YEAR of meteors! brooding year!
I would bind in words retrospective, some of your deeds and signs;
I would sing your contest for the 19th Presidentiad;
I would sing how an old man, tall, with white hair, mounted the scaffold in Virginia;
(I was at hand—silent I stood, with teeth shut close—I watch’d;
I stood very near you, old man, when cool and indifferent, but trembling with age and your unheal’d wounds, you mounted the scaffold;)
I am curious: does anyone know who the old man was, why he was being hung? Was it a lynching?
If you have personally identifiable information (PII) about a Massachusetts resident, such as a first and last name, then you have to encrypt that data on the wire and as it’s persisted.
Incorrect. The author either did not do any research at all, or got the definition of PII horribly wrong as far as this law is concerned.
The directive that sets the standard based on the law states:
Personal information, a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
It is abundantly clear that a person's first and last name alone does not constitute PII, SSN, financial account number or some other not so public information is also required.
Here came someone with a magic box who provided an easy solution, and the eggheads and their political masters bought it hook, line and sinker. What I find extraordinary is that the NSA was not involved or asked to vet this guy's findings. Billions of dollars and some of the finest brains working there, and no one thought to call them? Looks like even in 2003 inter-agency cooperation wasn't going very well.He was CIAs asset, and they were not going to share.
My conclusion: con man, and he will probably get away with this, because the government can not publicly prosecute him without looking like an Idiot.
VP of strategy, Director of Marketing, etc. etc. for companies that sell Backup, Storage and Virtualization.
And they are suggesting you implement those so you can justify the expense by showing security ROI.
Nice.
I agree with the central point being made, which is that the same HW can be used for security and other non-security purposes. The door that keeps out intruders also keeps out the cold. But please do not call that ROI.
Ask any security person, and s/he will tell you that security has no ROI, or should not. That horse is dead. If someone is still peddling that security ROI cool-aid, ask them what is the ROI for the insurance they have. Or some pointy-headed boss is going to call his poor security guy and demand ROI figures for all the security projects. He may even demand that the firewall rules be mauve.
http://www.andrew-eells.com/wp-content/uploads/2008/09/mauve.jpg
Robert Johnston, the original singer of Crossroad Blues, died in 1938 before Eric Clapton was even born (1945)
I don't know who wrote it, so it is entirely possible the song is even older.
But that is not my main point. Wow--given a sample size of 3, a whole profession is labeled as 'weird'? I have seen my share of weird programmers, but most of them happen to be perfectly normal people (for society's definition of normal). My definition of "normal" also includes people who speak Klingon, eat Ramen and may have questionable hygiene.
As a response to the original article, here is my generalization of the day: all Earthweb columnist's are weirdo's who look like they are secretly planning to take over the world.
Exactly. Symbolics was founded by a few original MIT hackers from the AI lab.. people who wrote the first computer chess, the first space-war, people who modified the TX-0, then the PDP-1. They believed in free software and sharing knowledge (RMS was the last of that breed, from the same lab), and although the founding of Symbolics itself came from a conflict and it produced commercial software, they never forgot their roots.
It would be inconceivable for them to domain-squat.
IIRC, he allegedly changed the Cisco configs but never saved them on NVRAM. You can power-cycle Cisco devices and have a 60-second window to get in without knowing the password
That was the big problem.. had he saved the configs to NVRAM, the City could have just power-cycled the devices during a maintenance window, gone in and reset the passwords. But the configs being only in volatile memory meant that if they tried that, the boxes would have lost the config, resulting in the "full system failure"--they City network would have gone down.
The survey is reporting something that every single security professional that has managed a budged had known for a long time, even before the recession (except may be the preriod around Y2K)
The sad truth is, at most companies management sees security is an unnecessary cost that they reluctantly tolerate because of SOX and industry regulations like PCI-DSS. They are quick to point out that security does not earn profits (and forget that it actually protects the profits). So the CEO tells the CIO to trim his budget, and given the choice of keeping the servers functioning or users getting phished, the CIO opts for more pressing need. (at 99% of the places, the security function reports to the CIO or CTO but that is for another bitching session)
Then of course something goes wrong, and the security person gets yelled at because s/he did not do his job. So then the coffers open, and the company spends a ton of money that could have been fixed for less at the right time (TJX breach).
The solution lies with security pros: they need to frame their budget requests as business cases: if we do X, we will protect $Y of revenue (Point out that a data breach at company ABC cost them $ZZ). And if management does not fund the budget, have them formally, in writing, accept the risk.
Claims of patriotism is the last refuge of the scoundrel.
Dude, learn to recognize the difference between someone reporting a fact and jumping to conclusions about what that person was thinking. (I am thinking, that quote should have said "moron" instead of "scoundrel")
Yes, in this case, it is desperation. Since 2003, enlistment has been falling (I guess kids don't want to die in the sand just because somebody had daddy issues). But it is now up. Since there is no new 9/11 sky-is-falling shit being spread around, it is a factor of the economy.
Here is the news report, and if you don't believe me, there is also this
WASHINGTON - The faltering US economy is fueling a dramatic turnaround in military recruiting, with new statistics showing that the Army is experiencing the highest rate of new enlistments in six years.
Agreed.. people are getting disparate. Enlistment in the Army is also up.
I belong to a social network for the laid-off and people really are not talking about finding jobs--they are talking about the stress of being jobless, having no money, etc. One guy even mentioned a suicide incident in his blog post
They were coming in for the kill. I was directly in front of them, and as soon as they saw my face, they stopped and disappeared. An ape capable of killing lions ran away after a peek--that must have been one ugly face!
Wired had a story about Lance Armstrong's equipment and how they consider shaving 2 ounces off the weight a major improvement. Why would a rider want to carry additional deadweight, even if it is a 2 ounce GPS?
There are stories about successful defense against digital photographs in criminal cases. "Enhancements" using photoshop can be considered evidence tampering. So this technique can have a life-altering implication for some people.
There is a middle road, and its accepted industry practice. For exempt employees who have to work overtime and weekends, comp time is fair compensation. (unless you can efford to quit. whatevery you do, do not try to bluff; it might be called).
Slashdot Mirror
YEAR of meteors! brooding year!
I would bind in words retrospective, some of your deeds and signs;
I would sing your contest for the 19th Presidentiad;
I would sing how an old man, tall, with white hair, mounted the scaffold in Virginia;
(I was at hand—silent I stood, with teeth shut close—I watch’d;
I stood very near you, old man, when cool and indifferent, but trembling with age and your unheal’d wounds, you mounted the scaffold;)
I am curious: does anyone know who the old man was, why he was being hung? Was it a lynching?
Incorrect. The author either did not do any research at all, or got the definition of PII horribly wrong as far as this law is concerned. The directive that sets the standard based on the law states:
It is abundantly clear that a person's first and last name alone does not constitute PII, SSN, financial account number or some other not so public information is also required.
The author was on NPR a few days ago [transcript and audio], in case you won't visit PlayBoy or get distracted once you get there :-)
Here came someone with a magic box who provided an easy solution, and the eggheads and their political masters bought it hook, line and sinker. What I find extraordinary is that the NSA was not involved or asked to vet this guy's findings. Billions of dollars and some of the finest brains working there, and no one thought to call them? Looks like even in 2003 inter-agency cooperation wasn't going very well.He was CIAs asset, and they were not going to share.
My conclusion: con man, and he will probably get away with this, because the government can not publicly prosecute him without looking like an Idiot.
Vatican, the UN and the USAF already has been in contact with the aliens; this conference is just to prep the world for the breaking news.
If you don't believe me, check out V on ABC (in the USA)
VP of strategy, Director of Marketing, etc. etc. for companies that sell Backup, Storage and Virtualization. And they are suggesting you implement those so you can justify the expense by showing security ROI. Nice. I agree with the central point being made, which is that the same HW can be used for security and other non-security purposes. The door that keeps out intruders also keeps out the cold. But please do not call that ROI. Ask any security person, and s/he will tell you that security has no ROI, or should not. That horse is dead. If someone is still peddling that security ROI cool-aid, ask them what is the ROI for the insurance they have. Or some pointy-headed boss is going to call his poor security guy and demand ROI figures for all the security projects. He may even demand that the firewall rules be mauve. http://www.andrew-eells.com/wp-content/uploads/2008/09/mauve.jpg
Robert Johnston, the original singer of Crossroad Blues, died in 1938 before Eric Clapton was even born (1945)
I don't know who wrote it, so it is entirely possible the song is even older.
But that is not my main point. Wow--given a sample size of 3, a whole profession is labeled as 'weird'? I have seen my share of weird programmers, but most of them happen to be perfectly normal people (for society's definition of normal). My definition of "normal" also includes people who speak Klingon, eat Ramen and may have questionable hygiene.
As a response to the original article, here is my generalization of the day: all Earthweb columnist's are weirdo's who look like they are secretly planning to take over the world.
From Wired
"Paramedics/Doctors: Do not write me off as dead. Try to resuscitate"
on Google Books. You are welcome
Exactly. Symbolics was founded by a few original MIT hackers from the AI lab.. people who wrote the first computer chess, the first space-war, people who modified the TX-0, then the PDP-1. They believed in free software and sharing knowledge (RMS was the last of that breed, from the same lab), and although the founding of Symbolics itself came from a conflict and it produced commercial software, they never forgot their roots.
It would be inconceivable for them to domain-squat.
If you have time, you might want to read a bit about them
IIRC, he allegedly changed the Cisco configs but never saved them on NVRAM. You can power-cycle Cisco devices and have a 60-second window to get in without knowing the password That was the big problem.. had he saved the configs to NVRAM, the City could have just power-cycled the devices during a maintenance window, gone in and reset the passwords. But the configs being only in volatile memory meant that if they tried that, the boxes would have lost the config, resulting in the "full system failure"--they City network would have gone down.
The survey is reporting something that every single security professional that has managed a budged had known for a long time, even before the recession (except may be the preriod around Y2K)
:-)
The sad truth is, at most companies management sees security is an unnecessary cost that they reluctantly tolerate because of SOX and industry regulations like PCI-DSS. They are quick to point out that security does not earn profits (and forget that it actually protects the profits). So the CEO tells the CIO to trim his budget, and given the choice of keeping the servers functioning or users getting phished, the CIO opts for more pressing need. (at 99% of the places, the security function reports to the CIO or CTO but that is for another bitching session)
Then of course something goes wrong, and the security person gets yelled at because s/he did not do his job. So then the coffers open, and the company spends a ton of money that could have been fixed for less at the right time (TJX breach).
The solution lies with security pros: they need to frame their budget requests as business cases: if we do X, we will protect $Y of revenue (Point out that a data breach at company ABC cost them $ZZ). And if management does not fund the budget, have them formally, in writing, accept the risk.
And always keep your resume updated
Not SOX, at least not directly.
I think you mean PCI-DSS: https://www.pcisecuritystandards.org/
Claims of patriotism is the last refuge of the scoundrel.
Dude, learn to recognize the difference between someone reporting a fact and jumping to conclusions about what that person was thinking. (I am thinking, that quote should have said "moron" instead of "scoundrel")
Yes, in this case, it is desperation. Since 2003, enlistment has been falling (I guess kids don't want to die in the sand just because somebody had daddy issues). But it is now up. Since there is no new 9/11 sky-is-falling shit being spread around, it is a factor of the economy.
Here is the news report, and if you don't believe me, there is also this
Agreed.. people are getting disparate. Enlistment in the Army is also up.
I belong to a social network for the laid-off and people really are not talking about finding jobs--they are talking about the stress of being jobless, having no money, etc. One guy even mentioned a suicide incident in his blog post
No wonder people are getting worried
Evolution by Baxter is probably one of the best SF books I have read (starts 65 million years ago and goes to the end of earth). Highly recommended
They were coming in for the kill. I was directly in front of them, and as soon as they saw my face, they stopped and disappeared.
An ape capable of killing lions ran away after a peek--that must have been one ugly face!
overspun
WWW may be dying, but repeating old stories is forever
Wired had a story about Lance Armstrong's equipment and how they consider shaving 2 ounces off the weight a major improvement. Why would a rider want to carry additional deadweight, even if it is a 2 ounce GPS?
There are stories about successful defense against digital photographs in criminal cases. "Enhancements" using photoshop can be considered evidence tampering. So this technique can have a life-altering implication for some people.
JPY 500,000 = US $ 4,528 (approx.)
Same story from Boston Globe was on /. 2 days ago.
[insert rant here]
US personal injury lawyers are already lobbying to bring this to the USA.
My advice is, negotiate for comp time