im in opposition of the bill as well, but im just curious as to your logic here.... if "Getting a court order is not due process." , than what constitutes "due process"? If this gets signed into law, i say there should be a proceedure that requires due diligance to prove the offence before the court order is issued, however i prefer that this bill not pass at all. Just wondering what your logic is, because if you are correlating this to the real world, all they need to raid your house, or shut down your buisness is a court order, and this seems to serve as "due process" just fine.
The problem was not that the targeted machines were connected to the internet, they wern't. If you have RTFA's the targeted machines were supposed to be infected by USB sticks transfered between infected machines and the mission critical systems. Thats why the Stuxnet worm did its best to hide very discreetly on a USB stick, so that it could be transfered from internet connected systems to the mission critical systems without being noticed. Hell, you probably could have picked up on this if you had even RTF summeries from all the posted articles on the Stuxnet worm.
If this was a Exxon incident you could have just as easily said Exxon did it AGAIN, same goes for shell, or any other BIG ENERGY company, their all horribly irresponsible, and more worried about their bottom line's and how well they do on the stock markets and how big of a bonus their CEO gets than they are about the enviroment, peoples lives, or well... anything. Bottom line is, big energy is king, and the king is only concerned with how much money he can make, not with the state of his kingdom.
>>>Ultimately it was, but mostly because it's inevitably going to be a political decision when there's a large number of powerful politicians pushing for the other option.
The only reason that there was an oil rig out there in the first place was a matter of politics. Had we pushed for alternative energy in the 70s and not lost focus that oil rig wouldn't have been in such a risky locale.
That implies we could have developed better more efficient means than we currently have, possibly solar that uses more of the spectrum, or more portable options that could replace gas/diesel fuels. Your assumption that we would still be at the current level of R&D is flawed.
every setting you set in your browser is stored as a registry key. If you set your browser to enable TLS 1.0, thats a boolean reg key that gets enabled, homepage is stored as a.... registry key!
your not reading between the lines here.... if you read between the lines it says to do something REALLY romantic for a chick right AFTER V-Day or before spring break... or 2 weeks before X-Mas, and you can steal her away from that Jock asshole..... (a side note, you may consider renewing your health/life insurance as well before you do this)
and they most deffinatly crossed planitary boundries... what orginization do we have in place to deal with these aliens? there needs to be oversite! these aliens cant keep comming in, stealing hard working earthling jobs! someone think of the earthli.... I WELCOME OUR NEW ALIEN OVERLORDS.... PLEASE GOTO YOUR LOCAL WATER TOWER FOR MANDITORY PROBINGS EARTH... ERR FELLOW HUMANS!
This software is an add-on for FireFox that looks at network traffic for the network that its on (weather its on your work network, a public wireless network, or your work network). It will find any information that the user is giving a website or that the website is giving the end user that is not encrypted. This includes "cookies" that can allow the person running this program to impersonate the end user (ie steal their account). The way to protect your website is to design it in such a way that all information is encrypted between the user and your site (using SSL or other methods). As a end user to protect yourself you have a few options, one - not use public networks where other people may be using this software (airport wifi networks, Starbucks etc). two - ensure if you do use public networks that the sites you visit use encryption (start with https://./ three - if you use public networks and the website you want to visit doesn't use encryption (start with https:/// to use tunneling (VPN - Virtual Private Networking) technologies so that you can connect securely to the site.
please note that there are a few (unavoidable) acronyms used here, where they are used i tried to present them in plain every day terms. This topic by nature requires some level of technical competence. If you have any questions please refer to google and wikipedia respectively.
The purpose of this software is to show "The Masses" just how easy and trivial this is. This software can be used for "penetration testing", a valid and legititimate purpose. That is the purpose of this software.This software can also be used for illegal reasons, such as stealing someone else's facebook account. If you prefer to thin of Butler as a asshat for trying to point out this VERY serious problem, than by all means, i hope we can all be as big of asshat's as Butler. By this logic any "brute force" program is illegal, keylogger's are illegal, viruses are illegal, etc.... the software itself is not illegal, how the user uses the software determins the legality of the software. If i want to code a virus to format my drive for testing purposes, i am prefectly within my rights to do so, to send this software to hunderds of people as a screensaver with "puppies screensaver" as the subject would be illegal.
Older browsers?!?! IE8 still "bitches" when i load up facebooks "Account Settings" Page - "Do you want to view only the webpage content that was delivered securely
This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."
FTP, IMAP and POP3 are protocols. HTML is a standard. I promise you your browser is HTTP compliant (which is the equivalent of your FTP client being FTP compliant). Flash is a closed "standard" in that the company that makes the software also sets the standard.It is much easier for adobe to create software that matches their "standard" as whatever they come up with if the "standard". With that said, creating a rendering engine that can properly render CSS, PHP, HTML4, HTML5, JAVASCRIPT, and the multitudes of other "standards" out there is anything but easy. Its like working with a puzzle, you know what the end product should be, and how it should behave in general, however the parts you have to create the end product bear NO RESEMBELENCE to the finished produce. And standard "compatibility" is neither a floor, or a ceiling, as not being 100% compliant, can happen because you implement non standard features (too much) or by not implementing features the standard calls for (not enough). Keep in mind that this standard has no working proof of concept. Currently it is a set of parameters used to define how things should work, and the browsers are doing their best to fall into those parameters. Its a huge amount of work to get one of these browsers to be standards compliant. As soon as one browser archives compliance, another standard comes along to supersede the standard they just complied with. This is a never ending process, and its due to this turn over that there is not one browser which is 100% standards compliant with every standard out there.
You would switch to fabric if you are concerned with security, eventhough it will have found its way into your code without fabric, the point is fabric is security oriented making it HARDER to do insecure things. On top of that it would seem your argument about coding your own mechinism being deemed insecure, im sure that would be a user error as opposed to a problem with the language itself as there has to be a mechninsm to specify what is and is not to be trusted within the language, if you wish to do such things to mark the system you need trusted as trusted? and finally, no i wouldnt expect people to adopt fabric overnight, just like they didnt adapt java, python, or php overnight, however one thing is certin, they will never adopt it if it does not exist. As far as the learning curve associated with it, its basically java, you just need to learn some new modules etc, syntax should be very javaish.... keep in mind this is aimed at large networks that may or may not have a central security authority, its ment to help developers of large networks (like facebook) design more secure and robust systems from the ground up, while providing a extra layer of "security". Im sure if you try hard enough you can manage to break it, as everything is only secure as it is accessable, someone somewhere will break it if they want to.
I think Google has offered to delete the data, but some goverments ordered them not to. If i were google, i wouldnt go the "extra mile" as it may cause them a law suite. I would contact the other goverments where data has been collected (which they already have) and try to work out a resolution with them that ends in deletion of the collected data (which is still pending in many countrys, see germany). I would like to see Google follow the purposed requirements, as well as take it a step further and possibly found or donate to some orginization that helps users and citizens protect their digital privacy.
I think this is more of a "media event" to promote sciences and education more than trying to prove anything. When the goverment wants to prove something, they dont turn to Adam and Jamie, they hire scietists with billion dollar budgets and secret labs. This is more just the president trying to get more kids involved in science/history etc.... i doubt he even thinks their orignal conclusion was wrong, just wanted a intresting "Myth" for the duo to revisit that might turn a few heads. Take this for what it is.... a attempt to revive education in the american youth.
This points out a major issue, many non technical users often do not know the difference between security of the router and security of the wifi signal itself. Many people just change the router's password and think they are "safe".
you might want to include who "out national population" is as not being canadian, i read this as "the population of california alone is greater than the population of the united states" which makes NO sense. I assume from your suggestion about 100% of canadian computers being infected implys you are Canadian, but it does not read that way. Thanks!
Working on the space shuttle really isn't all that hard for the most part. It's time to stop equating yourselves to rocket scientists. Again, for the most part. being a CEO really isn't all that hard for the most part. It's time to stop equating yourselves to big shots. Again, for the most part. Designing Bridges really isn't all that hard for the most part. It's time to stop equating yourselves to engineers. Again, for the most part.
You have the right to not provide the combination, which would result in them getting a safe cracking team in and adding that onto your legal fee's should you lose your case. You have the right to not provide your passwords, which will result in them getting a crypto team in to crack the password and adding THAT to your legal fee's WHEN you lose your case.
It used to be a sophisticated light weight feature rich firewall for windows.... it allowed rules and whatnot.... now... its a bloated flaming pile of sh*t sinking with a horrible company that deserves to be put out of business for its questionable marketing practices and horrible customer support.
do you have a copy of the schematics? id so, i would love to take a look.... im sure it would be fairly trivial to build/flash such a device if the full schematic existed? My guess is that the schematic needed for this to work isnt "readily" avalable, and wont be for some time (a few months?)
there is no way to do HDCP decryption in software on a computer, this is all handled automagically by the controller on each end, HDCP only exists "on the wire" because as soon as it gets to eitther end, the controller decrypts it and handles content protection from there.... cracking HDCP allows ANYONE to build a new controller which is able to link up with existing HDMI equipment and decrypt the information without all that nasty content protection stuff as well, but to do this the HDCP decryption would need to be on-chip in a custom built HDMI interface, which is not easy/cheap to do (according to intel), so until complete schematics and a flashrom show up, this is pretty much useless to anyone wanting to use it.
wow, that was actually a very imformitave link... mod parrent up! I have never really sat down and read about the reasons for standardizing the power frequency until you posted that!
Slashdot Mirror
im in opposition of the bill as well, but im just curious as to your logic here.... if "Getting a court order is not due process." , than what constitutes "due process"? If this gets signed into law, i say there should be a proceedure that requires due diligance to prove the offence before the court order is issued, however i prefer that this bill not pass at all. Just wondering what your logic is, because if you are correlating this to the real world, all they need to raid your house, or shut down your buisness is a court order, and this seems to serve as "due process" just fine.
The problem was not that the targeted machines were connected to the internet, they wern't. If you have RTFA's the targeted machines were supposed to be infected by USB sticks transfered between infected machines and the mission critical systems. Thats why the Stuxnet worm did its best to hide very discreetly on a USB stick, so that it could be transfered from internet connected systems to the mission critical systems without being noticed. Hell, you probably could have picked up on this if you had even RTF summeries from all the posted articles on the Stuxnet worm.
If this was a Exxon incident you could have just as easily said Exxon did it AGAIN, same goes for shell, or any other BIG ENERGY company, their all horribly irresponsible, and more worried about their bottom line's and how well they do on the stock markets and how big of a bonus their CEO gets than they are about the enviroment, peoples lives, or well... anything. Bottom line is, big energy is king, and the king is only concerned with how much money he can make, not with the state of his kingdom.
>>>Ultimately it was, but mostly because it's inevitably going to be a political decision when there's a large number of powerful politicians pushing for the other option.
The only reason that there was an oil rig out there in the first place was a matter of politics. Had we pushed for alternative energy in the 70s and not lost focus that oil rig wouldn't have been in such a risky locale.
That implies we could have developed better more efficient means than we currently have, possibly solar that uses more of the spectrum, or more portable options that could replace gas/diesel fuels. Your assumption that we would still be at the current level of R&D is flawed.
every setting you set in your browser is stored as a registry key. If you set your browser to enable TLS 1.0, thats a boolean reg key that gets enabled, homepage is stored as a.... registry key!
your not reading between the lines here.... if you read between the lines it says to do something REALLY romantic for a chick right AFTER V-Day or before spring break... or 2 weeks before X-Mas, and you can steal her away from that Jock asshole..... (a side note, you may consider renewing your health/life insurance as well before you do this)
and they most deffinatly crossed planitary boundries... what orginization do we have in place to deal with these aliens? there needs to be oversite! these aliens cant keep comming in, stealing hard working earthling jobs! someone think of the earthli.... I WELCOME OUR NEW ALIEN OVERLORDS.... PLEASE GOTO YOUR LOCAL WATER TOWER FOR MANDITORY PROBINGS EARTH... ERR FELLOW HUMANS!
This software is an add-on for FireFox that looks at network traffic for the network that its on (weather its on your work network, a public wireless network, or your work network). It will find any information that the user is giving a website or that the website is giving the end user that is not encrypted. This includes "cookies" that can allow the person running this program to impersonate the end user (ie steal their account). The way to protect your website is to design it in such a way that all information is encrypted between the user and your site (using SSL or other methods). As a end user to protect yourself you have a few options, one - not use public networks where other people may be using this software (airport wifi networks, Starbucks etc). two - ensure if you do use public networks that the sites you visit use encryption (start with https://./ three - if you use public networks and the website you want to visit doesn't use encryption (start with https:/// to use tunneling (VPN - Virtual Private Networking) technologies so that you can connect securely to the site.
please note that there are a few (unavoidable) acronyms used here, where they are used i tried to present them in plain every day terms. This topic by nature requires some level of technical competence. If you have any questions please refer to google and wikipedia respectively.
The purpose of this software is to show "The Masses" just how easy and trivial this is. This software can be used for "penetration testing", a valid and legititimate purpose. That is the purpose of this software.This software can also be used for illegal reasons, such as stealing someone else's facebook account. If you prefer to thin of Butler as a asshat for trying to point out this VERY serious problem, than by all means, i hope we can all be as big of asshat's as Butler. By this logic any "brute force" program is illegal, keylogger's are illegal, viruses are illegal, etc.... the software itself is not illegal, how the user uses the software determins the legality of the software. If i want to code a virus to format my drive for testing purposes, i am prefectly within my rights to do so, to send this software to hunderds of people as a screensaver with "puppies screensaver" as the subject would be illegal.
Older browsers?!?! IE8 still "bitches" when i load up facebooks "Account Settings" Page - "Do you want to view only the webpage content that was delivered securely
This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."
FTP, IMAP and POP3 are protocols. HTML is a standard. I promise you your browser is HTTP compliant (which is the equivalent of your FTP client being FTP compliant). Flash is a closed "standard" in that the company that makes the software also sets the standard.It is much easier for adobe to create software that matches their "standard" as whatever they come up with if the "standard". With that said, creating a rendering engine that can properly render CSS, PHP, HTML4, HTML5, JAVASCRIPT, and the multitudes of other "standards" out there is anything but easy. Its like working with a puzzle, you know what the end product should be, and how it should behave in general, however the parts you have to create the end product bear NO RESEMBELENCE to the finished produce. And standard "compatibility" is neither a floor, or a ceiling, as not being 100% compliant, can happen because you implement non standard features (too much) or by not implementing features the standard calls for (not enough). Keep in mind that this standard has no working proof of concept. Currently it is a set of parameters used to define how things should work, and the browsers are doing their best to fall into those parameters. Its a huge amount of work to get one of these browsers to be standards compliant. As soon as one browser archives compliance, another standard comes along to supersede the standard they just complied with. This is a never ending process, and its due to this turn over that there is not one browser which is 100% standards compliant with every standard out there.
Your comparison is apples to oranges
You would switch to fabric if you are concerned with security, eventhough it will have found its way into your code without fabric, the point is fabric is security oriented making it HARDER to do insecure things. On top of that it would seem your argument about coding your own mechinism being deemed insecure, im sure that would be a user error as opposed to a problem with the language itself as there has to be a mechninsm to specify what is and is not to be trusted within the language, if you wish to do such things to mark the system you need trusted as trusted? and finally, no i wouldnt expect people to adopt fabric overnight, just like they didnt adapt java, python, or php overnight, however one thing is certin, they will never adopt it if it does not exist. As far as the learning curve associated with it, its basically java, you just need to learn some new modules etc, syntax should be very javaish.... keep in mind this is aimed at large networks that may or may not have a central security authority, its ment to help developers of large networks (like facebook) design more secure and robust systems from the ground up, while providing a extra layer of "security". Im sure if you try hard enough you can manage to break it, as everything is only secure as it is accessable, someone somewhere will break it if they want to.
I think Google has offered to delete the data, but some goverments ordered them not to. If i were google, i wouldnt go the "extra mile" as it may cause them a law suite. I would contact the other goverments where data has been collected (which they already have) and try to work out a resolution with them that ends in deletion of the collected data (which is still pending in many countrys, see germany). I would like to see Google follow the purposed requirements, as well as take it a step further and possibly found or donate to some orginization that helps users and citizens protect their digital privacy.
I think this is more of a "media event" to promote sciences and education more than trying to prove anything. When the goverment wants to prove something, they dont turn to Adam and Jamie, they hire scietists with billion dollar budgets and secret labs. This is more just the president trying to get more kids involved in science/history etc.... i doubt he even thinks their orignal conclusion was wrong, just wanted a intresting "Myth" for the duo to revisit that might turn a few heads. Take this for what it is.... a attempt to revive education in the american youth.
This just in, 93.5% of all statistics are made up on the spot!
http://slashdot.org/comments.pl?sid=1818524&cid=33877336 - you contradict yourself? so which is it? you ARE or ARE NOT religous?
http://slashdot.org/comments.pl?sid=1821554&cid=33901882 you contradict yourself?
This points out a major issue, many non technical users often do not know the difference between security of the router and security of the wifi signal itself. Many people just change the router's password and think they are "safe".
you might want to include who "out national population" is as not being canadian, i read this as "the population of california alone is greater than the population of the united states" which makes NO sense. I assume from your suggestion about 100% of canadian computers being infected implys you are Canadian, but it does not read that way. Thanks!
Working on the space shuttle really isn't all that hard for the most part. It's time to stop equating yourselves to rocket scientists. Again, for the most part.
being a CEO really isn't all that hard for the most part. It's time to stop equating yourselves to big shots. Again, for the most part.
Designing Bridges really isn't all that hard for the most part. It's time to stop equating yourselves to engineers. Again, for the most part.
etc...
You have the right to not provide the combination, which would result in them getting a safe cracking team in and adding that onto your legal fee's should you lose your case. You have the right to not provide your passwords, which will result in them getting a crypto team in to crack the password and adding THAT to your legal fee's WHEN you lose your case.
It used to be a sophisticated light weight feature rich firewall for windows.... it allowed rules and whatnot.... now... its a bloated flaming pile of sh*t sinking with a horrible company that deserves to be put out of business for its questionable marketing practices and horrible customer support.
do you have a copy of the schematics? id so, i would love to take a look.... im sure it would be fairly trivial to build/flash such a device if the full schematic existed? My guess is that the schematic needed for this to work isnt "readily" avalable, and wont be for some time (a few months?)
there is no way to do HDCP decryption in software on a computer, this is all handled automagically by the controller on each end, HDCP only exists "on the wire" because as soon as it gets to eitther end, the controller decrypts it and handles content protection from there.... cracking HDCP allows ANYONE to build a new controller which is able to link up with existing HDMI equipment and decrypt the information without all that nasty content protection stuff as well, but to do this the HDCP decryption would need to be on-chip in a custom built HDMI interface, which is not easy/cheap to do (according to intel), so until complete schematics and a flashrom show up, this is pretty much useless to anyone wanting to use it.
wow, that was actually a very imformitave link... mod parrent up! I have never really sat down and read about the reasons for standardizing the power frequency until you posted that!