My father is an immigration attorney (MFIAIA) near the Canadian border and we were chatting about this several weeks ago as it occasionally happens to his clients. Apparently, border agents largely trawl through people's email inboxes searching for evidence of work outside the scope of their current visa. People entering the US on valid visas have few options but to submit their laptop or face denial of entry and possible revocation of their visa and denial of pending applications.
Even if people utilized file or disk level encryption, I wonder if they would force people to surrender encryption keys and passwords. I suggested that he advise clients to look into that sort of solution, but it may not do any good. It would also be interesting to know how and where the information is stored and for how long.
Replying to this post and the one beneath, none of those are rights in a traditional society. The fact that one is taxed is very minor. In case you didn't know, those who join the military are exempt from such taxation. Please tell me you aren't paying taxes now. Muslims must also pay a tax, which non-muslims are exempt from paying. You probably didn't know that in the earlier societies, through the end of the Ottoman empire, many of the highest positions in society were occupied by non-muslims. One also enjoys the right not to be spied upon by their government. Who can raise their hand today and say with any level of certainty that that is a right people enjoy today?
Who can raise their hand and say that spousal abuse, rape, murder doesn't happen at such a prolific level that these crimes almost enjoy the status of a right? Every 2.5 minutes, somebody in America is sexually assaulted and people are rapping on muslim countries for what in comparison are isolated incidents? That is absolutely ludicrous.
It's far worse in Europe, which will be basically Muslim within a generation, its entire culture and history pushed into slavery (dhimmitude).
Yet another example of bigotry and ignorance on Slashdot. You've been reading far too much jihadwatch.com or listening to the likes of Daniel Pipes for your own good. Even if "dhimmitude" did amount to slavery, which it most certainly doesn't, you would still have more rights than you cede to the W regime.
I disagree. While weak encryption and other security services might offer short-term benefits, one often starts to take it for granted and consider it to be highly secure. This creates a false sense of security and perhaps even a level of hubris that can be devestating when exploited.
Cox Comm. beats the crap out of Comcast IMHO. The ISP I use for company email has sendmail listening on 25 as well as 5190. Now that I have SSH access to the server, I simply set up an SSH connection directly to the box and tunnel SMTP traffic through it. It's especially handy when I'm at a hotel or any other public area.
Unfortunately I see an undue reliance upon technology, be it electronic sources of information or laptops, which could create a chilling effect on proper research and the development of one's critical thinking skills. Not to say that the use of the Internet for research is invalid, nay, it is quite valid, but NOT as a primary source. I don't think it is necessary to expound upon the details of this argument, as they are quite self-explanatory.
Our (America's) primary and secondary education system seems to be promoting and rewarding what really amounts to sheer laziness, which more often than not is encouraged by our reliance upon technology, which leads to a reliance upon unreliable sources of information. Due to this laziness, very few children are taught and raised to be critical - to actually check the facts. Instead, it seems that children are rewarded based upon the flashiest PowerPoint presentation, which is a very legitimate skill - for a secretary. How is America going to raise the next generation of scientists, researches, explorers, etc., if children aren't taught to exercise their mind in a critical fashion?
The answer seems to have been given already and is staring us in the face. Good Americans shouldn't give a damn about science, research and independent thought. Good Americans should mind their business and do exactly what they are told and when without asking questions.
By all means, use laptops in the classroom, but make sure they are used properly, to instill the right ethics (i.e. work ethic) and values. If they are primarily going to be used as toys, why not simply give the children Barbie dolls and toy trucks - it would accomplish the same thing.
For those unfortunate souls who would be relegated to dialup if it weren't for Comcast, I suggest that you do not rely on Comcast's email services. Free mail services, such as Google mail, while not particularly privacy-oriented (can one expect privacy of emails??) offers pop3 over SSL and doesn't appear to suffer from blockages as of yet. I can't remember if the SMTP service supports SSL, but if it does, it may not be blocked by Comcast. Otherwise, you can still use Comcast's SMTP service.
Send your ISP a message by not relying on their email service. If enough people do this and complain, they will certainly get the message.
I find it crazy that people are running more and more applications directly on their Internet router. The more applications and services there are running, the more likely a serious security flaw will be found in the device. Do they really think this through? This is just going to be another attack vector for script kiddies to own peoples' networks. Several months after they release this, another vendor will be releasing a seperate firewall/router to protect this device.
I've had Vonage for over a year and now have two lines. I used to complain about the quality as did others on the other end of the call. I recently rebuilt my network (and got rid of my PoS netgear FSV318) and now the quality is absolutely flawless. I'm on a 15mbit/2mbit cable link and I can use nearly all of my bandwidth without even a hiccup on the line. Here's the trick:
I ordered a 2nd IP from my ISP and separated my data network from the voice. In other words, I stuck a switch behind the cable modem with my router (p3 866 running pfsense Freebsd 6) in one port and the motorola vonage box in the other. The difference was absolutely amazing even though there's no prioritization of the SIP and RTP packets. Since pfsense has pretty good QoS capabilities, I might eventually stick the vonage box behind the router and get rid of the 2nd - we'll see.
For those of you who have your vonage box behind a cheap linksys router, forget it. The consumer-level devices simply can't put out the pps to support network usage and simultaneous VOIP usage.
I don't know if anybody bothered to RTFA, but what I found interesting is that WB has NOT implemented ICT at this point. That means that there will be no down sampling when viewing the content on "unapproved" displays. Hopefuly consumers will make enough of a stink when it is introduced to make content providers think twice about DRM.
The reviewer states, "It is important to note, however, that there is a "Better Performance" option under the battery life menu which, undoubtedly, maximizes the battery life in every way that the computer can..."
Actually "Better Performance" means the opposite, as it disables most if not all power saving options. "Better Energy Savings" will give the user longer battery life at the expense of performance. I find most applications almost unusable at that setting and tend to run under the "Normal" setting when I need to get work done. The better savings option is good for movies and checking email.
Personally, until mobile wireless broadband (e.g. HDSPA, EVDO, etc.) services become more pervasive and not to mention MUCH cheaper, I don't think there will be a huge problem. Viruses don't spread through the air - they would require the terminal device to be active and connected.
Assuming a piece of malware could activate the data radio at pre-determined times (e.g. late at night), it could really run up the bill for those who don't have unlimited data plans.
Another avenue of attack, which I see as most likely in the near future (especially for pocketPC users) are malicious websites. Not a whole lot of research seems to be going on in mobile vulnerability development, but when research increases, there will be a problem. Of course much of the research will probably be funded by the AV companies or their subsidiaries. I'm sure you've seen the job postings for security engineers and researchers at companies like symantec so don't deny it.
Now that mobile networks and fixed networks are converging, they really resemble fixed networks, thus controls that work on fixed networks will probably work on the mobile networks with little modification. Firstly, terminal devices, especially J2ME capable ones have reasonable controls by way of very granular permissions that are found in any java runtime environment. I'm not however aware of how extensive the controls are at the OS level. If operators are smart, they will be rather restrictive with these permissions.
Lastly, network controls need to be in place. Perhaps this will be a good use for Unified Threat Management firewalls, which could possibly be placed at the Base Station Subsystem (BSS) level.
The next 12 months will be very interesting. I certainly don't look forward to having to install Norton AV on my Samsung i730!
"..public affairs at Google describes how these China-based servers fit in to Google's mantra of 'Don't be evil.' Google hopes to use this as an opportunity to help bring global censorship into the spotlight of American politics."
This sounds a lot like the old "I'm going to get them from the inside" excuse, which is nothing more than a delusion. They are in there for one reason only - GOOGLE!
It sounds like your government contractor employer does not have or at least doesn't pay much attention to their security policy. A simple, easy to follow role-based policy can go a long way. It specifies in simple terms, exactly what a user can do, can't do and must do. Each user role should be covered. Technical controls can be implemented (i.e. ACLs) to enforce the policy. Your employer should also have standards and procedures to augment the policy, one of which should be IT Change Management.
The bottom line is that developers should NEVER have root (sudo or otherwise) access on production machines. They shouldn't even have user accounts on production machines in most circumstances. SuperUser access on shared development machines is even questionable.
Make sure your users, developers and admins understand their roles and you will have a relatively happy and well functioning IT dept.
I must admit that I didn't read TFA but the summary suggests that banks could reject logins from infected computers. Clearly the scan result would have to be submitted to the bank server, or a client-side script could verify the negative scan result. This would be much cheaper than using server/agent solution that many corporations employ for corporate desktops and applications.
Of course this would force viruses to spoof these results, thus negating any benefit until the information is cryptographically protected.
Not a bad idea.
This is SOP as per nearly all security policies. That said, a good risk management operation may want to differentiate between terminations with cause and professional/graceful resignations. It really depends on the organization's overall risk appetite. It sounds like your CIO's appetite is particularly low, even though the likelihood of damage resulting from a graceful resignation is significantly lower than a termination with cause.
If it makes you feel better, had they been really paranoid, they probably would have called in somebody like myself to analyze your servers for back doors, malicious code, etc., before you even left. My wife, the HR expert thinks that HR should have given you a graceful notification that they accepted your resignation early.
The bottom line is you got two weeks of pay in exchange for getting your feelings slightly hurt.
What other products have this capability?
on
TiVo to Go Released
·
· Score: 3, Interesting
I've been staring at my Scientific Atlantic DVR with the usb and firewire ports for a while just willing them to go live so I can transfer my shows.
Are there any products besides the Tivo that support transfering video over the network or perhaps via firewire/usb2?
You'll find that most turkic languages out there, including Uzbek have these two distinct preterite tenses. One is used for an event to which you were an eye-witness, and the other is used to report events that you did not witness, hence, less believable events.
This feature of the language actually served to insulate the people during the years of Soviet occupation. The news (i.e. propaganda) would be reported in the "I saw it first-hand" tense, thus nobody would believe it.
It's a shame that these languages, or at least the advanced features of such languages are dying out. Everybody should try to take at least two quarters of say Uzbek or Kazak in university (prior to death) to keep the awareness alive - see Professor Cirtautus.
...consider investing in something like the PelcoNet NET350, which supports dual mpeg4 as well as bi-directional audio streamed over ethernet. Coupled with a decent dome camera that supports full PTZ(Pan, Tilt, Zoom) controls, a microphone and speakers, you'll have the complete, latest-and-greatest in surveillance technology setup.
Don't forget to hook up the alarm, which should be programmed to go off upon detecting motion in the crib.
To access the video/audio stream, simply form a VPN connection to your home network, type in the IP address of the Net350 (or similar product)and watch away. You even have the added benefit of having the ability to speak to the baby, provided you have a decent mic on your laptop.
The entire setup will set you back a couple grand, but it should be the ultimate setup for geeks. I wired an entire college campus with a network of these things a few years back - really quite impressive, and it should stream just fine over a moderately fast DSL connection.
Do however check up on the legality of the bi-directional audio capability. Last time I checked, it wasn't exactly legal in the US.
The simplest way to collect the tax is to pass it on to the ISP and then to customers. Every user would have to pay $X more per month. Universities could be tax exempt or collect the tax in the form of an increased technology fee.
Naturally, this logical method of taxation would do nothing to stop spam, as a suggested per-email tax would be insane. Spam is already illegal in most states AFAIK, so tax evasion wouldn't be a huge leap for people already commiting a crime.
However, if the government is out for more revenue, this taxation would be easier to implement and enforce within the US.
Slashdot Mirror
My father is an immigration attorney (MFIAIA) near the Canadian border and we were chatting about this several weeks ago as it occasionally happens to his clients. Apparently, border agents largely trawl through people's email inboxes searching for evidence of work outside the scope of their current visa. People entering the US on valid visas have few options but to submit their laptop or face denial of entry and possible revocation of their visa and denial of pending applications.
Even if people utilized file or disk level encryption, I wonder if they would force people to surrender encryption keys and passwords. I suggested that he advise clients to look into that sort of solution, but it may not do any good. It would also be interesting to know how and where the information is stored and for how long.
Replying to this post and the one beneath, none of those are rights in a traditional society. The fact that one is taxed is very minor. In case you didn't know, those who join the military are exempt from such taxation. Please tell me you aren't paying taxes now. Muslims must also pay a tax, which non-muslims are exempt from paying. You probably didn't know that in the earlier societies, through the end of the Ottoman empire, many of the highest positions in society were occupied by non-muslims. One also enjoys the right not to be spied upon by their government. Who can raise their hand today and say with any level of certainty that that is a right people enjoy today?
Who can raise their hand and say that spousal abuse, rape, murder doesn't happen at such a prolific level that these crimes almost enjoy the status of a right? Every 2.5 minutes, somebody in America is sexually assaulted and people are rapping on muslim countries for what in comparison are isolated incidents? That is absolutely ludicrous.
It's far worse in Europe, which will be basically Muslim within a generation, its entire culture and history pushed into slavery (dhimmitude).
Yet another example of bigotry and ignorance on Slashdot. You've been reading far too much jihadwatch.com or listening to the likes of Daniel Pipes for your own good. Even if "dhimmitude" did amount to slavery, which it most certainly doesn't, you would still have more rights than you cede to the W regime.
I disagree. While weak encryption and other security services might offer short-term benefits, one often starts to take it for granted and consider it to be highly secure. This creates a false sense of security and perhaps even a level of hubris that can be devestating when exploited.
Cox Comm. beats the crap out of Comcast IMHO. The ISP I use for company email has sendmail listening on 25 as well as 5190. Now that I have SSH access to the server, I simply set up an SSH connection directly to the box and tunnel SMTP traffic through it. It's especially handy when I'm at a hotel or any other public area.
Unfortunately I see an undue reliance upon technology, be it electronic sources of information or laptops, which could create a chilling effect on proper research and the development of one's critical thinking skills. Not to say that the use of the Internet for research is invalid, nay, it is quite valid, but NOT as a primary source. I don't think it is necessary to expound upon the details of this argument, as they are quite self-explanatory.
Our (America's) primary and secondary education system seems to be promoting and rewarding what really amounts to sheer laziness, which more often than not is encouraged by our reliance upon technology, which leads to a reliance upon unreliable sources of information. Due to this laziness, very few children are taught and raised to be critical - to actually check the facts. Instead, it seems that children are rewarded based upon the flashiest PowerPoint presentation, which is a very legitimate skill - for a secretary. How is America going to raise the next generation of scientists, researches, explorers, etc., if children aren't taught to exercise their mind in a critical fashion?
The answer seems to have been given already and is staring us in the face. Good Americans shouldn't give a damn about science, research and independent thought. Good Americans should mind their business and do exactly what they are told and when without asking questions.
By all means, use laptops in the classroom, but make sure they are used properly, to instill the right ethics (i.e. work ethic) and values. If they are primarily going to be used as toys, why not simply give the children Barbie dolls and toy trucks - it would accomplish the same thing.
For those unfortunate souls who would be relegated to dialup if it weren't for Comcast, I suggest that you do not rely on Comcast's email services. Free mail services, such as Google mail, while not particularly privacy-oriented (can one expect privacy of emails??) offers pop3 over SSL and doesn't appear to suffer from blockages as of yet. I can't remember if the SMTP service supports SSL, but if it does, it may not be blocked by Comcast. Otherwise, you can still use Comcast's SMTP service.
Send your ISP a message by not relying on their email service. If enough people do this and complain, they will certainly get the message.
I find it crazy that people are running more and more applications directly on their Internet router. The more applications and services there are running, the more likely a serious security flaw will be found in the device. Do they really think this through? This is just going to be another attack vector for script kiddies to own peoples' networks. Several months after they release this, another vendor will be releasing a seperate firewall/router to protect this device.
I've had Vonage for over a year and now have two lines. I used to complain about the quality as did others on the other end of the call. I recently rebuilt my network (and got rid of my PoS netgear FSV318) and now the quality is absolutely flawless. I'm on a 15mbit/2mbit cable link and I can use nearly all of my bandwidth without even a hiccup on the line. Here's the trick:
I ordered a 2nd IP from my ISP and separated my data network from the voice. In other words, I stuck a switch behind the cable modem with my router (p3 866 running pfsense Freebsd 6) in one port and the motorola vonage box in the other. The difference was absolutely amazing even though there's no prioritization of the SIP and RTP packets. Since pfsense has pretty good QoS capabilities, I might eventually stick the vonage box behind the router and get rid of the 2nd - we'll see.
For those of you who have your vonage box behind a cheap linksys router, forget it. The consumer-level devices simply can't put out the pps to support network usage and simultaneous VOIP usage.
Hope this helps.
I don't know if anybody bothered to RTFA, but what I found interesting is that WB has NOT implemented ICT at this point. That means that there will be no down sampling when viewing the content on "unapproved" displays. Hopefuly consumers will make enough of a stink when it is introduced to make content providers think twice about DRM.
The reviewer states, "It is important to note, however, that there is a "Better Performance" option under the battery life menu which, undoubtedly, maximizes the battery life in every way that the computer can..."
Actually "Better Performance" means the opposite, as it disables most if not all power saving options. "Better Energy Savings" will give the user longer battery life at the expense of performance. I find most applications almost unusable at that setting and tend to run under the "Normal" setting when I need to get work done. The better savings option is good for movies and checking email.
Personally, until mobile wireless broadband (e.g. HDSPA, EVDO, etc.) services become more pervasive and not to mention MUCH cheaper, I don't think there will be a huge problem. Viruses don't spread through the air - they would require the terminal device to be active and connected.
Assuming a piece of malware could activate the data radio at pre-determined times (e.g. late at night), it could really run up the bill for those who don't have unlimited data plans.
Another avenue of attack, which I see as most likely in the near future (especially for pocketPC users) are malicious websites. Not a whole lot of research seems to be going on in mobile vulnerability development, but when research increases, there will be a problem. Of course much of the research will probably be funded by the AV companies or their subsidiaries. I'm sure you've seen the job postings for security engineers and researchers at companies like symantec so don't deny it.
Now that mobile networks and fixed networks are converging, they really resemble fixed networks, thus controls that work on fixed networks will probably work on the mobile networks with little modification.
Firstly, terminal devices, especially J2ME capable ones have reasonable controls by way of very granular permissions that are found in any java runtime environment. I'm not however aware of how extensive the controls are at the OS level. If operators are smart, they will be rather restrictive with these permissions.
Lastly, network controls need to be in place. Perhaps this will be a good use for Unified Threat Management firewalls, which could possibly be placed at the Base Station Subsystem (BSS) level.
The next 12 months will be very interesting. I certainly don't look forward to having to install Norton AV on my Samsung i730!
" ..public affairs at Google describes how these China-based servers fit in to Google's mantra of 'Don't be evil.' Google hopes to use this as an opportunity to help bring global censorship into the spotlight of American politics."
This sounds a lot like the old "I'm going to get them from the inside" excuse, which is nothing more than a delusion. They are in there for one reason only - GOOGLE!
It sounds like your government contractor employer does not have or at least doesn't pay much attention to their security policy. A simple, easy to follow role-based policy can go a long way. It specifies in simple terms, exactly what a user can do, can't do and must do. Each user role should be covered. Technical controls can be implemented (i.e. ACLs) to enforce the policy. Your employer should also have standards and procedures to augment the policy, one of which should be IT Change Management.
The bottom line is that developers should NEVER have root (sudo or otherwise) access on production machines. They shouldn't even have user accounts on production machines in most circumstances. SuperUser access on shared development machines is even questionable.
Make sure your users, developers and admins understand their roles and you will have a relatively happy and well functioning IT dept.
I must admit that I didn't read TFA but the summary suggests that banks could reject logins from infected computers. Clearly the scan result would have to be submitted to the bank server, or a client-side script could verify the negative scan result. This would be much cheaper than using server/agent solution that many corporations employ for corporate desktops and applications. Of course this would force viruses to spoof these results, thus negating any benefit until the information is cryptographically protected. Not a bad idea.
This is SOP as per nearly all security policies. That said, a good risk management operation may want to differentiate between terminations with cause and professional/graceful resignations. It really depends on the organization's overall risk appetite. It sounds like your CIO's appetite is particularly low, even though the likelihood of damage resulting from a graceful resignation is significantly lower than a termination with cause. If it makes you feel better, had they been really paranoid, they probably would have called in somebody like myself to analyze your servers for back doors, malicious code, etc., before you even left. My wife, the HR expert thinks that HR should have given you a graceful notification that they accepted your resignation early. The bottom line is you got two weeks of pay in exchange for getting your feelings slightly hurt.
I've been staring at my Scientific Atlantic DVR with the usb and firewire ports for a while just willing them to go live so I can transfer my shows.
Are there any products besides the Tivo that support transfering video over the network or perhaps via firewire/usb2?
IRIX and SCADA in the same breath. Now that's a scary thought.
You'll find that most turkic languages out there, including Uzbek have these two distinct preterite tenses. One is used for an event to which you were an eye-witness, and the other is used to report events that you did not witness, hence, less believable events.
This feature of the language actually served to insulate the people during the years of Soviet occupation. The news (i.e. propaganda) would be reported in the "I saw it first-hand" tense, thus nobody would believe it.
It's a shame that these languages, or at least the advanced features of such languages are dying out. Everybody should try to take at least two quarters of say Uzbek or Kazak in university (prior to death) to keep the awareness alive - see Professor Cirtautus.
...consider investing in something like the PelcoNet NET350, which supports dual mpeg4 as well as bi-directional audio streamed over ethernet. Coupled with a decent dome camera that supports full PTZ(Pan, Tilt, Zoom) controls, a microphone and speakers, you'll have the complete, latest-and-greatest in surveillance technology setup.
Don't forget to hook up the alarm, which should be programmed to go off upon detecting motion in the crib.
To access the video/audio stream, simply form a VPN connection to your home network, type in the IP address of the Net350 (or similar product)and watch away. You even have the added benefit of having the ability to speak to the baby, provided you have a decent mic on your laptop.
The entire setup will set you back a couple grand, but it should be the ultimate setup for geeks. I wired an entire college campus with a network of these things a few years back - really quite impressive, and it should stream just fine over a moderately fast DSL connection. Do however check up on the legality of the bi-directional audio capability. Last time I checked, it wasn't exactly legal in the US.
... can be made easy by mimicing other taxes -
-VAT
-Gas Tax
-Road Tax
The simplest way to collect the tax is to pass it on to the ISP and then to customers. Every user would have to pay $X more per month. Universities could be tax exempt or collect the tax in the form of an increased technology fee.
Naturally, this logical method of taxation would do nothing to stop spam, as a suggested per-email tax would be insane. Spam is already illegal in most states AFAIK, so tax evasion wouldn't be a huge leap for people already commiting a crime.
However, if the government is out for more revenue, this taxation would be easier to implement and enforce within the US.