The real question is, what is the agenda of InterTrust Technologies?
If they have someone motivated by money, this will either be settles out of court or they'll get a fraction of all profits on the 85% of the MS products that infringe the patent. Or, they'll just sell the patent/company.
If they are motivated to protect what's theirs, they'll probably settle out of court.
If they are *nix users, perhaps they'll try to put a serious dent into M$.
I find the latter highly unlikely, though. If you throw enough money at any problem, you can make it go away. That's probably what will happen here.
"A bogus medical record called "John F. Kenndey" is created and loaded into the database. This medical record has no true value because there is no real patient with that name. Instead, the record is a honeytoken, an entity that has no authorized use. If any employee is looking for interesting patient data, this record will definitely stand out. If the employee attempts to access this record, you most likely have an employee violating patient privacy. It is as simple as that, no fancy algorithms, no signatures to update, no rules to configure. You load the records, monitor it, and if someone accesses it they most likely have violated the system's usage policy."
If you're poking around with "no ill intent", you're still voilating rules and regulations. That's like saying "<i>Well, I was driving with no ill intent, but then I ran over someone accidently.</i>" Either way, you should be held accountable for your actions, and a honeytoken would ensure that this happens.
If it was a mistake (like, for instance, they "accidently" typed "John F Kennedy" instead of "Mike Smith"), chances are the record wasn't accessed for long.
If there's a flaw in the software, there will be repetitions, plus the flaw will most likely be tracked down as the cause and fixed.
If it was someone who was "bored", then they deserve a slap on the wrist. Maybe it's just me, but I don't want people poking around in my medical records because they are "bored".
In the case of a hacker... well, that's for what the honeytoken is designed.
Quite realistically, every one of your instances could apply to a honeypot as well.
The idea of a honeytoken seems quite valid, and both have advantages and disadvantages. It all depends on the situation and intended use.
A honeytoken is a honeypot on a smaller scale. By bashing the honeytoken, you're bashing a honeypot, in a way.
Yes. Every program I run now and will ever want to run....and before you suggest it, The windows emulators for *nix are not the answer. I like my framerates, thankyouverymuch.
This is probably why my next box will be a WinBox, and this one will become a *nix server.
Oh, I dunno. I guess I just like the fact that I can play something other than TUX RACER on a WinBox.
All joking aside, I've used both Linux and Windows, and if there were more native applications and driver support for Linux, I'd switch to it.
So, like, go hound developers and stuff.
Slashdot Mirror
I like this idea. It's pretty much a lazy-man's Blockbuster. If the price is right, I see this idea taking off and spreading to all film-makers.
The real question is, what is the agenda of InterTrust Technologies?
If they have someone motivated by money, this will either be settles out of court or they'll get a fraction of all profits on the 85% of the MS products that infringe the patent. Or, they'll just sell the patent/company.
If they are motivated to protect what's theirs, they'll probably settle out of court.
If they are *nix users, perhaps they'll try to put a serious dent into M$.
I find the latter highly unlikely, though. If you throw enough money at any problem, you can make it go away. That's probably what will happen here.
"All your bling-bling are belong to us."
-InterTrust Technologies, to Microsoft Inc.
"Well, you can't find weapons of mass destruction, but now, you can build one with our at-home kit!"
It's the beginning of the Redneck Skynet!
"A bogus medical record called "John F. Kenndey" is created and loaded into the database. This medical record has no true value because there is no real patient with that name. Instead, the record is a honeytoken, an entity that has no authorized use. If any employee is looking for interesting patient data, this record will definitely stand out. If the employee attempts to access this record, you most likely have an employee violating patient privacy. It is as simple as that, no fancy algorithms, no signatures to update, no rules to configure. You load the records, monitor it, and if someone accesses it they most likely have violated the system's usage policy."
If you're poking around with "no ill intent", you're still voilating rules and regulations. That's like saying "<i>Well, I was driving with no ill intent, but then I ran over someone accidently.</i>" Either way, you should be held accountable for your actions, and a honeytoken would ensure that this happens.
If it was a mistake (like, for instance, they "accidently" typed "John F Kennedy" instead of "Mike Smith"), chances are the record wasn't accessed for long. If there's a flaw in the software, there will be repetitions, plus the flaw will most likely be tracked down as the cause and fixed. If it was someone who was "bored", then they deserve a slap on the wrist. Maybe it's just me, but I don't want people poking around in my medical records because they are "bored". In the case of a hacker... well, that's for what the honeytoken is designed. Quite realistically, every one of your instances could apply to a honeypot as well. The idea of a honeytoken seems quite valid, and both have advantages and disadvantages. It all depends on the situation and intended use. A honeytoken is a honeypot on a smaller scale. By bashing the honeytoken, you're bashing a honeypot, in a way.
Yes. Every program I run now and will ever want to run. ...and before you suggest it, The windows emulators for *nix are not the answer. I like my framerates, thankyouverymuch.
This is probably why my next box will be a WinBox, and this one will become a *nix server.
Oh, I dunno. I guess I just like the fact that I can play something other than TUX RACER on a WinBox. All joking aside, I've used both Linux and Windows, and if there were more native applications and driver support for Linux, I'd switch to it. So, like, go hound developers and stuff.