IMHO there is a valid point that encryption will slow down investigations. However, the easy fix is to only apply this type of law when someone refuses to give up encryption keys. If the data is decrypted, there is no need for an extension. If a person does not want to give up the keys, they basically forced the extension on themselves. Unless you have some data that will get you in trouble, why not just give up the keys and give the police everything they need to see that you did not do anything wrong. If you are in the wrong, you broke rule #1 and 2.... If you can't be good, be careful. && Don't get caught.
You have to keep in mind that CipherTrust has its mind on the enterprise market. I have spoke to a couple of admins that run IronMails and they love them, but they are not they are not cheap.
I have do disagree with you on that one. I can tell someone wants to be in IT by the way they talk about IT and how up they are on what is happening in the feild. I think that everyone should be suspect of a person with certs but no experince and no stories to tell about an "uber hard" issue they solved. I think that most people who have been in the IT feild long enough have meet that guy who got his MCSE, has never been on a network in his life and yet wants to tell the people with expernice what it what and how their IT shop should be ran.
I find it hard to believe that the US govt spent $90 million on a video game study. I think the money could have been much better used on something that will actually help people. Maybe its just me, but finding cures for diseases, sheltering homeless or feeding the hungry would be a better use of $90 million.
I think this is the best policy I have ever heard of from Microsoft. If you disagree with me, you have never seen the load on a mail server that has to deal with a DOS attack from bounced back phishing emails. As an example, I have seen a bank, that will remain unamed (I need to keep my job:) have over 2 million bounce back messages in an hour becuase of phishing. This was a huge jump from their normal 12-15K messages per hour.
How about following the RFC's to start. Once M$ adhears to the specs in RFC's devolpers will not longer have to alter RFC compliant code to be M$ compliant.
If you have this problem, it was of your own making. One thing I learned many years ago. Prefix every package to its own directory and use links in/etc. Now you can have/usr/local/ver1,/usr/local/ver2 and so on and create links to the config file. Also, who said you can't config the app to use a different path for the config file. The main reason I love *nix, is I have compelete control over my system. Even install prefixes and default config files;-)
IMHO, what is really needed is AMTP, an Advanced Mail Transfer Protocol. The core of the spam problem is that SMTP was not desinged to handle the problems people are seeing now, mainly being spam. There have been a series of tools to aid SMTP in stopping spam such as RBL's and SPF, however, at the core of the problem, you still have a mail protocol that didn't have security in mind when it was created.
We said the same thing about our 3GB hard drive in 1990 something when they just came out. I remember a freind saying "3 gigs... you will never fill that", but tech changed and so did the space requirements. IMHO, I thinking too short term. You may want a TB disk once fiber reaches homes;-)
In addition, we removed all checks between these integrated parts, so while each of the holes in our product by themselves wouldn't let the hacker own your box, our integration allow hackers to own your box if you read the wrong forum or email....
Protocols? We don't really follow the standars so everthing else won't intergrate with our product.
LDAP? No, no , no... What you mean is Active Directory. That LDAP stuff is non standard.
While a good book is always great, most of this stuff is already on SecurityFocus.
Not to mention is home of the bugtraq mailing list. I find alot of the material is already covered in their infocus articles, plus some of the best hackers out there, both white hat and black hat, are on the list and give some of the best tips.
Pure and simple, its all about money. A business will sell its product for as much as it can get. The person who sets the prices has a graph of price and demand for the service and sets the price where they can get the most money. These are businesses who are out for profit, not to be our freinds. Most would sell the shirt off your back for quick buck if they could.
Juniper routers use FreeBSD as the O/S for their routers and I was told by a Cisco certified network engineer that they were better at routing than cisco routers. While I have not ran enough routers to know which is better and why, the fact they use BSD is a plus in my book:-)
They are only thinking of one factor here, return on investment. Simple economic theory is to put your money where it will grow the fastest. I mean really, who would by SCO!!! BayStar is just looking to get as much money as it can from a bad investment before it goes under, nothing more.
The flip side to this coin is that SCO might actually think that they have one friend in this fight, when actually, they trying to cover their own ass[ets]
Wars are started by men in power who want more power and usually do not care for the poeple under them. The blood is on the hands of those who started the war, not the people who use some tool used by others. Gas prices are high, people can't find jobs and they go after my porn!!! How dare them.
Along the same logic, I guess network admins shouldn't scan there own network, because the hacks of tens of thousands of servers will be on there hands. Maybe its just me, but that dosn't make much sense.
Most tools out now are duel edged swords, providing useful feature in one hand, while being able to do harm if used other than the way the designer intended. A baseball bat is just equipment for a game, until you crack somebodies skull open with it.
I am a network admin and have used tcpdump, ethereal, and a fluke network tool. The fluke was very nice, even giving the distance from your drop to the switch/hub, and the strength of the signal on the wire. But like all things, you get what you pay for. That was a low end fuke that cost $900 and I can build 3 PII laptops with linux and ehtereal for that price. Need I say more....
Going to a college most people can get into, I have seen alot of know nothing people thinking they will get a job for big $$$ in IT. These were my top 2. (And they wonder why I left school early)
1. IT Major 2 months from graduating is havig problems getting his 2000 domain working. I give him a hand only to find out he had one IP set to 192.168.x.x and the other to 10.10.x.x. Then he had no DNS servers set for his computers and wonders why he gets a "this name will not resolve error."
2. My favorite, CS Major 3 months from graduating can't even set a static IP address on her Windowz XP machine. I love DHCP as much as the next admin but really.....
I agree with the parent post. I recently left college after working on a degree in IT and being a sys admin in the computer science department. The only way I got my job was because I could admin *nix systems, trouble shoot networks, and write programs. This was also expressed to me by a friend who worked in the same CS department. He left his junior year to be an admin because he did it all (Sys Admin, DataBases, Programing, and Networking) and is doing very well. It is simple, the more you know, the more respected and more likely you are to make it in IT.
On a side note about a Major....
A degree in IT is crap. You learn mostly business and only enough about computers to get you laughted at by the people with Computer Science Degrees.
In CS you have to learn how the computer works at a lower lever. You get exposure to how programs do what they do, and how Operating Systems are created(make sure u take that class!). With a good understanding of how bits and bytes are moved around your computer you will be able to learn any other computer technology faster because you understand the base that most of it is written on.
There is really no point to write a worm to attack SCO. It simply makes the OSS community as a whole look bad, because the only time you will ever hear the name SCO mentioned in IT, besides "isn't that dead", is about the Linux issue. This only makes us as a whole look like bad. If we wanted to send a clear message to SCO, something like a web site "sit in" would be better. Imagine, every slashdot ueser on a web site holding down F5 to show SCO that there is alot of us that think they should just give up. How long do you guys think they would stay up?
While this dosn't solve the heart matter, if BSD is not included in SCO's IP cliams, as stated in the SCO FAQ why isn't anyone switch platforms to BSD. I would rather run FreeBSD for a while, until OSS community puts SCO in there place, than have to pay licenses or even one get an e-mail about a lecense from sco.com.
Slashdot Mirror
IMHO there is a valid point that encryption will slow down investigations. However, the easy fix is to only apply this type of law when someone refuses to give up encryption keys. If the data is decrypted, there is no need for an extension. If a person does not want to give up the keys, they basically forced the extension on themselves. Unless you have some data that will get you in trouble, why not just give up the keys and give the police everything they need to see that you did not do anything wrong. If you are in the wrong, you broke rule #1 and 2.... If you can't be good, be careful. && Don't get caught.
You have to keep in mind that CipherTrust has its mind on the enterprise market. I have spoke to a couple of admins that run IronMails and they love them, but they are not they are not cheap.
I have do disagree with you on that one. I can tell someone wants to be in IT by the way they talk about IT and how up they are on what is happening in the feild. I think that everyone should be suspect of a person with certs but no experince and no stories to tell about an "uber hard" issue they solved. I think that most people who have been in the IT feild long enough have meet that guy who got his MCSE, has never been on a network in his life and yet wants to tell the people with expernice what it what and how their IT shop should be ran.
I find it hard to believe that the US govt spent $90 million on a video game study. I think the money could have been much better used on something that will actually help people. Maybe its just me, but finding cures for diseases, sheltering homeless or feeding the hungry would be a better use of $90 million.
I think this is the best policy I have ever heard of from Microsoft. If you disagree with me, you have never seen the load on a mail server that has to deal with a DOS attack from bounced back phishing emails. As an example, I have seen a bank, that will remain unamed (I need to keep my job :) have over 2 million bounce back messages in an hour becuase of phishing. This was a huge jump from their normal 12-15K messages per hour.
How about following the RFC's to start. Once M$ adhears to the specs in RFC's devolpers will not longer have to alter RFC compliant code to be M$ compliant.
If you have this problem, it was of your own making. One thing I learned many years ago. Prefix every package to its own directory and use links in /etc. Now you can have /usr/local/ver1, /usr/local/ver2 and so on and create links to the config file. Also, who said you can't config the app to use a different path for the config file. The main reason I love *nix, is I have compelete control over my system. Even install prefixes and default config files ;-)
IMHO, what is really needed is AMTP, an Advanced Mail Transfer Protocol. The core of the spam problem is that SMTP was not desinged to handle the problems people are seeing now, mainly being spam. There have been a series of tools to aid SMTP in stopping spam such as RBL's and SPF, however, at the core of the problem, you still have a mail protocol that didn't have security in mind when it was created.
We said the same thing about our 3GB hard drive in 1990 something when they just came out. I remember a freind saying "3 gigs... you will never fill that", but tech changed and so did the space requirements. IMHO, I thinking too short term. You may want a TB disk once fiber reaches homes ;-)
In addition, we removed all checks between these integrated parts, so while each of the holes in our product by themselves wouldn't let the hacker own your box, our integration allow hackers to own your box if you read the wrong forum or email.... Protocols? We don't really follow the standars so everthing else won't intergrate with our product. LDAP? No, no , no... What you mean is Active Directory. That LDAP stuff is non standard.
While a good book is always great, most of this stuff is already on SecurityFocus. Not to mention is home of the bugtraq mailing list. I find alot of the material is already covered in their infocus articles, plus some of the best hackers out there, both white hat and black hat, are on the list and give some of the best tips.
Pure and simple, its all about money. A business will sell its product for as much as it can get. The person who sets the prices has a graph of price and demand for the service and sets the price where they can get the most money. These are businesses who are out for profit, not to be our freinds. Most would sell the shirt off your back for quick buck if they could.
While a bunch of random images may not be art in some eyes, the work it took to create this program is art. Good programing is an art in itself!
In the routers? That would be interesting.
:-)
Juniper routers use FreeBSD as the O/S for their routers and I was told by a Cisco certified network engineer that they were better at routing than cisco routers. While I have not ran enough routers to know which is better and why, the fact they use BSD is a plus in my book
They are only thinking of one factor here, return on investment. Simple economic theory is to put your money where it will grow the fastest. I mean really, who would by SCO!!! BayStar is just looking to get as much money as it can from a bad investment before it goes under, nothing more.
The flip side to this coin is that SCO might actually think that they have one friend in this fight, when actually, they trying to cover their own ass[ets]
Wars are started by men in power who want more power and usually do not care for the poeple under them. The blood is on the hands of those who started the war, not the people who use some tool used by others. Gas prices are high, people can't find jobs and they go after my porn!!! How dare them.
Along the same logic, I guess network admins shouldn't scan there own network, because the hacks of tens of thousands of servers will be on there hands. Maybe its just me, but that dosn't make much sense.
Most tools out now are duel edged swords, providing useful feature in one hand, while being able to do harm if used other than the way the designer intended. A baseball bat is just equipment for a game, until you crack somebodies skull open with it.
I am a network admin and have used tcpdump, ethereal, and a fluke network tool. The fluke was very nice, even giving the distance from your drop to the switch/hub, and the strength of the signal on the wire. But like all things, you get what you pay for. That was a low end fuke that cost $900 and I can build 3 PII laptops with linux and ehtereal for that price. Need I say more....
How would good programs ever get done in a reasonable amount of time without caffeine.
Welcome the land of the free and home of the brave
Turns into...
Welcome the land of the free, home of the brave... and horny.
Bush, elected? I remember something about missing ballot boxes in the state his brother ran.
Going to a college most people can get into, I have seen alot of know nothing people thinking they will get a job for big $$$ in IT. These were my top 2. (And they wonder why I left school early)
1. IT Major 2 months from graduating is havig problems getting his 2000 domain working. I give him a hand only to find out he had one IP set to 192.168.x.x and the other to 10.10.x.x. Then he had no DNS servers set for his computers and wonders why he gets a "this name will not resolve error."
2. My favorite, CS Major 3 months from graduating can't even set a static IP address on her Windowz XP machine. I love DHCP as much as the next admin but really.....
I agree with the parent post. I recently left college after working on a degree in IT and being a sys admin in the computer science department. The only way I got my job was because I could admin *nix systems, trouble shoot networks, and write programs. This was also expressed to me by a friend who worked in the same CS department. He left his junior year to be an admin because he did it all (Sys Admin, DataBases, Programing, and Networking) and is doing very well. It is simple, the more you know, the more respected and more likely you are to make it in IT.
On a side note about a Major....
A degree in IT is crap. You learn mostly business and only enough about computers to get you laughted at by the people with Computer Science Degrees.
In CS you have to learn how the computer works at a lower lever. You get exposure to how programs do what they do, and how Operating Systems are created(make sure u take that class!). With a good understanding of how bits and bytes are moved around your computer you will be able to learn any other computer technology faster because you understand the base that most of it is written on.
There is really no point to write a worm to attack SCO. It simply makes the OSS community as a whole look bad, because the only time you will ever hear the name SCO mentioned in IT, besides "isn't that dead", is about the Linux issue. This only makes us as a whole look like bad. If we wanted to send a clear message to SCO, something like a web site "sit in" would be better. Imagine, every slashdot ueser on a web site holding down F5 to show SCO that there is alot of us that think they should just give up. How long do you guys think they would stay up?
While this dosn't solve the heart matter, if BSD is not included in SCO's IP cliams, as stated in the SCO FAQ why isn't anyone switch platforms to BSD. I would rather run FreeBSD for a while, until OSS community puts SCO in there place, than have to pay licenses or even one get an e-mail about a lecense from sco.com.