Would I blame my University's medical school if their was an outbreak of the common cold? No.
Would I say that it is ironic that the same institution which houses a recognized information security center of excellence suffers a rather un-common breach of information security which goes undetected for weeks? Yes.
Would I say that reflexively blaming the IT staff is presumptuous, because for all we know at this point this was a failure of management, including but not limited to internal audit, to ensure that adequate controls for the detection of unauthorized disclosure were in place? Yes.
32,000 staff and student ID records, including photographs and SSN's have been exposed to {h|cr}ackers, possibly for as long as two months.
GMU is home to The Center for Secure Information Systems.
In other news, the cobbler's children are going barefoot...
FB: What is your opinion on the fact that Linux (the kernel!) supports binary drivers without too many problems? I'll make an example: the OpenBSD project didn't support Atheros wireless chips because they require a binary HAL provided with an incompatible license for their goals and policy. They act consistently. Do you think that Linux (the kernel!) should try a similar rigorous approach?
RMS: Yes! And so should the developers of GNU/Linux distributions. This is very important.
The report was written by a well-known social scientist and some of his doctoral students. They ALL have reputations to either maintain or to build. I doubt they would tarnish those reputations by cooking the books.
Moreover, the RAW DATA, are available at the same place the paper is. If you believe that the model they used is misspecified, by all means conduct your own analysis.
Unlike partisan hacks, or some internet pundits, real researchers *welcome* additional scrutiny of their data, their methods, and their models.
Do the same people who impugn the integrity of these researchers impugn the integrity of researchers in, say, the crypto community, who display a similar openness with regard to the internals of their research and reasoning? If not, why not?
One of those MIT eggheads was on Frontline discussing the (in)security of chemical plants, oil terminals, and other critical infrastructure. He stood on a roof of a building at MIT and pointed to a place (which was deliberately NOT shown) and talked about how if it contained enough bad stuff to take out Beantown. With Keyhole, the terrorists can now conduct a virtual kamikaze run from home.:^)
Dang! Google has risen to the occasion, yet again. I'd like to see them add some of citeseer's functionality (such as BibTeX entries), but as a first cut, it rocks.
For me, Keyhole is a toy. The 4" resolution they get of Cambridge is kinda scary, though!
I'm glad the OP thinks his papers deserve a world-wide audience. However, I would argue that it is generally considered bad form to tout one's intellectual accomplishments so nakedly. That's two in one day for this guy.
I am not familiar with Perfigo, but it seems as though they make equipment which will not allow a device to obtain non-trivial network access unless/until it has been shown to be up to snuff according to various configurable criteria. Something like "Now that Nessus says you're cool, you get routed out of this prison".
Slashdot Mirror
Note to self:
Bring Cap'n Crunch whistle to South English...
(They do still use a crossbar, right?)
What part of "promote the general welfare" don't you understand, buddy?
Would I blame my University's medical school if their was an outbreak of the common cold? No.
Would I say that it is ironic that the same institution which houses a recognized information security center of excellence suffers a rather un-common breach of information security which goes undetected for weeks? Yes.
Would I say that reflexively blaming the IT staff is presumptuous, because for all we know at this point this was a failure of management, including but not limited to internal audit, to ensure that adequate controls for the detection of unauthorized disclosure were in place? Yes.
32,000 staff and student ID records, including photographs and SSN's have been exposed to {h|cr}ackers, possibly for as long as two months. GMU is home to The Center for Secure Information Systems. In other news, the cobbler's children are going barefoot...
First thing I looked for. Very conspicuous by its absence (unless I missed it!).
Any paper seriously threatened by Craigslist would have gone out of business thanks to the invention of toilet paper.
You, sir, are an ignoramus. For another example, consider "gnostic".
FB: What is your opinion on the fact that Linux (the kernel!) supports binary drivers without too many problems? I'll make an example: the OpenBSD project didn't support Atheros wireless chips because they require a binary HAL provided with an incompatible license for their goals and policy. They act consistently. Do you think that Linux (the kernel!) should try a similar rigorous approach?
RMS: Yes! And so should the developers of GNU/Linux distributions. This is very important.
When we start self-censoring, the terrorists have won.
And BTW, "discrete, rich Texan" is an oxymoron.
Notice what kind of pie you got?
I, for one, welcome our sun-tanned, beachfront-dwelling overlords from Iowa.
Amen, Brother.
;^)
Likewise CARP vs. VRRP.
Perhaps Theo should write a letter to the Business Week editor
It's gonna suck when the golf equipment manufacturer sues these guys.
How can you say that superuser isn't required to diagnose problems?
What if the problem is caused by bogosity in a config file that only root can read?
What if the logs produced by the application are only readable by root (or by adm)?
What if the process is running with root privileges and you need to trace/truss it to perform the diagnose it?
cd; find . -atime gt 30 -print | xargs rm -f
Best when modified and run as root over luser dirs, of course. Quotas are for sissies.
The report was written by a well-known social scientist and some of his doctoral students. They ALL have reputations to either maintain or to build. I doubt they would tarnish those reputations by cooking the books.
Moreover, the RAW DATA, are available at the same place the paper is. If you believe that the model they used is misspecified, by all means conduct your own analysis.
Unlike partisan hacks, or some internet pundits, real researchers *welcome* additional scrutiny of their data, their methods, and their models.
Do the same people who impugn the integrity of these researchers impugn the integrity of researchers in, say, the crypto community, who display a similar openness with regard to the internals of their research and reasoning? If not, why not?
One of those MIT eggheads was on Frontline discussing the (in)security of chemical plants, oil terminals, and other critical infrastructure. He stood on a roof of a building at MIT and pointed to a place (which was deliberately NOT shown) and talked about how if it contained enough bad stuff to take out Beantown. With Keyhole, the terrorists can now conduct a virtual kamikaze run from home. :^)
The fact that you have no idea what people wrote or read about shows the importance of making the materials more accessible.
Dang! Google has risen to the occasion, yet again. I'd like to see them add some of citeseer's functionality (such as BibTeX entries), but as a first cut, it rocks.
For me, Keyhole is a toy. The 4" resolution they get of Cambridge is kinda scary, though!
I'm glad the OP thinks his papers deserve a world-wide audience. However, I would argue that it is generally considered bad form to tout one's intellectual accomplishments so nakedly. That's two in one day for this guy.
The FA says that searches which yielded results two weeks ago do not work now. If this is so, then it is not due to Google's cycle.
Dunno if it can run Linux, but I've seen NetBSD running handily on a 512K Mac ;^). Could be a
little zany without an MMU, of course...
CVS is your friend. See also the updating mini-faq, conveniently located here
http://www.georgewbush.org/
I am not familiar with Perfigo, but it seems as though they make equipment which will not allow a device to obtain non-trivial network access unless/until it has been shown to be up to snuff according to various configurable criteria. Something like "Now that Nessus says you're cool, you get routed out of this prison".