Nah.. just be honest with the boss and tell him you aren't sure how to do it but are willing to learn. Then tell him from what you can tell so far, it will not be quick or cheap.
Write up a combination of the suggestions you get with an estimated time and costs so even if he decides to hire a pentester, he will have an idea of what to look for and salary as well as what to charge. If he decides to train you, you will have an idea if what to expect.
Written authorization is extremely important. And save it.
I did some work for a lawfirm once who kept getting their email servers blacklisted. One or more of the workstations were infected with some spamming trojan. Anyways, to make a long story shorter, I set up a system between the router and switch and logged every packet for a day or so after i ran wireshsrk and found the offending workstations. I created an Email account on their server with the CTO's verbal permission and had the logs sent to it. This was primarily to avoid flooding my account and so i didn't need access to the admin account. I was looking for unsolicited incomming connections but found the trojans went to an IRC channel and downloaded a list of commands yto specify the spam and if it couldn't complete that task, they blasted copies of itself to contacts and the last lists of addresses it did download.
I cleaned the computersand updayed them. I did a run with Nmap with the results going to that same email address. I ran a few other scans with the same email address and then the existing IT and I updated all the workstations and servers, turned off unnesecary services and ran the MS hardening tool on the one server new enough to support it.
Fast forward two years and i have a sheriff knocking on my door claiming to have a warrant to take my computers and arrest me. Turns out a new IT took over that law firm, someone got bored and started snooping through people's email accounts and stumbled on all the logs. In that account was a few emails i sent from my real address saying is this working. And of course my sig wiyh my name and phone number. No one remembered what we did and they were trying to charge me with a felony.
I spent 4 hours at the sheriffs office while they tracked down thhhe old IT guy who vouched for me. That wasn't enough and the CTO from that time got cancer or something and wasn't around to say anything. I had to get a coworker to find the billing for the time and bring it in. The prosecuter told the sheriff to release me but it was another 3 days before i was notified all charges were dropped and got the papers to pick my conputers up.
If something would have happened to the old IT guy or if he decided he didn't remember, i likely would still be screwing with it. I made sure i had written authorization ever since.
You can laugh all you want. It still does not change thr fact that without congress, any agreement will have as much weight as any agreement with a random US citizen where international law is concerned. The president simply does not have the authority to represent the country in its entirety without the specific consent of congress. The constitution makes that explicitaly cleat.
Now i really do not care if you are done with ignorants or not. If you are, you need to drop your boy becaude he is severely confused as are you. But if you seriously think otherwise, answer this for me. Why has the US sighned the Kyoto accords but has not followed it and no other member state is calling us for it? The answer of courde is brcause congress has not rstified it which is the only thing that would make President Clinton's signiture binding as part of the treaty. But by all means, reconcile that with what your confused friend thinks and tell us a story on it. Because anything else will be just that- a story.
I just read the letter again. It does not appear to ve a sabotage letter at all. Its just an informational letter describing the legitimate constitutional processes. It explains the difference between an agreement and treaty an that congress will have to agree in order for it to be anything more than a simple agreement.
If it was some do everything to sabotage letter, i would imagine it would contain the fact that the sanctions are laws passed by congress and without an act of congress, the administration would be violating the law if he relaxed them or stopped enforcing them.
International law has nothing to do with it. If the administration does not have the constitutional authority, he simply does not have it. Obviously if you and whoever pulled a rabbit out of their hat thinks differently, the letter is well founded. The administration cannot ratify any treaty without the senate in which those 47 senators and any agreement made without that is little more than a verbal agreement between the two of us to get Google to stop collecting user informagion when neither of us have any abilities at google.
Furthermors, this has been this way since the founding of the country and is right in the US constitution under article 2 section 2. It states the president can only make treaties if two thirds of the senate agree. There are only 100 senators so if whatever agreement is to be international law, some of those 47 senators will have to agree. That being said, any agreements not a treaty can be broken by the next administration simply by nullifying then. Only congress can change law too, so any attempt not to faithfully execute the law which is what Obama is relying on absent action from congress can be judt as easily reversed.
No it isn't sedition. It was a reminder of how the constitution works and that the president despite his insistance otherwise does not have the authority to nullify laws passed by congress which the sanctions are. Congress and even state governments have long reached out to foreign officials and even negotiated trade agreements without administration participation. Look up the sister cities project if you doubt that
And we will hear about the clinton email specifically because congress has requested copies of it for oversight purposes and there appears to be gapps in what was provided.
Also her claim is she did not want to carry multiple devices. What device was she using that only allows only one email account or just one app to check that one account?
I've had multiple accounts on my phones since my first smart phone. I can switch accounts pretty simply in the same app as well as use other apps specifically for the other accounts with different defaults for each. I don't buy her excuse and seriously question the mental abilities of government official that high up if its too dificult.
It would probably be rather easy to disablr input from unapproved ports or devices once the vehicle reaches a certain speed or is in gear for a specific length of time. This would allow for diagnostics, remote starters and so on. They could even employ a diagnostic override that requires pluging a resistor chiped dongle in under the hood or somewhere allowing user modifications and whatever at the owner's direction.
The fear doesn't seem to be you and your car. Its some hacker issuing commands at 5:30 causing toyotas to accelerate out of control, fords to brake rapidly, and gm vehicled to lose sterring controls because of an infected app on a synced phone or a device placed along side a stretch of road somewhere.
This is kind of more of a consumer protection thing. In california you used to have telephone book lawsuites because someone used a product in ways it wasn't intended and got hurt somehow because there was no warning or instructions not to use it that way. Its the reason we have warnings to remove children from baby strollers before colapsing for storage and those instruction pictures showing how to suffocate someone on plastic bags. In theory, if a manufacturer can make reasonable changes to products or warn users of the dangers they have to- or face liability for selling defective or unsafe products.
Its probably still a long shot but even if they fail, it stands a good chance of showing the defectiveness of current practices which makes liability in the future much more likely. It may cause a shift anyways.
All it wouldd take is to block the email from her private server. No threats of jail time involved at all. Either blacklist it at the government servers or even just send it to the junk mail of her boss's account. Hell, even forcing a sender validation request to every.gov email address would be enough to change her to a.gov email address for government email.
Btw, hillary was appointed to the state department not elected in case you are confusing her term as senator (which is state wide so no redistricting is possible). But while i agree that representatives should be educated, i do not agree in limiting them any further than the condtitution does. They are supposed to be representative of the people they represent. Placing restrictions on top of that eould take us back to the political class and essentially bring back the aristicrats. If you think government represents special interests over the people now, just wait until you limit it to these new aristicrats.
As i said, standing neefs to show harm. The court can not accept any harm was done and deny standing. Notice their claim id that they believe? They still need to get the court to believe too.
I asked for names and all you could do is trash talk. I guess that makes where in the grand scheme of things. I'm betting it is not where you think it is.
Or a likely more effective approach would be a click through page explaining the issues, possible solutions, and requiring them to click on something before passing through to the content they want.
Still doesn't change the expectations. I mean someone failing to act lawfully or ethically because they are worried about their potential comfort in the future is little different then someone robbing a bank to stop forclosure on his home. I can understand why they did it but i still expect them to act differently- breaking laws aside and all.
If you really believe that, you are more gullable than those drones who parrot talk radio. This stuff takes time and it takes more time when people do not cooperate.
If it is how you think and nothing wrong happened, why all the stonewalling? Why lose the emails in the first place and fail to find them when the tig basically asked IT to see if they could be recovered and poof they were there. I mean it was a contention in the elections and it likely contributed to losing seats. Why put the country through that and take the fifth when nothing was wrong?
Yes. That is exactly what is expected. And if she overrulled them or retaliated, there are official channels to report it that carry whistle blower protections when department rules and laws are not being followed.
My guess is that it likely did not get that far because there likely isn't an auditing system in place to catch it. Even the president who learned about it in the news paper like the rest of us was sending and revieving mail from her in this manner and it was not caught.
Actually, that IRS the dog ate my email somewhat failed.
It turns out that asking IT to look for backups of the email is more productive than looking for it personally. Its just a matter of time needed to sort through it if anyone in government is still interested.
Nah.. it can be dismissed on a denial of standing alone. Sure wikipedia can say X but the key is whether there was harm because of it or not and whether a court will recognize that harm.
But in the end, it doesn't matter. The FCC used the interstate commerce clause to movr the internet to title 2 regulation and the courts have long supported searches under the guise of interstate commerce. Even if the NSA is struck down, it can easily, and likely under existing search standards (boarder searches and the ability to inspect cargo) continue will not be hampered. Especially since at least justice robberts is willing to ignore the text of a law and read a penalty as a tax in order to allow it to be constitutional. This signifies that tjis supreme court will go to lengths to allow the government to have its way if there is a conflict over rights dedpite the 9th and 10th amendments.
If you search through wikiedia using https that link should be rencrypted and not known unless either your computer or the server is compromised or they are using a mitm attack yo thwart the https. If you search through google and click on the link, well you know at minimum you are being watched for marketing reasons.
Anyway, other that google or some other sesrch engine, you will not be swept up in automated collection and filtering. Someone will have to spend some real effort on you if you are using https which is unlikely unless they are already looking at you.
I'm not sure that MS can go after Google and come out clean. The low hanging fruit- especially since MS bought nokia likely will not have as much defensive posturing to fall back on.
Slashdot Mirror
Nah.. just be honest with the boss and tell him you aren't sure how to do it but are willing to learn. Then tell him from what you can tell so far, it will not be quick or cheap.
Write up a combination of the suggestions you get with an estimated time and costs so even if he decides to hire a pentester, he will have an idea of what to look for and salary as well as what to charge. If he decides to train you, you will have an idea if what to expect.
Written authorization is extremely important. And save it.
I did some work for a lawfirm once who kept getting their email servers blacklisted. One or more of the workstations were infected with some spamming trojan. Anyways, to make a long story shorter, I set up a system between the router and switch and logged every packet for a day or so after i ran wireshsrk and found the offending workstations. I created an Email account on their server with the CTO's verbal permission and had the logs sent to it. This was primarily to avoid flooding my account and so i didn't need access to the admin account. I was looking for unsolicited incomming connections but found the trojans went to an IRC channel and downloaded a list of commands yto specify the spam and if it couldn't complete that task, they blasted copies of itself to contacts and the last lists of addresses it did download.
I cleaned the computersand updayed them. I did a run with Nmap with the results going to that same email address. I ran a few other scans with the same email address and then the existing IT and I updated all the workstations and servers, turned off unnesecary services and ran the MS hardening tool on the one server new enough to support it.
Fast forward two years and i have a sheriff knocking on my door claiming to have a warrant to take my computers and arrest me. Turns out a new IT took over that law firm, someone got bored and started snooping through people's email accounts and stumbled on all the logs. In that account was a few emails i sent from my real address saying is this working. And of course my sig wiyh my name and phone number. No one remembered what we did and they were trying to charge me with a felony.
I spent 4 hours at the sheriffs office while they tracked down thhhe old IT guy who vouched for me. That wasn't enough and the CTO from that time got cancer or something and wasn't around to say anything. I had to get a coworker to find the billing for the time and bring it in. The prosecuter told the sheriff to release me but it was another 3 days before i was notified all charges were dropped and got the papers to pick my conputers up.
If something would have happened to the old IT guy or if he decided he didn't remember, i likely would still be screwing with it. I made sure i had written authorization ever since.
You can laugh all you want. It still does not change thr fact that without congress, any agreement will have as much weight as any agreement with a random US citizen where international law is concerned. The president simply does not have the authority to represent the country in its entirety without the specific consent of congress. The constitution makes that explicitaly cleat.
Now i really do not care if you are done with ignorants or not. If you are, you need to drop your boy becaude he is severely confused as are you. But if you seriously think otherwise, answer this for me. Why has the US sighned the Kyoto accords but has not followed it and no other member state is calling us for it? The answer of courde is brcause congress has not rstified it which is the only thing that would make President Clinton's signiture binding as part of the treaty. But by all means, reconcile that with what your confused friend thinks and tell us a story on it. Because anything else will be just that- a story.
I would think if that was the case, we wouldn't be discussing this right now. Obviously all those requirements were not in force with Mrs. Clinton.
I just read the letter again. It does not appear to ve a sabotage letter at all. Its just an informational letter describing the legitimate constitutional processes. It explains the difference between an agreement and treaty an that congress will have to agree in order for it to be anything more than a simple agreement.
If it was some do everything to sabotage letter, i would imagine it would contain the fact that the sanctions are laws passed by congress and without an act of congress, the administration would be violating the law if he relaxed them or stopped enforcing them.
International law has nothing to do with it. If the administration does not have the constitutional authority, he simply does not have it. Obviously if you and whoever pulled a rabbit out of their hat thinks differently, the letter is well founded. The administration cannot ratify any treaty without the senate in which those 47 senators and any agreement made without that is little more than a verbal agreement between the two of us to get Google to stop collecting user informagion when neither of us have any abilities at google.
Furthermors, this has been this way since the founding of the country and is right in the US constitution under article 2 section 2. It states the president can only make treaties if two thirds of the senate agree. There are only 100 senators so if whatever agreement is to be international law, some of those 47 senators will have to agree. That being said, any agreements not a treaty can be broken by the next administration simply by nullifying then. Only congress can change law too, so any attempt not to faithfully execute the law which is what Obama is relying on absent action from congress can be judt as easily reversed.
Your boy's interpretation is just wrong.
No it isn't sedition. It was a reminder of how the constitution works and that the president despite his insistance otherwise does not have the authority to nullify laws passed by congress which the sanctions are. Congress and even state governments have long reached out to foreign officials and even negotiated trade agreements without administration participation. Look up the sister cities project if you doubt that
And we will hear about the clinton email specifically because congress has requested copies of it for oversight purposes and there appears to be gapps in what was provided.
Also her claim is she did not want to carry multiple devices. What device was she using that only allows only one email account or just one app to check that one account?
I've had multiple accounts on my phones since my first smart phone. I can switch accounts pretty simply in the same app as well as use other apps specifically for the other accounts with different defaults for each. I don't buy her excuse and seriously question the mental abilities of government official that high up if its too dificult.
It would probably be rather easy to disablr input from unapproved ports or devices once the vehicle reaches a certain speed or is in gear for a specific length of time. This would allow for diagnostics, remote starters and so on. They could even employ a diagnostic override that requires pluging a resistor chiped dongle in under the hood or somewhere allowing user modifications and whatever at the owner's direction.
The fear doesn't seem to be you and your car. Its some hacker issuing commands at 5:30 causing toyotas to accelerate out of control, fords to brake rapidly, and gm vehicled to lose sterring controls because of an infected app on a synced phone or a device placed along side a stretch of road somewhere.
Actual odds may be as large as odds of a spouse's brake lines being cut or a Toyota accelerating out of control with no obvious excuse.
Actually, i do not know the odds but i do not think the will to increase them is zero.
This is kind of more of a consumer protection thing. In california you used to have telephone book lawsuites because someone used a product in ways it wasn't intended and got hurt somehow because there was no warning or instructions not to use it that way. Its the reason we have warnings to remove children from baby strollers before colapsing for storage and those instruction pictures showing how to suffocate someone on plastic bags. In theory, if a manufacturer can make reasonable changes to products or warn users of the dangers they have to- or face liability for selling defective or unsafe products.
Its probably still a long shot but even if they fail, it stands a good chance of showing the defectiveness of current practices which makes liability in the future much more likely. It may cause a shift anyways.
All it wouldd take is to block the email from her private server. No threats of jail time involved at all. Either blacklist it at the government servers or even just send it to the junk mail of her boss's account. Hell, even forcing a sender validation request to every .gov email address would be enough to change her to a .gov email address for government email.
Btw, hillary was appointed to the state department not elected in case you are confusing her term as senator (which is state wide so no redistricting is possible). But while i agree that representatives should be educated, i do not agree in limiting them any further than the condtitution does. They are supposed to be representative of the people they represent. Placing restrictions on top of that eould take us back to the political class and essentially bring back the aristicrats. If you think government represents special interests over the people now, just wait until you limit it to these new aristicrats.
As i said, standing neefs to show harm. The court can not accept any harm was done and deny standing. Notice their claim id that they believe? They still need to get the court to believe too.
I asked for names and all you could do is trash talk. I guess that makes where in the grand scheme of things. I'm betting it is not where you think it is.
Well, if you do it, put it in a jpeg file to make searching for the links harder and they stick around longer.
Or a likely more effective approach would be a click through page explaining the issues, possible solutions, and requiring them to click on something before passing through to the content they want.
Still doesn't change the expectations. I mean someone failing to act lawfully or ethically because they are worried about their potential comfort in the future is little different then someone robbing a bank to stop forclosure on his home. I can understand why they did it but i still expect them to act differently- breaking laws aside and all.
If you really believe that, you are more gullable than those drones who parrot talk radio. This stuff takes time and it takes more time when people do not cooperate.
If it is how you think and nothing wrong happened, why all the stonewalling? Why lose the emails in the first place and fail to find them when the tig basically asked IT to see if they could be recovered and poof they were there. I mean it was a contention in the elections and it likely contributed to losing seats. Why put the country through that and take the fifth when nothing was wrong?
Snowden has nothing to do with it. Read what was said again and try to comprehend it time.
Yes. That is exactly what is expected. And if she overrulled them or retaliated, there are official channels to report it that carry whistle blower protections when department rules and laws are not being followed.
My guess is that it likely did not get that far because there likely isn't an auditing system in place to catch it. Even the president who learned about it in the news paper like the rest of us was sending and revieving mail from her in this manner and it was not caught.
http://www.politico.com/story/...
Actually, that IRS the dog ate my email somewhat failed.
It turns out that asking IT to look for backups of the email is more productive than looking for it personally. Its just a matter of time needed to sort through it if anyone in government is still interested.
Nah.. it can be dismissed on a denial of standing alone. Sure wikipedia can say X but the key is whether there was harm because of it or not and whether a court will recognize that harm.
But in the end, it doesn't matter. The FCC used the interstate commerce clause to movr the internet to title 2 regulation and the courts have long supported searches under the guise of interstate commerce. Even if the NSA is struck down, it can easily, and likely under existing search standards (boarder searches and the ability to inspect cargo) continue will not be hampered. Especially since at least justice robberts is willing to ignore the text of a law and read a penalty as a tax in order to allow it to be constitutional. This signifies that tjis supreme court will go to lengths to allow the government to have its way if there is a conflict over rights dedpite the 9th and 10th amendments.
What link?
If you search through wikiedia using https that link should be rencrypted and not known unless either your computer or the server is compromised or they are using a mitm attack yo thwart the https. If you search through google and click on the link, well you know at minimum you are being watched for marketing reasons.
Anyway, other that google or some other sesrch engine, you will not be swept up in automated collection and filtering. Someone will have to spend some real effort on you if you are using https which is unlikely unless they are already looking at you.
Google purchased Motorola mobility who had a crapload of patents that MS may be violating.
https://gigaom.com/2014/01/30/...
I'm not sure that MS can go after Google and come out clean. The low hanging fruit- especially since MS bought nokia likely will not have as much defensive posturing to fall back on.
The main pusher of climate change, the guy who alarmed congress in 1988 participated in political theater in order to do so. He even admits to it being politicized.
You are either ignoring reality in order to hang on to some glimpse of legitimation or not paying attention at all.