This annoys your offspring, who were watching a movie on it. To placate them, you tell them to fetch your video camera, which they can use to stream the same movie to your television in higher quality...
I doubt he's saying they build every single page from scratch, banging away at their favourite text editor. It would be madness not to use templates or something similar to avoid repeating work. He's saying that they build the templates by creating the HTML/CSS manually, rather than using some code-generation tool like Dreamweaver.
Slashdot Mirror
Don't forget to tag this article yearoflinuxonthedesktop!
We've had phishing for a while. Recently people have been talking about "pharming" or "phlashing" --- it's getting to the point where replacing an f with a ph is the industry-standard way of denoting something as malicious.
So, Phorm's choice of name is ... interesting.
I didn't think it was possible to have less than a Brazilian...
You can't buy a house on NZ$55k (well, not in the cities), and supporting a family would require careful budgeting, but if you're single you can live pretty comfortably and put away some savings too.
I was flying internationally (Wellington to Sydney) recently. The security guards stopped me after x-raying my bag --- turned out that I had some roll-on deoderant in there that I had forgotten about. Oops.
So I apologise and hand it over. The security officer places the deoderant in a plastic bag, hands it back to me, and sends me on my way.
Clearly the bag was made of some kind of special anti-explosive plastic...
People know that they have to look after their passport. Will they realise that if they lose (or throw away) their ticket, it could become a vector for someone to steal their identity?
I dunno --- I'm still waiting for someone who actually watched the video to post in this thread :-)
I guess the question is: can the SYSTEM account access encrypted volumes? In XP, if you encrypted your home directory, the Administrator user could read your files (by default; you could change that).
Will it stop directing them through tiny villages with roads too narrow to cope?
Yeah, but you're changing the nature of the risk.
If I stick the data on a thumb drive and carry / courier it to the consultant, the primary risk is that either I or the courier company will lose the thumb drive and that an opportunistic finder will take advantage of the sensitive data.
A secondary risk is that I will be mugged, or the courier company robbed. Much lower.
Finally, we get to the risk you're talking about: that a malicious organisation has tapped my phones, and plans to track and intercept the courier carrying the data. As a risk, this seems to me vanishingly small, unless you work with incredibly sensitive data. And, hell, if your enemies can tap your phones, they've probably got better ways of getting at your data anyway.
Remember, you can't eliminate risk. There's always the chance that someone will grab your encrypted data and guess the password. You have to choose what level of risk you're comfortable with.
Just think how Christianity would have turned out if God had used Reincarnate instead!
Seriously --- why not? Stick the data into a truecrypt volumne on a USB thumb drive (or USB hard drive, for big data). If the contractor is nearby, walk over and type the password in yourself. If not, courier it and use encrypted email to transmit the password (or just tell the guy over the phone).
Fair enough. I just thought you might have misunderstood the term "formal verification" (which would be easy enough to do, if you haven't met the word "formal" in the mathematics or abstract CS sense).
I'm not sure you've got the right end of the stick, here. "formal verification" doesn't mean "code review by some officially-sanctioned third party". It means "verification using formal methods".
As such, the only cost is time. People already volunteer their time to work on open source projects; there's no particular reason [other than mind-numbing tedium] why they wouldn't volunteer time for this too.
If an organisation is breaking the law (which is what "illegal" means, right?), why do police never get involved?
As an outsider looking in, it seems like the cycle is this:
Is it any wonder that nothing changes if there are never any consequences for illegal doings?
How will you get to court if they don't let you into the country?
Will they call them Weirding Modules?
[student raises his hand] "Miss! I'm requesting permission to go to the toilet. Cancel or allow?"
[teacher sighs] "Allow ... but be quick!"
Wiki has list. But it's disappointingly short (even if you go to the creative extras list). Perhaps you could devote some of your spare time to updating it!
My name is Benjamin M. Duckworth. I live at 1594 Sweetwood Drive, Greenwood Village, CO 80111. My credit card number is 5312 0830 9546 2162, expiry 10/2010, SSN 522-68-2397. HTH!
It may be interesting discourse, but it can be difficult to get a balanced discourse -- and this is something the Post is committed to
Yeah? They're more noble than our newspapers. Both major news sits in New Zealand have recently allowed user comments and the end of some articles. The comments are mostly on-topic at the moment, but whenever the site reports on reader feedback, they are only interested in those comments that promote their own sensationalist angle. Try to inject reason or fact into a debate and they're uninterested..
You're making a video with your phone, when it rings. Unwilling to interrupt your filming, you hit the divert button, redirecting the call to your MP3 player. This annoys your offspring, who were watching a movie on it. To placate them, you tell them to fetch your video camera, which they can use to stream the same movie to your television in higher quality...
<sigh> Do you remember the good old days when you could physically damage your monitor if you made mistakes in XF86Config? Alas for progress...
Dude!
How can you possibly contemplate marriage without knowing which distro she uses?
I mean, what if you make it down the aisle, only to discover that she's a Gentoo fan, while you're pure debian? Divorce city!
I found a java simulation here.
I doubt he's saying they build every single page from scratch, banging away at their favourite text editor. It would be madness not to use templates or something similar to avoid repeating work. He's saying that they build the templates by creating the HTML/CSS manually, rather than using some code-generation tool like Dreamweaver.