You know, you're right. The movie was first. It was series writers who thought most of that.
The movie writers probably thought something like: "hey lets do a movie and put Snake Blisken and an Academic Indians Jones in outer space fighting Egyptian aliens..."
After the semi-successful movie, the SG1 series writers then probably thought: "Well Snake's (Kurt Russel) Agent says he's not available for TV work, lets get McGuyver, add a ridge-challenged Worf and Some science hottie babe. They looked around and didn't find anyone with big enough breasts who could do a military scientist type and eventually settled on Amanda Tapping who is buxom enough (NSFW and it's a joke) to satisfy most geeks while being able to speak two technobable sentences in a row without too much embarrassment."
It wasn't until later that they hired 7 of 9 and put her in a leather bodice to be Worf's (T'elk's) babe de'jour. With the series writers thinking "Wow ratings are good, but they could be even better, if we add even bigger breasts to the cast. Who's on the Sci-fi big boobs call list? Oh yeah, Jeri Ryan (7of 9)"
Note BTW that, snideness aside, I love the Stargate and Atlantis Series and while I do claim to be sarcastic, I don't claim to be very funny
Um, I actually thought the question about "what is the Stargate?" was sarcasm.
Looking at the responses, I'm actually supprised that wasn't the case.
I'll throw in my sarcastic explanation of Stargate anyways: Stargate is where the writers thought, "Hey lets grab the aging McGuyver, give him machine guns and have him fight Aliens throughout the Galaxy. We can team him up with a buxom science babe (doing a military version of the sexy librarian thing), a Stoic warrior guy like Worf (but with fewer head ridges) and a Indiana Jones type academic guy (but more know-it-all). The whole thing can be done with an ancient Egyptian theme with cool pyramids and crystals and stuff. We can make it all work by using a lesser known gaming system like Tri-Tac's Fringeworthy Roleplaying game. We can do a film, maybe even a series or two, with lots of explosions and special effects stuff, it'll be really cool".
Scenario #5: RFID nano-medicine makes me immortal. NOT SURE...
We'll I'll be sure to immediately start taking up sword-fighting just in case an endless stream of similarly RFID nano-medicine users come to take my head.
You can never be sure when the Quickening is going to happen and one needs to be ready to take the Prize, just in case
The so-called explosion wasn't even "NEAR" moon-base alpha, was far away on the dark side at several of the the nuclear waste disposal and storage facilities. As I recall, it took the better part of an hour by Eagle landers to reach it. This safety measure protected the residents of Moon Base Alpha even in the worst-case scenario that occurred in '99
Furthermore, It's minute long spontaneous ignition (caused by improper management of the facility and not following the safety specifications) was hardly an explosion, it was more like a briefly sustained fusion (fission?) event.
I do have to concede that it was certainly many orders of magnitude greater in terms of energy release. The Lunar ignition of '99 generated enough energy to accelerate a body the size of the moon by 5Gs or so (nobody blacked out from the acceleration) and sustain it long enough to have escape Solar system escape velocity. Various theories about the discrepancy between a 60 second 5G acceleration and Solar system escape velocity being caused by the previously unknown "space warp" are still under investigation.
The very last thing we here at the Slashdot community is gripe about DRM in a way that comes up with a do-able (or even semi-doable) solution.
In general I think that locked down DRM is not an unsolvable problem, it's just that I'd like to believe the really good engineers won't sign up to create such an evil technology.
If we here at Slashdot put our heads together and gripe in a manner that solves it (to better mock them), and then that design leaks to the MPAA/RIAA. Well then we'd have nobody to complain to but ourselves...
Lets let somebody we already hate, such as Microsoft or SCO, write it and then we can go blissfully finger-pointing in our usual smug and superior manner.
In addition to unnecessary Windows bashing, you also miss the point of the article. If you have a non-static Debian/Apache based website with dynamic content that speaks to separate backend servers, you probably have some kind of "web-server database password" embedded somewhere in the web site's own code.
It is truly rare for user passwords to be passed along from web client, to the web server to the database and then database security security applied to allow visibility of individual records. Remember for proper security, you also can't cache them (even for the duration of a virtual session) at the web-server to get around the semi-stateless nature of http/SSL.
A much more common design is to have a web site hard code-embedded database password for the front-end web application (capable of doing anything any user can do on the web) and then have the web application limit access based on security properties of the user. if somebody had network access and knew the hard coded password, it could impersonate the web-server and make any Database changes it wants. Things like changing operating systems, or using secureID are useless here since the web application can't read tokens and needs access for it's own use.
But even if you dodge that bullet, you need only have one chink in your armor to be completely blown. Things like Network ops with Cisco support contracts blow the confidentiality of your dedicated links, if even one host in that network segment has a remote server/software support contract, it can be used for sniffing/impersonation. Do you run VPNs between all apps? Kerberos? if so then you're getting closer to getting rid of these hidden back doors.
The truth is most companies find it more cost-effective to trust their support vendors and internal net/operation staff rather than go through the pain of protecting against them.
Since these trusts are betrayed so infrequently, it's cheaper/better to buy an insurance policy against the loss than to protect against it.
As a security professional it's my job to recommend cost-effective security, not absolute security.
I do have to agree that citing a buzz-phrase like digital vaults is a very lame way to end an artical. But that said, it's an interesting technology to apply to solve this problem.
Mind you, it doesn't actually solve it as many unsolved issues remain (escalation of privledges from within the application, administartive access, development backdoors, key management, migration to the new architecture, etc.) but it's nice to have a new tool to apply to the problem.
Below is an explainatin of "Digital Vaults":
Digital Vaults enable users across the internet to share access to sensitive information in a simple secure way.
A major challenge that is faced by all organisations selecting IT technology is trying to clearly understand how a particular solution may address the challenges they are tasked with solving. And this often involves trying to understand what various vendors mean when using generic terminology.
The term "Digital Vault" has come to the fore in the last few months and now several vendors are offering technology under the umbrella of digital vaulting. So what should you understand? A simple acid test to apply to anything claiming to be a digital vault is the following. Does the digital vault hide items from those who have no right to see them, and does it ensure that those with access rights are monitored every step of the way.
The term vault should be used because it relates to the vault in the physical world. Every enterprise relies on few priceless items that must never be lost or exposed. The danger of losing or exposing these priceless items is vital to the enterprise's business continuity and can even threaten its very existence. In today's business world, a large percentage of those items is in digital format. Most business enterprises today will still use the physical vault to securely store copies of the critical data, but this is impractical when on the one hand you are required to make that data available on a day to day basis for those who need to view, and modify the data, and at the same time you are required to keep it under "lock and key" so that those who are not entitled to see it are kept away from it.
Bringing it back to the physical world analogy; the physical vault can only be accessed by those who have privileges to do so, and once in the vault, only those safety deposit boxes that you have the right to open should be made available to you. For those who saw the the Bourne Identity (movie), you may remember the scene when the hero enters the bank and gains access to the vault. He is then provided access to his private safety deposit box - well the digital vault needs to mirror this physical scenario. So the digital vault should be a mirror image of the physical vault. Critical data needs to be stored in a secure location, and should be visible only to those with the rights to see it.
Another key factor in identifying a Digital Vault should be its ability to mimic all existing security processes and procedures in the organisation for handling sensitive information. For example, most organisations will have clearly defined policies and procedures defining how sensitive physical items are handled. For example, who has access to the physical vault, and the security boxes? Are individuals allowed to access on their own, or is a dual control mechanism in place, for example dual keys? Does staff have to be authorized to enter, and are there times of day when access is permitted. These and many more procedures are found in organisations, and a Digital Vault must be able to address these procedures as is. It is not advisable to try and redefine policies and procedures to fit technology - the technology has to fit.
A digital vault by its very nature is going to provide some standard services to ensure that its contents are protected, such as being a long-term repository, highly secured regardless of overall network security and regardless of the physical topology of th
OK I typed way too fast and my calculator converted these fines to exponential notation, so i got some numbers slightly (ha!) wrong.
24 Million times 1000000 is 2.4 Trillion not 2 Trillion.
But that is irrelevant because I did more/better research and the lower bound is 568,000 CDs (based on Dan Kaminsky's network DNS cache analysis) http://www.doxpara.com/?q=sony
A good conservitive higher bound is 2.1 Million sold (based on Sony's statements)http://www.nytimes.com/2005/11/14/busin ess/14rights.html>
The revised maximum fine numbers would then be $3,362,560,000 to $14,208,000,000.
So its just $3 to $14 Trillion in potential fines.
My guess is that having a fine of (approx) 40% of your net worth hanging over your head is not gonna be good. Of course this is just Texas we're talking about here, 49 more states to go (and many many countries).
At $100k per offense and the highest distributed CDs figure I have seen being 24 million installations from 50 different DRM infected CDs, that'd be quite a big number, even if you only count Texas installations.
In fact the upper limit (assuming conservativly only 1 infected PC per CD) is: 2,000,000,000,000 or 2 trillion dollars. Of course what percent are provably installed in Texas? is it Five percent? even if it's two percent that's $50,000,000,000 or 50 Billion dollars.
Sony claims that all DRM disks where sold domestically, but lets be kind and say that 80% of the disks were sold domestically so 19,200,000 disks in the US.
Lets assume that the consumers in all states have similar buying habits. So 7.4% of 19,200,000 US disks is 1,420,800 Texas sold disks.
1,420,000 times $100,000 max fine per disk is: $142,100,000,000 or 142 Billion Dollars.
I have seen estimates as low as 500,000 DRM infected disks sold in the US.
That number is much lower. 500,000 * 80% * 7.4% * 100,000 max fine is: 2,960,000,000 or 2.96 Billion dollars.
Any way you spin it, this is going to get ugly for Sony.
IANAL but it seems to me that criminal rather than Civil penalties is the way to go here.
Of course, the correct answer is both.
Call me naive, but I'm just not seeing action on the criminal side of things. Whatever happened to "equal protection under the law" principal where I would face jail time if I did this, even if I did it through my own 1-man consulting corporation?
um, IANAY* but it's my understanding that in the Yakusa loosing a finger is a freely given sign of commitment at the time of advancement not a punishment of failure.
Check this amazing product out! I wonder why we don't all have these.
EMF-Bioshield® - Electro Magnetic Fields Biological Shielding
The EMF-Bioshield ® protection system is made of two small spheres (or mini-bulbs) of 25 mm in diameter in neutral plastic. They contain solutions of rare earths salts with specific electromagnetic properties.
The EMF-Bioshield ® mini-bulbs are self-sticking and are to be placed respectively on the upper left and lower right corners of the screen frame (see below).
How does it work? The EMF-Bioshield® system does not need to be plugged into any power source. Its protective action is based on the A_NOX® ("Avoid [VDT] NOXiousness") technology, which uses the resonance properties of rare earths elements (elements 58 to 71 of Mendeleyev's Periodic Table of the Elements) to create a passive counter-phase resonance. Triggered by the electron beams the VDT uses to refresh its images (at a rate of 60 to 75 times a second) in a linear fashion (starting in the upper left screen corner and ending in the lower right corner), the content of the mini-bulbs creates an electromagnetic barrier around the protected screen. EMF-Bioshield® thus eliminates the harmful biological effects of residual radiation emitted by computer and TV sets cathode ray tubes.
How about this for a pass-phrase: "I have knowingly and illegally downloaded mp3 files and DVD movies" or non-humorously "I committed terrorist acts with Bob Jones and Ted Smith".
While not relevant to a UK terrorism investigation, I should have the right as a US citizen not to incriminate myself by releasing this statement. The state could then check if I've committed that crime.
It's not a bad idea actually. I could release it under seal to the court if forced and appeal it's release to the prosecution and investigators for a VERY long time.
As a security consultant and privacy advocate I wouldn't mind holding that fight (but would perfer not to have to bother).
It would be nice to have some way to objectively show / measure the respect of your peers. Karma and the moderation system are a way to do just that.
If I had a UID as low as yours, Dr. Evil, I probably mention it in interviews. ANYTHING to break free of the pack of other qualified applicants and make yourself stand out is a good thing.
If Karma swung over a much higher range (say hundreds) and you could get a certification saying "long-term Slashdot well respected poster" then it would probably be worth getting.
Of course it would invite Karma fraud and that's not a good thing.
But there are worse ways to evaluate applicants than going over an applicant's past slashdot postings.
Let me start with Thanks! I was unaware I had been spammed a bunch (BTW: I just fixed it).
My CISSP actually didn't certify that I know anything about how to secure a geeklog/php/mysql website, but by having my CISSP I should say I should know better. Well I do know better.
It's interesting to see my own security weaknesses in an analysis of a compromise. Not really surprising though, I haven't really read my old articles in months, don't monitor it and haven't really secured my website any more than the normal security best practices when I built it a year or so ago.
Of course, since it's importance to me is like a 2 on a 10 scale and it's on somebody else's servers at a web hosted environment, it's not running as tight a config as I would ever consider using at one of my customer's data-centers.
It's actually an example of a prudent security policy. Concentrate your resources (in my case, my overburdened time) where the risk/threat is highest and the rewards highest.
Having been spammed, I just suffered a vaguely embarrassing publicity event that will have minimal effect on my consulting work (even though it was publicised deep in a thread on Slashdot).
I had spent the time that I could have used securing my website, doing things like caring for my 2 year old and working for others to bring in revenue and pay my bills.
Somewhere low on my to do list is scrapping and rebuilding my website with a tighter config and better software. But since my website is more an amusement to me than something that actually brings in revenue, I kept bumping it lower and lower...
I know it probably sounds like excuses, excuses, excuses... he-he probably because they are. I will definitely be raising the priority of securing my website.
Just don't take the sorry state of my semi-abandoned website I once built, as indicative of my own capabilities or of CISSPs in general.
-------
But all of this is besides the point. I'm not saying certifications say anything about your qualifications. I took that test, I know how little it means and that it says little about me.
What I'm saying is that it sounds good and works as a successful marketing tool to recruiters and as such is worth getting.
If you want somebody to secure your website, hire a specialist by looking at their experience and pay them to take the time and do it right.
Of course looking at certifications won't let you figure out which are most skilled, that's what interviews and probing technical questions are for.
Not the only shining light, I too find my CISSP certification useful.
I am a highly qualified consultant of 15+ years experience. I live and die by recruiters deciding whether or not to pass my resume on to my actual customers.
Before my certification, I had to go into great length about how my semi-directly related experience matched what the job requirements. Now I can say "oh I'm certified in that specifically and have done similar things in the past".
Admittedly it doesn't speak to whether I'm really qualified, but if it gets me past a semi-clueless recruiter to actually speak with the hiring customer/manager, then it was worth but the time and money to get it.
Just be careful that you don't have too many certifications or list any lame/negative ones and it'll help you find work.
For those already employed, it looks great on a performance review and can help the justification for position or pay rate increases.
Eliza: Hello. I am ELIZA. How can I help you?
You: I want to know why i came to this site.
Eliza: Why do you want to know why you came to this site?
You: I want to use your responses in a slashdot posting.
Eliza: Why do you want to use my responses in a slashdot posting?
You: because I'm a freaking idiot who can't tell a pop-science, programmatic reject from my old mainframe days.
Eliza: Why do you say your old mainframe days?
You: because I'm too embarrassed to say i'm so old-school that actually ran Eliza programs that were written in COBOL on punch cards, and thought them cool...
Eliza: Do any other reasons not come to mind?
You: That's it!, I'm getting a beer and getting back to telecommuting...
Eliza: Does it please you to believe I am getting a beer and getting back to work?
[Connection closed by foreign host]
#
Before the advent of advanced brain imaging technologies, a large body of research accumulated on some of the behavioral characteristics indicative of the sex-related cognitive abilities of males and females. Behavioral studies, along with brain imaging research, autopsies, and animal research have begun to provide converging lines of evidence for some biological differences in the cognitive functioning of the sexes.
The differences between the intellectual capacities of the sexes appear to be in patterns of ability, rather than in overall intellectual functioning (Kimura, 1992). Attention and perception, which occur at the earliest stages of information processing, appear to differ between the sexes and may ultimately provide some clues in regard to differences that occur later on in cognitive processing. Infant girls have been found to gaze longer at visual stimuli than boys, and males are much more likely to be diagnosed with attention related problems. Baker's review of sex-related perceptual differences (as cited in Halpern, 2000) suggests that there are variations in all of the sensory systems. Males tend to be more adept at dynamic visual acuity, which involves the ability to detect slight movements in the field of vision. Males are also more adept than females in temporal cognition, the ability to recognize the passage of time. Females tend to be more sensitive to touch, odors, taste, and sounds --much of which is detectable shortly after birth.
Males have consistently shown an advantage in visual-spatial abilities, such as aiming at stationary or moving targets, as well as throwing and intercepting projectiles (Kimura, 1992). Males also perform better, and differently, than females in navigation. Whereas females are inclined to use landmarks as guides, males tend to rely on direction, distance, and geometric shapes for navigating their way through a route. Males also excel at quantitative problem solving, and mental rotation, or tasks involving the underlying cognitive processes of maintaining and manipulating a visual image in working memory (Halpern, 2000). It has been theorized that, evolutionarily, many of these abilities would have been important for survival when humans lived in hunter-gatherer societies, where males navigated unfamiliar terrain while hunting, and females foraged more nearby areas gathering food. An evolutionary theory regarding ADHD has been proposed as well. According to this theory, the ability to vigilantly scan the horizon, on alert to novel stimuli, such as stampeding buffalo, would have served the prehistoric hunter well (Hartmann, 2001). Recent genetic research suggests that there is scientific evidence to support this theory (Seay, 2002). It is conceivable that some cultures would value and reinforce different kinds of skills and behaviors, including perseverance and novelty-seeking, especially when advantageous to survival. Additionally, evidence on the evolution of the cerebral cortex suggests brain-behavior relationships, particularly in regard to the development of the prefrontal lobes, seat of the Executive Functions, including planning and organization, maintenance and flexibility of mental set, and self-regulation, such as delayed gratification and the inhibition of impulses --deficits often associated with ADHD.
In 1995, Shaywitz et al. identified evidence for gender differences in the functional organization of the brain for language, in a functional magnetic resonance imaging (fMRI) study. Behaviorally, females have consistently shown an advantage for verbal abilities, including earlier language acquisition and longer attention spans than males for conversation (as cited in Kruger, 2001). Females also tend to excel at memory ta
That Microsoft did this actually this was fairly predictable, even though I too am a strong advocate of gay rights.
Regardless of TFA says, what I think happened is that there is a some major customer of Microsoft software is strongly anti-gay rights (like the Bush run federal government or a large corporation or a major customer who allies itself with the religious right extremists mentioned in TFA) told Microsoft that they wouldn't purchase X 10s of thousands of copies of Office if Microsoft undermined their anti-gay political policies / laws.
Microsoft wants to be known as socially responsible, but faced with a reduction of revenue, their greed took
precedent and they became non-political on this issue. Of course they can't publicly admit this backroom concession.
Surely no one here would be surprised that Microsoft went for the money before social responsibility. Heck most companies would do the same thing if enough money was at stake.
Slashdot Mirror
While I have not of course RTFA, I would thihnk that charging comercially for the service is nessesary to keep it from becoming a spammer tool.
You know, you're right. The movie was first. It was series writers who thought most of that.
The movie writers probably thought something like: "hey lets do a movie and put Snake Blisken and an Academic Indians Jones in outer space fighting Egyptian aliens..."
After the semi-successful movie, the SG1 series writers then probably thought: "Well Snake's (Kurt Russel) Agent says he's not available for TV work, lets get McGuyver, add a ridge-challenged Worf and Some science hottie babe. They looked around and didn't find anyone with big enough breasts who could do a military scientist type and eventually settled on Amanda Tapping who is buxom enough (NSFW and it's a joke) to satisfy most geeks while being able to speak two technobable sentences in a row without too much embarrassment."
It wasn't until later that they hired 7 of 9 and put her in a leather bodice to be Worf's (T'elk's) babe de'jour. With the series writers thinking "Wow ratings are good, but they could be even better, if we add even bigger breasts to the cast. Who's on the Sci-fi big boobs call list? Oh yeah, Jeri Ryan (7of 9)"
Note BTW that, snideness aside, I love the Stargate and Atlantis Series and while I do claim to be sarcastic, I don't claim to be very funny
Um, I actually thought the question about "what is the Stargate?" was sarcasm.
Looking at the responses, I'm actually supprised that wasn't the case.
I'll throw in my sarcastic explanation of Stargate anyways:
Stargate is where the writers thought, "Hey lets grab the aging McGuyver, give him machine guns and have him fight Aliens throughout the Galaxy. We can team him up with a buxom science babe (doing a military version of the sexy librarian thing), a Stoic warrior guy like Worf (but with fewer head ridges) and a Indiana Jones type academic guy (but more know-it-all). The whole thing can be done with an ancient Egyptian theme with cool pyramids and crystals and stuff. We can make it all work by using a lesser known gaming system like Tri-Tac's Fringeworthy Roleplaying game. We can do a film, maybe even a series or two, with lots of explosions and special effects stuff, it'll be really cool".
We'll I'll be sure to immediately start taking up sword-fighting just in case an endless stream of similarly RFID nano-medicine users come to take my head.
You can never be sure when the Quickening is going to happen and one needs to be ready to take the Prize, just in case
It's not illegal if it's voluntary.
What two consenting adults do on hard disks is none of my concern...
The so-called explosion wasn't even "NEAR" moon-base alpha, was far away on the dark side at several of the the nuclear waste disposal and storage facilities. As I recall, it took the better part of an hour by Eagle landers to reach it. This safety measure protected the residents of Moon Base Alpha even in the worst-case scenario that occurred in '99
Furthermore, It's minute long spontaneous ignition (caused by improper management of the facility and not following the safety specifications) was hardly an explosion, it was more like a briefly sustained fusion (fission?) event.
I do have to concede that it was certainly many orders of magnitude greater in terms of energy release. The Lunar ignition of '99 generated enough energy to accelerate a body the size of the moon by 5Gs or so (nobody blacked out from the acceleration) and sustain it long enough to have escape Solar system escape velocity. Various theories about the discrepancy between a 60 second 5G acceleration and Solar system escape velocity being caused by the previously unknown "space warp" are still under investigation.
The very last thing we here at the Slashdot community is gripe about DRM in a way that comes up with a do-able (or even semi-doable) solution.
In general I think that locked down DRM is not an unsolvable problem, it's just that I'd like to believe the really good engineers won't sign up to create such an evil technology.
If we here at Slashdot put our heads together and gripe in a manner that solves it (to better mock them), and then that design leaks to the MPAA/RIAA. Well then we'd have nobody to complain to but ourselves...
Lets let somebody we already hate, such as Microsoft or SCO, write it and then we can go blissfully finger-pointing in our usual smug and superior manner.
In addition to unnecessary Windows bashing, you also miss the point of the article. If you have a non-static Debian/Apache based website with dynamic content that speaks to separate backend servers, you probably have some kind of "web-server database password" embedded somewhere in the web site's own code.
It is truly rare for user passwords to be passed along from web client, to the web server to the database and then database security security applied to allow visibility of individual records. Remember for proper security, you also can't cache them (even for the duration of a virtual session) at the web-server to get around the semi-stateless nature of http/SSL.
A much more common design is to have a web site hard code-embedded database password for the front-end web application (capable of doing anything any user can do on the web) and then have the web application limit access based on security properties of the user. if somebody had network access and knew the hard coded password, it could impersonate the web-server and make any Database changes it wants. Things like changing operating systems, or using secureID are useless here since the web application can't read tokens and needs access for it's own use.
But even if you dodge that bullet, you need only have one chink in your armor to be completely blown. Things like Network ops with Cisco support contracts blow the confidentiality of your dedicated links, if even one host in that network segment has a remote server/software support contract, it can be used for sniffing/impersonation. Do you run VPNs between all apps? Kerberos? if so then you're getting closer to getting rid of these hidden back doors.
The truth is most companies find it more cost-effective to trust their support vendors and internal net/operation staff rather than go through the pain of protecting against them.
Since these trusts are betrayed so infrequently, it's cheaper/better to buy an insurance policy against the loss than to protect against it.
As a security professional it's my job to recommend cost-effective security, not absolute security.
I do have to agree that citing a buzz-phrase like digital vaults is a very lame way to end an artical. But that said, it's an interesting technology to apply to solve this problem.
Mind you, it doesn't actually solve it as many unsolved issues remain (escalation of privledges from within the application, administartive access, development backdoors, key management, migration to the new architecture, etc.) but it's nice to have a new tool to apply to the problem.
Below is an explainatin of "Digital Vaults":
Digital Vaults enable users across the internet to share access to sensitive information in a simple secure way.
A major challenge that is faced by all organisations selecting IT technology is trying to clearly understand how a particular solution may address the challenges they are tasked with solving. And this often involves trying to understand what various vendors mean when using generic terminology.
The term "Digital Vault" has come to the fore in the last few months and now several vendors are offering technology under the umbrella of digital vaulting. So what should you understand? A simple acid test to apply to anything claiming to be a digital vault is the following. Does the digital vault hide items from those who have no right to see them, and does it ensure that those with access rights are monitored every step of the way.
The term vault should be used because it relates to the vault in the physical world. Every enterprise relies on few priceless items that must never be lost or exposed. The danger of losing or exposing these priceless items is vital to the enterprise's business continuity and can even threaten its very existence. In today's business world, a large percentage of those items is in digital format. Most business enterprises today will still use the physical vault to securely store copies of the critical data, but this is impractical when on the one hand you are required to make that data available on a day to day basis for those who need to view, and modify the data, and at the same time you are required to keep it under "lock and key" so that those who are not entitled to see it are kept away from it.
Bringing it back to the physical world analogy; the physical vault can only be accessed by those who have privileges to do so, and once in the vault, only those safety deposit boxes that you have the right to open should be made available to you. For those who saw the the Bourne Identity (movie), you may remember the scene when the hero enters the bank and gains access to the vault. He is then provided access to his private safety deposit box - well the digital vault needs to mirror this physical scenario. So the digital vault should be a mirror image of the physical vault. Critical data needs to be stored in a secure location, and should be visible only to those with the rights to see it.
Another key factor in identifying a Digital Vault should be its ability to mimic all existing security processes and procedures in the organisation for handling sensitive information. For example, most organisations will have clearly defined policies and procedures defining how sensitive physical items are handled. For example, who has access to the physical vault, and the security boxes? Are individuals allowed to access on their own, or is a dual control mechanism in place, for example dual keys? Does staff have to be authorized to enter, and are there times of day when access is permitted. These and many more procedures are found in organisations, and a Digital Vault must be able to address these procedures as is. It is not advisable to try and redefine policies and procedures to fit technology - the technology has to fit.
A digital vault by its very nature is going to provide some standard services to ensure that its contents are protected, such as being a long-term repository, highly secured regardless of overall network security and regardless of the physical topology of th
OK I typed way too fast and my calculator converted these fines to exponential notation, so i got some numbers slightly (ha!) wrong.
n ess/14rights.html>
e &symb=SNE
24 Million times 1000000 is 2.4 Trillion not 2 Trillion.
But that is irrelevant because I did more/better research and the lower bound is 568,000 CDs (based on Dan Kaminsky's network DNS cache analysis) http://www.doxpara.com/?q=sony
A good conservitive higher bound is 2.1 Million sold (based on Sony's statements)http://www.nytimes.com/2005/11/14/busi
The revised maximum fine numbers would then be $3,362,560,000 to $14,208,000,000.
So its just $3 to $14 Trillion in potential fines.
Sony has total corporate value (Market Cap) of $36,358,000,000. http://money.cnn.com/quote/quote.html?shownav=tru
My guess is that having a fine of (approx) 40% of your net worth hanging over your head is not gonna be good. Of course this is just Texas we're talking about here, 49 more states to go (and many many countries).
At $100k per offense and the highest distributed CDs figure I have seen being 24 million installations from 50 different DRM infected CDs, that'd be quite a big number, even if you only count Texas installations.
In fact the upper limit (assuming conservativly only 1 infected PC per CD) is:
2,000,000,000,000 or 2 trillion dollars. Of course what percent are provably installed in Texas? is it Five percent? even if it's two percent that's $50,000,000,000 or 50 Billion dollars.
Lets take a conservative estimate.
In the 2000 census, Texas had a population of 20,851,820 http://en.wikipedia.org/wiki/Texas
and the whole US has a population of 281,421,906. http://en.wikipedia.org/wiki/United_States
So Texas had 7.4% of the US population.
Sony claims that all DRM disks where sold domestically, but lets be kind and say that 80% of the disks were sold domestically so 19,200,000 disks in the US.
Lets assume that the consumers in all states have similar buying habits.
So 7.4% of 19,200,000 US disks is 1,420,800 Texas sold disks.
1,420,000 times $100,000 max fine per disk is: $142,100,000,000 or 142 Billion Dollars.
I have seen estimates as low as 500,000 DRM infected disks sold in the US.
That number is much lower.
500,000 * 80% * 7.4% * 100,000 max fine is: 2,960,000,000 or 2.96 Billion dollars.
Any way you spin it, this is going to get ugly for Sony.
IANAL but it seems to me that criminal rather than Civil penalties is the way to go here.
Of course, the correct answer is both.
Call me naive, but I'm just not seeing action on the criminal side of things. Whatever happened to "equal protection under the law" principal where I would face jail time if I did this, even if I did it through my own 1-man consulting corporation?
um, IANAY* but it's my understanding that in the Yakusa loosing a finger is a freely given sign of commitment at the time of advancement not a punishment of failure.
If you fail badly enough they just kill you.
*-I Am Not A Yakusa member
Dude! that web site is scarey...
h =17
Check this amazing product out! I wonder why we don't all have these.
EMF-Bioshield® - Electro Magnetic Fields Biological Shielding
The EMF-Bioshield ® protection system is made of two small spheres (or mini-bulbs) of 25 mm in diameter in neutral plastic. They contain solutions of rare earths salts with specific electromagnetic properties.
The EMF-Bioshield ® mini-bulbs are self-sticking and are to be placed respectively on the upper left and lower right corners of the screen frame (see below).
How does it work?
The EMF-Bioshield® system does not need to be plugged into any power source. Its protective action is based on the A_NOX® ("Avoid [VDT] NOXiousness") technology, which uses the resonance properties of rare earths elements (elements 58 to 71 of Mendeleyev's Periodic Table of the Elements) to create a passive counter-phase resonance. Triggered by the electron beams the VDT uses to refresh its images (at a rate of 60 to 75 times a second) in a linear fashion (starting in the upper left screen corner and ending in the lower right corner), the content of the mini-bulbs creates an electromagnetic barrier around the protected screen. EMF-Bioshield® thus eliminates the harmful biological effects of residual radiation emitted by computer and TV sets cathode ray tubes.
Read more at http://www.blockemf.com/catalog/articles.php?tPat
How about this for a pass-phrase: "I have knowingly and illegally downloaded mp3 files and DVD movies" or non-humorously "I committed terrorist acts with Bob Jones and Ted Smith".
While not relevant to a UK terrorism investigation, I should have the right as a US citizen not to incriminate myself by releasing this statement. The state could then check if I've committed that crime.
It's not a bad idea actually. I could release it under seal to the court if forced and appeal it's release to the prosecution and investigators for a VERY long time.
As a security consultant and privacy advocate I wouldn't mind holding that fight (but would perfer not to have to bother).
Oh come on, as a California resident, we've seriously mitigated this risk by electing as Governor Humanity's protector from Terminator 2 and 3...
32%* said they only get calls from Cowboy Neal about when to make duplicate posts..
* - numerical stickler note: percentage drawn from other entries, totaling 150% per nwbvt's sig
Not that bad an idea actually.
It would be nice to have some way to objectively show / measure the respect of your peers. Karma and the moderation system are a way to do just that.
If I had a UID as low as yours, Dr. Evil, I probably mention it in interviews. ANYTHING to break free of the pack of other qualified applicants and make yourself stand out is a good thing.
If Karma swung over a much higher range (say hundreds) and you could get a certification saying "long-term Slashdot well respected poster" then it would probably be worth getting.
Of course it would invite Karma fraud and that's not a good thing.
But there are worse ways to evaluate applicants than going over an applicant's past slashdot postings.
Let me start with Thanks! I was unaware I had been spammed a bunch (BTW: I just fixed it).
My CISSP actually didn't certify that I know anything about how to secure a geeklog/php/mysql website, but by having my CISSP I should say I should know better. Well I do know better.
It's interesting to see my own security weaknesses in an analysis of a compromise. Not really surprising though, I haven't really read my old articles in months, don't monitor it and haven't really secured my website any more than the normal security best practices when I built it a year or so ago.
Of course, since it's importance to me is like a 2 on a 10 scale and it's on somebody else's servers at a web hosted environment, it's not running as tight a config as I would ever consider using at one of my customer's data-centers.
It's actually an example of a prudent security policy. Concentrate your resources (in my case, my overburdened time) where the risk/threat is highest and the rewards highest.
Having been spammed, I just suffered a vaguely embarrassing publicity event that will have minimal effect on my consulting work (even though it was publicised deep in a thread on Slashdot).
I had spent the time that I could have used securing my website, doing things like caring for my 2 year old and working for others to bring in revenue and pay my bills.
Somewhere low on my to do list is scrapping and rebuilding my website with a tighter config and better software. But since my website is more an amusement to me than something that actually brings in revenue, I kept bumping it lower and lower...
I know it probably sounds like excuses, excuses, excuses... he-he probably because they are. I will definitely be raising the priority of securing my website.
Just don't take the sorry state of my semi-abandoned website I once built, as indicative of my own capabilities or of CISSPs in general.
-------
But all of this is besides the point. I'm not saying certifications say anything about your qualifications. I took that test, I know how little it means and that it says little about me.
What I'm saying is that it sounds good and works as a successful marketing tool to recruiters and as such is worth getting.
If you want somebody to secure your website, hire a specialist by looking at their experience and pay them to take the time and do it right.
Of course looking at certifications won't let you figure out which are most skilled, that's what interviews and probing technical questions are for.
Not the only shining light, I too find my CISSP certification useful.
I am a highly qualified consultant of 15+ years experience. I live and die by recruiters deciding whether or not to pass my resume on to my actual customers.
Before my certification, I had to go into great length about how my semi-directly related experience matched what the job requirements. Now I can say "oh I'm certified in that specifically and have done similar things in the past".
Admittedly it doesn't speak to whether I'm really qualified, but if it gets me past a semi-clueless recruiter to actually speak with the hiring customer/manager, then it was worth but the time and money to get it.
Just be careful that you don't have too many certifications or list any lame/negative ones and it'll help you find work.
For those already employed, it looks great on a performance review and can help the justification for position or pay rate increases.
Attempting to find this answer for you I instead found a research paper (with references) that stated the opposite conclusion.
From the article Gender Differences in Cognitive Functioning by Heidi Weiman
Your ST:TOS references frighten me...
Personally I'd be more interested in fluctuations in the Quatloo to GPL (Gold Pressed Latinum) rates.
Actually is done by the wording of the Chemical Weapons Convention, An international treaty signed by 169 countries and enforced on the US Miltiary Froces by the 1999 Executive Order #13128.
Congress later passed a law preventing future presidents from changing this executive order.
That Microsoft did this actually this was fairly predictable, even though I too am a strong advocate of gay rights.
Regardless of TFA says, what I think happened is that there is a some major customer of Microsoft software is strongly anti-gay rights (like the Bush run federal government or a large corporation or a major customer who allies itself with the religious right extremists mentioned in TFA) told Microsoft that they wouldn't purchase X 10s of thousands of copies of Office if Microsoft undermined their anti-gay political policies / laws.
Microsoft wants to be known as socially responsible, but faced with a reduction of revenue, their greed took precedent and they became non-political on this issue. Of course they can't publicly admit this backroom concession.
Surely no one here would be surprised that Microsoft went for the money before social responsibility. Heck most companies would do the same thing if enough money was at stake.