Yes, I still have some fan feed 132 column printouts from my MUSH days... since I met my wife on one, they have significance to me, but not much else from those days survived.
Yep. If it's actually true that you live in a society where things have degraded to the point that you can't trust the system not to be systemically corrupt, you should probably leave and go somewhere else.
There are checks in any good system, but if you can't have a reasonable expectation that two members of that system won't collude, there's not much that can be done. You have too many defectors, and the particular system you are playing in is headed a bad place and you should probably quit until it gets better.
A valid point, but not really related specifically to encryption. Once evidence of any kind is gathered, how do you know the evidence is entirely original?
I expect you meant "how do we know the evidence is unaltered."
Typically a hash of the data is collected at the point of collection and stored along with other details (filename, length, date/time stamp, collector information) with the collected forensics data. So the hash value can be recomputed and verify that whatever file you're looking at is the same as at the point of collection. Additionally, the standard 'chain of custody' checks can be done to verify that that hash never changed at any point in the history of custody after it was collected. If a key is available, the defense could do their own decryption to confirm that the plaintext presented is the same as the plaintext they produce from a file with the correct hash.
Min
Considering that when there's an accident people slow down almost to a halt in the hope of seeing something "traumatizing", my guess is people, at least the ones who are not actively seeking attention, are not as easily "traumatized" as you think they are.
These people are, frankly, morons. I still get nightmares from a motorcycle accident I was first on the scene of 15 years ago. (PSA: If you ride, PLEASE wear a helmet, if not for you, for the poor smuck trying to save your life.) I can't imagine what it would do to me to actually hit someone.
Min
This is why there should be a requirement for all law makers to post their proposals to/. and thwart the obvious holes we find in them! Or to ask an 8 yr old child. Same difference.:)
It's nearly impossible to mine them profitably. E.g. you'd pay more in electricity then you gain. But if you have enough hosts and don't need to pay for the electricity you're using, or you have access to powerful servers that (again) you don't have to pay for, it changes the economics.
It vibrates my wrist when I need to head to my next meeting and lets me tell at a glance when my boss has emailed me, and how many !!!!s are in the subject line. Sadly I doubt a non-smart watch can perform those duties.
Or maybe just like any startup, they roll back bugs big enough for the 'users' to notice and sweep the smaller stuff under the carpet. When they roll back the bug, they roll back time with it. Neat and tidy.
Or maybe we're just programmed not to notice them. Wish I could do that to my users!
It can't be that good an exploit. M$ pays up to 100KUSD for bug bounties. If it was that good, they'd just sell it to M$, instead of discounting to 90K.
Expect it'll get discounted again before sale. Although they have to be happy about the PR, might help them get a sale.
I'm raising a daughter, who at 6 knew what privacy is, what is and is not reasonable for other people to know about her, etc.
We rolled it into stranger awareness, because it makes sense to group social engineering awareness, stranger awareness and privacy issues together in my opinion. Only issue we have is occasionally she got upset because her teacher used her last name in class, but that's easier to correct for.
Seriously, every time we course-correct society successfully we start with the kids. If I teach my kid, she'll teach her friends, and her friends will teach their parents. Eventually the problem resolves itself by attrition.
Actually that's close to my password generation alg:
An acronym from a song lyric,+ some telephone number + something current so: ng2gyung2lyd4165555555/. (and if you decoded the song lyric, I just rickrolled you as a bonus!) by the time my work place goes through a password cycle, I've committed it to muscle memory, and until then I can regenerate it from the algorythm. And it's not something a brute force or a dictionary attack is going to break, even if the attacker knew my method.
1) Introduce 'taxi' system at lower price point 2) Collect data, prefect swarm algorithm 3) Add 'autopilot' features to cars so that they can go to a fare automaticly 4) Remove drivers entirely 5) Switch for an audible-like subscription plan where I can have X trips for Y$ each month. Utilize swarm data from #2 to 'hover' cars where needed during peak hours so that service time is quick 6) profit!
I'm always aghast when I look at the internet on a non-adblocked computer. The impact of having adblockers and tools like privacy badger is easy to forget until you don't have them.
Same reason that BGP isn't toast. Those who have the knowledge of how weak the locks are have no reason to leave the doors open behind them. It's really more surprising to anyone who's spent any time in the plumbing of the internet that it still functions, given the weaknesses in some of the protocols (check youtube for the looking glass site vulnerability talk from Defcon a couple of years ago for an example of how bad it is) then that it has holes.
Telephone system is the same way, the people with the skills to exploit SS7 are the people who are invested in keeping the holes there. It's more useful to be able to track an arbitrary cell phone then it is to be able to bring down the international phone system and force the telcos to fix it.
Here's the site that they used in Ontario, not bad as far as public education sites go. I particularly enjoyed the "should I feed it to my pet" faq. Surely the result of a headdesk after too many people called the info line.
I factor in opportunity cost too - I spend 2 hrs a day of my life driving to work (averages - some days it's a lot worse then that). If I could ignore the trip and get work done, I make money that I'm leaving on the table at the moment. Driving time is lost time to me, and time is money so I'd be willing to pony up for the extra time. That having been said, I'd take the deal for less then 500 too if you wanna negotiate them down?:)
And I totally get that there are people who treat this as their hobby, and that changes things. I do lots of things as hobbies that make no financial sense. Driving isn't one of those things for me, so I add up all the costs of car ownership and the costs of driving to work, driving the kid to her places, etc and come up with a number that when someone can meet my requirements for that number I'll be willing to sign. Ya, I'm probably towards the early adopter side of this curve, but that's what it's worth to me.
I've said for awhile that the company that can cross uber with self driving and audible to give me a plan where I can pay 500$/mo in order to have a car come and pick me up when I need it will get me to give up my car.
I think a self driving car fleet could make that happen. I'm not one of those people whose identity is tied up in my car, it's just a box on wheels that I use to get from point A to B in the most efficient way possible. Getting from point A to B in the most efficient way is what I want, not the box on wheels.
... And I'm not talking about writing large checks to companies that want to sell you something. They don't have your best interests at heart.
The issue is that anytime Joe Q Public hears of government employees making 6 figures he goes ballistic. He does this without any thinking or research about what a comparative job in the private sector pays.
People work in infosec in govt long enough to be attractive to $BigGovtContrator and then bail, get the real salary from the contractor and cash in. That's the game. There's probably a few honest folks who are trying to make things better, but they'll be undercut by the ones trying to give big sweet contracts to $BigGovtContractor in order to pad their parachute.
If we want govt to be effective we have to stop losing our pressure valve because someone working for the government is making more then we do.
And this is pretty much without respect to which country we're talking about. I'm not American but I work in infosec and I won't take a govt job here either. Tried it for like 6 months, saw the game and ran for private sector (no, not for $BigGovtContractor).
I know, not what you want to hear, and I expect to get modded down, but sometimes the truth hurts:)
I collect these stories for people who I mentor. Even if they're trolls, they work as cautionary tales, because lots of people have had similar smaller scale disasters (as evidenced by posts in this thread) and it's healthy for mentees to get a taste of what can happen when you (for example) forget to error check your script parameters.
In a big way it doesn't matter if it's true or not, it could be true which makes it a teachable moment. I'm sure everyone who reads the story will run a mental checklist to see if they have a script somewhere that could EVER do it. Do they have their backups mounted when they should be rsyncing, etc.
at 32,675/yr in the US, I think it's still a pretty safe argumentative gambit to suggest that if we're going to be terrified, it should be of our fellow drivers rather then some IS.
Slashdot Mirror
Yes, I still have some fan feed 132 column printouts from my MUSH days... since I met my wife on one, they have significance to me, but not much else from those days survived.
Min
Yep. If it's actually true that you live in a society where things have degraded to the point that you can't trust the system not to be systemically corrupt, you should probably leave and go somewhere else.
There are checks in any good system, but if you can't have a reasonable expectation that two members of that system won't collude, there's not much that can be done. You have too many defectors, and the particular system you are playing in is headed a bad place and you should probably quit until it gets better.
Min
Sadly, 25 years in IT tells me that the experiment has been repeated a number of times, and that its results have been reproduced frequently.
"Hey, I stuck this floppy to my filing cabinet with a big ol magnet and now it doesn't work, can you fix it? It has my only copy of my thesis on it"
Min
Next we'll have look and feel suits where cryptolocker is suing ranscam for looking too much like them :)
A valid point, but not really related specifically to encryption. Once evidence of any kind is gathered, how do you know the evidence is entirely original?
I expect you meant "how do we know the evidence is unaltered." Typically a hash of the data is collected at the point of collection and stored along with other details (filename, length, date/time stamp, collector information) with the collected forensics data. So the hash value can be recomputed and verify that whatever file you're looking at is the same as at the point of collection. Additionally, the standard 'chain of custody' checks can be done to verify that that hash never changed at any point in the history of custody after it was collected. If a key is available, the defense could do their own decryption to confirm that the plaintext presented is the same as the plaintext they produce from a file with the correct hash. Min
Considering that when there's an accident people slow down almost to a halt in the hope of seeing something "traumatizing", my guess is people, at least the ones who are not actively seeking attention, are not as easily "traumatized" as you think they are.
These people are, frankly, morons. I still get nightmares from a motorcycle accident I was first on the scene of 15 years ago. (PSA: If you ride, PLEASE wear a helmet, if not for you, for the poor smuck trying to save your life.) I can't imagine what it would do to me to actually hit someone. Min
This is why there should be a requirement for all law makers to post their proposals to /. and thwart the obvious holes we find in them! Or to ask an 8 yr old child. Same difference. :)
Min
It's nearly impossible to mine them profitably. E.g. you'd pay more in electricity then you gain. But if you have enough hosts and don't need to pay for the electricity you're using, or you have access to powerful servers that (again) you don't have to pay for, it changes the economics.
Min.
It vibrates my wrist when I need to head to my next meeting and lets me tell at a glance when my boss has emailed me, and how many !!!!s are in the subject line. Sadly I doubt a non-smart watch can perform those duties.
Min
Or maybe just like any startup, they roll back bugs big enough for the 'users' to notice and sweep the smaller stuff under the carpet. When they roll back the bug, they roll back time with it. Neat and tidy.
Or maybe we're just programmed not to notice them. Wish I could do that to my users!
It can't be that good an exploit. M$ pays up to 100KUSD for bug bounties. If it was that good, they'd just sell it to M$, instead of discounting to 90K.
Expect it'll get discounted again before sale. Although they have to be happy about the PR, might help them get a sale.
She's let the cat out of the bag - Oracle must be exploring options to charge even more for their products.
Not news for anyone who's looked at their Oracle budget numbers... ever.
First step - teach the next generation.
I'm raising a daughter, who at 6 knew what privacy is, what is and is not reasonable for other people to know about her, etc.
We rolled it into stranger awareness, because it makes sense to group social engineering awareness, stranger awareness and privacy issues together in my opinion. Only issue we have is occasionally she got upset because her teacher used her last name in class, but that's easier to correct for.
Seriously, every time we course-correct society successfully we start with the kids. If I teach my kid, she'll teach her friends, and her friends will teach their parents. Eventually the problem resolves itself by attrition.
Actually that's close to my password generation alg:
An acronym from a song lyric,+ some telephone number + something current so:
ng2gyung2lyd4165555555/. (and if you decoded the song lyric, I just rickrolled you as a bonus!) by the time my work place goes through a password cycle, I've committed it to muscle memory, and until then I can regenerate it from the algorythm. And it's not something a brute force or a dictionary attack is going to break, even if the attacker knew my method.
Min
I believe this was Uber's game all along:
1) Introduce 'taxi' system at lower price point
2) Collect data, prefect swarm algorithm
3) Add 'autopilot' features to cars so that they can go to a fare automaticly
4) Remove drivers entirely
5) Switch for an audible-like subscription plan where I can have X trips for Y$ each month. Utilize swarm data from #2 to 'hover' cars where needed during peak hours so that service time is quick
6) profit!
Nah, just someone who uses adblockers.
I'm always aghast when I look at the internet on a non-adblocked computer. The impact of having adblockers and tools like privacy badger is easy to forget until you don't have them.
Same reason that BGP isn't toast. Those who have the knowledge of how weak the locks are have no reason to leave the doors open behind them. It's really more surprising to anyone who's spent any time in the plumbing of the internet that it still functions, given the weaknesses in some of the protocols (check youtube for the looking glass site vulnerability talk from Defcon a couple of years ago for an example of how bad it is) then that it has holes.
Telephone system is the same way, the people with the skills to exploit SS7 are the people who are invested in keeping the holes there. It's more useful to be able to track an arbitrary cell phone then it is to be able to bring down the international phone system and force the telcos to fix it.
Min
Here's the site that they used in Ontario, not bad as far as public education sites go. I particularly enjoyed the "should I feed it to my pet" faq. Surely the result of a headdesk after too many people called the info line.
https://preparetobesafe.ca/
Min
I factor in opportunity cost too - I spend 2 hrs a day of my life driving to work (averages - some days it's a lot worse then that). If I could ignore the trip and get work done, I make money that I'm leaving on the table at the moment. Driving time is lost time to me, and time is money so I'd be willing to pony up for the extra time. That having been said, I'd take the deal for less then 500 too if you wanna negotiate them down? :)
And I totally get that there are people who treat this as their hobby, and that changes things. I do lots of things as hobbies that make no financial sense. Driving isn't one of those things for me, so I add up all the costs of car ownership and the costs of driving to work, driving the kid to her places, etc and come up with a number that when someone can meet my requirements for that number I'll be willing to sign. Ya, I'm probably towards the early adopter side of this curve, but that's what it's worth to me.
Min
I've said for awhile that the company that can cross uber with self driving and audible to give me a plan where I can pay 500$/mo in order to have a car come and pick me up when I need it will get me to give up my car.
I think a self driving car fleet could make that happen. I'm not one of those people whose identity is tied up in my car, it's just a box on wheels that I use to get from point A to B in the most efficient way possible. Getting from point A to B in the most efficient way is what I want, not the box on wheels.
Min
Min
Tesla opensourced them. Citation: https://www.teslamotors.com/bl...
... And I'm not talking about writing large checks to companies that want to sell you something. They don't have your best interests at heart.
The issue is that anytime Joe Q Public hears of government employees making 6 figures he goes ballistic. He does this without any thinking or research about what a comparative job in the private sector pays.
People work in infosec in govt long enough to be attractive to $BigGovtContrator and then bail, get the real salary from the contractor and cash in. That's the game. There's probably a few honest folks who are trying to make things better, but they'll be undercut by the ones trying to give big sweet contracts to $BigGovtContractor in order to pad their parachute.
If we want govt to be effective we have to stop losing our pressure valve because someone working for the government is making more then we do.
And this is pretty much without respect to which country we're talking about. I'm not American but I work in infosec and I won't take a govt job here either. Tried it for like 6 months, saw the game and ran for private sector (no, not for $BigGovtContractor).
I know, not what you want to hear, and I expect to get modded down, but sometimes the truth hurts :)
Min
I collect these stories for people who I mentor. Even if they're trolls, they work as cautionary tales, because lots of people have had similar smaller scale disasters (as evidenced by posts in this thread) and it's healthy for mentees to get a taste of what can happen when you (for example) forget to error check your script parameters.
In a big way it doesn't matter if it's true or not, it could be true which makes it a teachable moment. I'm sure everyone who reads the story will run a mental checklist to see if they have a script somewhere that could EVER do it. Do they have their backups mounted when they should be rsyncing, etc.
Min
at 32,675/yr in the US, I think it's still a pretty safe argumentative gambit to suggest that if we're going to be terrified, it should be of our fellow drivers rather then some IS.
Min
Just to point it out, Waterloo, Ontario is farther south then Seattle (43deg N vs 47 degN).
The boarder does a weird jag down in Ontario, typically it sits on 49N.