There is not a company in there that I think will go away in 2009. A headline to crank up CPM, and the ads were more valuable than the content of the article.
I mean, it is hard to beleive that they missed Nortel, who should be on this list. Support for product is answered by people who cannot speak the language of their customers, let alone English. What's an IP address? It doesn't say here in the script! Can you help me read Mr. Customer?
Word around town is that they can't afford to dole out any more packages and their crown jewels are for sale. The Canadian Department of National Defense is eying up their R&D headquarters in west end Ottawa. It will be sad day in Ottawa when the government takes over the last Nortel site.
Was that a Right Angle Turn, Mr. Roth? I think you picked the wrong turn at Albequerque dude.
Here's to Northern Telecom/Bell-Northern Research/Nortel Networks, what used to be a good place to work.
In my opinion, I see no reason for minors to be using the same social networking services as adults, and in my opinion if they are under 15 they shouldn't be on social networking sites at all. I can think of one... so the parents can monitor the kids who are actually on there regardless of controls. I need to see what's being said, done, and by whom with my kids. If couldn't interact with persons unknown to me but known to my kids who were minors I wouldn't be able to discover them and therefore unable to observe them and determine if their behavior is appropriate.
In Canada there is actually some ironic legislation going on about this. First of all, there are provisions within the Criminal Code that expressly protect "private communications", and also to deal with deadly traps:)
The Government of Canada is creating a new offence targeting those who would set traps in a any place under section 247 of the Criminal Code. The Government of Canada is creating a new offence targeting those who would set traps in a place used for a criminal purpose and intending to cause injury or death.
One of our government departments asked for express permission to monitor private communications (see Comments on Specific Provisions of Bill C-36) which could be invoked as part of some ammendments post 9-11. Now there is a bill before Parliament to ammend the criminal code to clarify the role of IDS (and by extension one would think, honeypots). Ironically it's the same bill that will deal with the boobytrapped pothouse law.
Under our criminal code, currently, "Every one who, by means of any electromagnetic, acoustic, mechanical or other device, wilfully intercepts a private communication is guilty of an indictable offence and liable to imprisonment for a term not exceeding five years."
The amendment would create exceptions to the offences of intercepting a private communication and of disclosing its content to ensure quality control in the communications industry. A proposed amendment to the Financial Administration Act (section 161) will ensure that federal departments and agencies may take reasonable measures to manage and protect their computer systems, which may include the interception of private communications.
In order to protect the privacy of persons in Canada, limits would be imposed and use of information intercepted by private IDS systems will be controlled under the Criminal Code.
For example, it is questionable as to whether in email, users have an expectation of privacy. Consider an IDS that captures full packet content. Is it interception of private communications? It could be as simple as setting the correct snaplen in your Snort rule:)
Where I have a problem with this is that a honeypot, by definition, shouldn't have any legitimate use. So how can it be interception of private communications (with what)? Of course this would vary with the statutes in that jusidiction.
When it comes to the liability issues, Honeypots should never be deployed without monitoring outgoing activities. It is likely an obligatory duty of due care to other fellow netizens to not knowingly leave a vulnerable machine out there that could be used to attack other machines. I can see a definite liability issue there of opening up a few shares and walking away for a few months without checking.
IANAL, but AFAIC the safest way is to adapt an explicit policy that individual communications will be monitored as a matter of course in aggregate for suspicious activity, which will be reported to authorities. One might be able to ensure to the best of their abilities that this warning is seen by implementing klaxon that returns a warning to this effect on all unserved ports on your honeypot. Always monitor the honeypot and have reasonably documented procedures on what you plan to do when it gets hacked to minimize damage to your neighbours.
Hmmm.. Based on that logic we should all quit speeding too.
If the expected conviction rate of all spammers is say oh... 1 of 100 (ridiculuously conservative) then some Joe looking to get into the spam business is looking at this kinda math:
$98000 fine per conviction * 1% probability of fine conviction = $980 expected fine per year say.
Or alternatively, if he spams for 100 years he'll get caught once and we would have a warchest more than good enough to cover that. I'd consider that as a cost of doing business.
Do you think we're convicting even a tenth of 1% of the bastards? Not.
The business case is there. That's why SPAM is growing at as fast a rate as ever. I knew a guy who was supplying spammers boxes at $1000 a shot, preloaded like a bomb to fire off a million or so SPAMs. Ship it somewhere, hook it up to a phone, it dials, spams and then forget about it. He did that a few times a week. Absolutely brutal. The fine should have been hard time or 10-50x the fine. Deterrence is about ruining the business case of being a criminal. Make the risk to high and they'll find something else to do.
Slashdot Mirror
There is not a company in there that I think will go away in 2009. A headline to crank up CPM, and the ads were more valuable than the content of the article. I mean, it is hard to beleive that they missed Nortel, who should be on this list. Support for product is answered by people who cannot speak the language of their customers, let alone English. What's an IP address? It doesn't say here in the script! Can you help me read Mr. Customer? Word around town is that they can't afford to dole out any more packages and their crown jewels are for sale. The Canadian Department of National Defense is eying up their R&D headquarters in west end Ottawa. It will be sad day in Ottawa when the government takes over the last Nortel site. Was that a Right Angle Turn, Mr. Roth? I think you picked the wrong turn at Albequerque dude. Here's to Northern Telecom/Bell-Northern Research/Nortel Networks, what used to be a good place to work.
The Government of Canada is creating a new offence targeting those who would set traps in a any place under section 247 of the Criminal Code. The Government of Canada is creating a new offence targeting those who would set traps in a place used for a criminal purpose and intending to cause injury or death.
One of our government departments asked for express permission to monitor private communications (see Comments on Specific Provisions of Bill C-36) which could be invoked as part of some ammendments post 9-11. Now there is a bill before Parliament to ammend the criminal code to clarify the role of IDS (and by extension one would think, honeypots). Ironically it's the same bill that will deal with the boobytrapped pothouse law.
Under our criminal code, currently, "Every one who, by means of any electromagnetic, acoustic, mechanical or other device, wilfully intercepts a private communication is guilty of an indictable offence and liable to imprisonment for a term not exceeding five years."
The amendment would create exceptions to the offences of intercepting a private communication and of disclosing its content to ensure quality control in the communications industry. A proposed amendment to the Financial Administration Act (section 161) will ensure that federal departments and agencies may take reasonable measures to manage and protect their computer systems, which may include the interception of private communications.
In order to protect the privacy of persons in Canada, limits would be imposed and use of information intercepted by private IDS systems will be controlled under the Criminal Code.
For example, it is questionable as to whether in email, users have an expectation of privacy. Consider an IDS that captures full packet content. Is it interception of private communications? It could be as simple as setting the correct snaplen in your Snort rule :)
Where I have a problem with this is that a honeypot, by definition, shouldn't have any legitimate use. So how can it be interception of private communications (with what)? Of course this would vary with the statutes in that jusidiction.
When it comes to the liability issues, Honeypots should never be deployed without monitoring outgoing activities. It is likely an obligatory duty of due care to other fellow netizens to not knowingly leave a vulnerable machine out there that could be used to attack other machines. I can see a definite liability issue there of opening up a few shares and walking away for a few months without checking.
IANAL, but AFAIC the safest way is to adapt an explicit policy that individual communications will be monitored as a matter of course in aggregate for suspicious activity, which will be reported to authorities. One might be able to ensure to the best of their abilities that this warning is seen by implementing klaxon that returns a warning to this effect on all unserved ports on your honeypot. Always monitor the honeypot and have reasonably documented procedures on what you plan to do when it gets hacked to minimize damage to your neighbours.
B
Hmmm.. Based on that logic we should all quit speeding too.
If the expected conviction rate of all spammers is say oh... 1 of 100 (ridiculuously conservative) then some Joe looking to get into the spam business is looking at this kinda math:
$98000 fine per conviction * 1% probability of fine conviction = $980 expected fine per year say.
Or alternatively, if he spams for 100 years he'll get caught once and we would have a warchest more than good enough to cover that. I'd consider that as a cost of doing business.
Do you think we're convicting even a tenth of 1% of the bastards? Not.
The business case is there. That's why SPAM is growing at as fast a rate as ever. I knew a guy who was supplying spammers boxes at $1000 a shot, preloaded like a bomb to fire off a million or so SPAMs. Ship it somewhere, hook it up to a phone, it dials, spams and then forget about it. He did that a few times a week. Absolutely brutal. The fine should have been hard time or 10-50x the fine. Deterrence is about ruining the business case of being a criminal. Make the risk to high and they'll find something else to do.