I can frequently tell the competency of the author of a document by the formatting. The more time they've spent formatting the less competent they tend to be in anything besides Office. Unless they've handed it off to someone else to be "pretty-fied", of course.
I posted this the other day on LinkedIn, in response to one of the plethora of "How to secure the cloud" articles.
In all these assessments and checklists I never see mentioned the one thing that interests me most: How do you ensure the physical security of your cloud provider? In the 8 years that I've been in the physical security industry I have seen very few customers that I couldn't enter their secure sites just by carrying a ladder in one hand and a tool bag in the other. People are generally nice, they'll not only badge the door open but hold it for you.
You need to be sure that the physical infrastructure your cloud provider is as secure as the network infrastructure.
Are areas secured adequately?
Are there adequate controls over who has access to the areas?
Are areas small enough that individuals can be tracked?
Are there adequate controls over who can grant/remove access to those areas?
Does their access either undergo periodic review or automatically expire and have to be renewed?
What happens when an alarm occurs in an area?
What is the response time for an alarm?
How closely are systems monitored?
What are the consequences to cardholders for causing spurious alarms?
What are the consequences to cardholders for violating polices (antipassback, antitailgate, off-hours access, etc.)?
How frequently are physical components (door contacts, motion detectors, etc.) tested?
Are checks done of devices being carried into/out of the site?
Creating a secure physical infrastructure is not easy, especially for large distributed facilities like cloud data centers. Creating and enforcing policies to leverage that infrastructure is not easy either. All the cloud security expertise in the world is pretty useless if a random janitor can plug a device into a switch and hide it above the ceiling tiles.
I work in the physical security industry, and we all LOATHE frelling Citrix. It won't display security video, it won't install some of the security system programs properly (stuff that can run fine on the most ancient POS hardware that you can scrounge up), response times are abysmal, it locks up randomly or whenever a certain action that calls a specific Windows.dll happens, client/server operations are slow, you can't save reports correctly, etc. etc. The customers that are stuck with Citrix end up doing a local install of the fat client on the workstation because Citrix has told them that they don't care and have no intentions of fixing any of the issues we encounter.
Article. VI. . . . all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.
Looks like treaties are perfectly relevant. Care to restate your position?
So what would your take be if Mexico were to invade the whitehouse.gov email server to " check for drug cartel influence at the highest levels of the" US government? It's not like there aren't valid reasons to be suspicious, things like a US Treasury Secretary who resigns to go work for CitiCorps international money laundering division don't go unnoticed elsewhere in the world.
Considering that C-suite executives tend to change employers every few years, often it's also a matter of whether management thinks the problem will come home to roost before they've found another company to destroy.
Biological agents are more difficult to disperse adequately than chemical agents, although since many of them are easier to produce they might be able to go with 'quantity over quality'.
Ah, but the dictator who has been ejected from his homeland doesn't have the ability to buy 100 votes in Congress like the food speculators that drove up the worldwide price of rice and starved millions, or the currency speculators who crashed the Asian economies and condemned tens of millions to live by scrounging garbage piles. Besides, dictators generally kill some people who actually matter, not just the poor. Speculators only kill what the PTB refer to as "useless eaters".
Bioweapons come in two flavors, contagious and non-contagious. Non-contagious ones, such as anthrax, are similar in effect to chemical weapons. One shot, temporary damage, cleanup may be time consuming and expensive but is possible. They're cheap and easy to produce (if you can brew beer you can grow anthrax), but have a very limited shelf life and are more difficult to deploy effectively than chemical weapons.
Contagious ones are pretty much useless as a weapon as before long your own side ends up as affected as the enemy. Human-constructed organisms also tend to be unstable and mutate, making a vaccine of dubious value. This is why Fort Dugway gave up on Ken Alibek's 'black pox' and the like.
The primary danger in bioweaponry is the trust fund kid who thinks that PETA's agenda isn't radical enough. They tend to be stupid and outspoken though, and have generally terrible management skills. Hopefully this will be enough to keep us safe, because Fatherland Security won't.
With the DNA sequence published, anyone with a simple bacteriological lab can produce it.
Not at all. You would need a lab capable of building genes and inserting them into an organism, and there are only a few of those on the entire planet (most of them governmental). If you want to selectively breed the microbe for increased toxicity you can do that in your garage right now and the DNA sequence would be minimal if any help.
True enough, but by that time the Black Death had already swept through Europe several times. Travel has improved by orders of magnitude over the last few centuries.
Wagon freight and carriage travel didn't become common until the late-7th/early-18th century, as the Roman road system had collapsed from lack of maintenance and was never repaired outside of urban areas. It wasn't until later than that when horses became common, and really the late 19th century before riding horses became widely available to anyone beyond the aristocracy.
My uncle knows a 40-some year-old woman who has never been off the island of Manhattan, and can't imagine any reason for doing so. I'm utterly unable to understand such a viewpoint.
It wasn't long ago when most people, even those who were lucky enough to own a horse, never strayed more than 20 miles (generally a day's journey) from home. In many cultures travelers were welcomed with open arms, as they were the only source of news of the outside (aside from invading armies).
"Our best friends" - you mean like the friendly folks that helped write Stuxnet? Pretty much guaranteed. Having worked in the utility industry for a time I can pretty much guarantee as well that the fixes they mentioned haven't been deployed, as no one wants to take down a substation that controls, for example, a Navy base and an aircraft factory to update software.
Wasn't clear, sorry. I was mostly referring to the sometime in this decade portion of the post as being unlikely.
An event as large as you describe, stretching from BC to CA, doesn't appear in the record anywhere. Tsunamis, ghost forests and the like are the effects of local events that, while they may be devastating to the area affected, are not region-wide disruptions. In fact to my knowledge an earthquake on that scale is pretty much unknown anywhere on the planet, ever. Rainer's last eruption 10,000 years ago would have been associated with local earthquakes but was probably the source of them, not the effect.
Actually, no. If you think of all the future paths plotted as a probabilistic cone, Earth occupies a very small portion of the end of the cone. More data will narrow the cone, almost certainly moving it off an Earth-intercept. Almost.
High probability? Do you mean it's probable that you imagine such things while you're high? Because back in the real world the probability of such an event is pretty close to zero.
I wonder how accurate our current asteroid population estimates are. When Shoemaker-Levy hit Jupiter astronomers were saying that it was a "once in a century, or maybe even once in a millennium" event. Since then we've seen the impact marks of at least three and maybe four more comparable strikes that we didn't see coming. When the first asteroid striking the moon was caught on film it was also thought to be a rare event, now we find that it's fairly common. It's possible that our current low rate of meteor strikes is a statistical fluke.
No, Voyager doesn't have the resolution. From beyond the orbit of Neptune it took a look back towards the Sun and took a panoramic shot of the Solar System. At that point Earth was barely 1/10 of a pixel in size, a "pale blue dot" as Carl Sagan referred to it. From its current location it couldn't even see a major comet at maximum brightness.
Slashdot Mirror
I can frequently tell the competency of the author of a document by the formatting. The more time they've spent formatting the less competent they tend to be in anything besides Office. Unless they've handed it off to someone else to be "pretty-fied", of course.
I posted this the other day on LinkedIn, in response to one of the plethora of "How to secure the cloud" articles.
In all these assessments and checklists I never see mentioned the one thing that interests me most: How do you ensure the physical security of your cloud provider? In the 8 years that I've been in the physical security industry I have seen very few customers that I couldn't enter their secure sites just by carrying a ladder in one hand and a tool bag in the other. People are generally nice, they'll not only badge the door open but hold it for you.
You need to be sure that the physical infrastructure your cloud provider is as secure as the network infrastructure.
Are areas secured adequately?
Are there adequate controls over who has access to the areas?
Are areas small enough that individuals can be tracked?
Are there adequate controls over who can grant/remove access to those areas?
Does their access either undergo periodic review or automatically expire and have to be renewed?
What happens when an alarm occurs in an area?
What is the response time for an alarm?
How closely are systems monitored?
What are the consequences to cardholders for causing spurious alarms?
What are the consequences to cardholders for violating polices (antipassback, antitailgate, off-hours access, etc.)?
How frequently are physical components (door contacts, motion detectors, etc.) tested?
Are checks done of devices being carried into/out of the site?
Creating a secure physical infrastructure is not easy, especially for large distributed facilities like cloud data centers. Creating and enforcing policies to leverage that infrastructure is not easy either. All the cloud security expertise in the world is pretty useless if a random janitor can plug a device into a switch and hide it above the ceiling tiles.
I work in the physical security industry, and we all LOATHE frelling Citrix. It won't display security video, it won't install some of the security system programs properly (stuff that can run fine on the most ancient POS hardware that you can scrounge up), response times are abysmal, it locks up randomly or whenever a certain action that calls a specific Windows .dll happens, client/server operations are slow, you can't save reports correctly, etc. etc. The customers that are stuck with Citrix end up doing a local install of the fat client on the workstation because Citrix has told them that they don't care and have no intentions of fixing any of the issues we encounter.
I thing Google Earth has supplanted that business model in most areas now.
a treaty is irrelevant.
Take a look at the Constitution:
Article. VI.
. . . all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.
Looks like treaties are perfectly relevant. Care to restate your position?
So what would your take be if Mexico were to invade the whitehouse.gov email server to " check for drug cartel influence at the highest levels of the" US government? It's not like there aren't valid reasons to be suspicious, things like a US Treasury Secretary who resigns to go work for CitiCorps international money laundering division don't go unnoticed elsewhere in the world.
Although in that case they gave a ruling, and Bad Things Happened as a result of it . . .
Considering that C-suite executives tend to change employers every few years, often it's also a matter of whether management thinks the problem will come home to roost before they've found another company to destroy.
Biological agents are more difficult to disperse adequately than chemical agents, although since many of them are easier to produce they might be able to go with 'quantity over quality'.
BSL = Bio-Safety Level. The higher the BSL number the nastier the organisms you tend to be working with. E. coli, BSL-1, ebola, BSL-4.
Ah, but the dictator who has been ejected from his homeland doesn't have the ability to buy 100 votes in Congress like the food speculators that drove up the worldwide price of rice and starved millions, or the currency speculators who crashed the Asian economies and condemned tens of millions to live by scrounging garbage piles. Besides, dictators generally kill some people who actually matter, not just the poor. Speculators only kill what the PTB refer to as "useless eaters".
Bioweapons come in two flavors, contagious and non-contagious. Non-contagious ones, such as anthrax, are similar in effect to chemical weapons. One shot, temporary damage, cleanup may be time consuming and expensive but is possible. They're cheap and easy to produce (if you can brew beer you can grow anthrax), but have a very limited shelf life and are more difficult to deploy effectively than chemical weapons.
Contagious ones are pretty much useless as a weapon as before long your own side ends up as affected as the enemy. Human-constructed organisms also tend to be unstable and mutate, making a vaccine of dubious value. This is why Fort Dugway gave up on Ken Alibek's 'black pox' and the like.
The primary danger in bioweaponry is the trust fund kid who thinks that PETA's agenda isn't radical enough. They tend to be stupid and outspoken though, and have generally terrible management skills. Hopefully this will be enough to keep us safe, because Fatherland Security won't.
With the DNA sequence published, anyone with a simple bacteriological lab can produce it.
Not at all. You would need a lab capable of building genes and inserting them into an organism, and there are only a few of those on the entire planet (most of them governmental). If you want to selectively breed the microbe for increased toxicity you can do that in your garage right now and the DNA sequence would be minimal if any help.
True enough, but by that time the Black Death had already swept through Europe several times. Travel has improved by orders of magnitude over the last few centuries.
Well, I've looked, and I don't see anything referring to a possible earthquake occurring along 800 kilometers of fault at once. Do you have a link?
Wagon freight and carriage travel didn't become common until the late-7th/early-18th century, as the Roman road system had collapsed from lack of maintenance and was never repaired outside of urban areas. It wasn't until later than that when horses became common, and really the late 19th century before riding horses became widely available to anyone beyond the aristocracy.
My uncle knows a 40-some year-old woman who has never been off the island of Manhattan, and can't imagine any reason for doing so. I'm utterly unable to understand such a viewpoint.
It wasn't long ago when most people, even those who were lucky enough to own a horse, never strayed more than 20 miles (generally a day's journey) from home. In many cultures travelers were welcomed with open arms, as they were the only source of news of the outside (aside from invading armies).
"Our best friends" - you mean like the friendly folks that helped write Stuxnet? Pretty much guaranteed. Having worked in the utility industry for a time I can pretty much guarantee as well that the fixes they mentioned haven't been deployed, as no one wants to take down a substation that controls, for example, a Navy base and an aircraft factory to update software.
Wasn't clear, sorry. I was mostly referring to the sometime in this decade portion of the post as being unlikely.
An event as large as you describe, stretching from BC to CA, doesn't appear in the record anywhere. Tsunamis, ghost forests and the like are the effects of local events that, while they may be devastating to the area affected, are not region-wide disruptions. In fact to my knowledge an earthquake on that scale is pretty much unknown anywhere on the planet, ever. Rainer's last eruption 10,000 years ago would have been associated with local earthquakes but was probably the source of them, not the effect.
Hell of a lot more fun, too.
Actually, no. If you think of all the future paths plotted as a probabilistic cone, Earth occupies a very small portion of the end of the cone. More data will narrow the cone, almost certainly moving it off an Earth-intercept. Almost.
High probability? Do you mean it's probable that you imagine such things while you're high? Because back in the real world the probability of such an event is pretty close to zero.
as meaningful as the deb between a husband and wife. It doesn't need to be repaid.
You're not married, are you? Try borrowing $20 from your wife to cover the tab at a restaurant and you'll start using a different example . . .
I wonder how accurate our current asteroid population estimates are. When Shoemaker-Levy hit Jupiter astronomers were saying that it was a "once in a century, or maybe even once in a millennium" event. Since then we've seen the impact marks of at least three and maybe four more comparable strikes that we didn't see coming. When the first asteroid striking the moon was caught on film it was also thought to be a rare event, now we find that it's fairly common. It's possible that our current low rate of meteor strikes is a statistical fluke.
No, Voyager doesn't have the resolution. From beyond the orbit of Neptune it took a look back towards the Sun and took a panoramic shot of the Solar System. At that point Earth was barely 1/10 of a pixel in size, a "pale blue dot" as Carl Sagan referred to it. From its current location it couldn't even see a major comet at maximum brightness.