No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.
How serious are they about data protection, if even the EU governments themselves are even ignoring the most basic principles of secure database deployment.
Case in point, recently the database of the Luxembourgish service medico-sportif was breached. No, not by an evil-genius uberhacker, but by a sportsman who saw a password on a note stuck to a medico-sportif doctor's screen...
It turned out, that the service ignored the most elementary security precautions:
the database was accessible worldwide, directly from the internet, literally from across the world... No intranet-only access, no requirement for VPN, no nothing!
every user (doctor, civil servant,...) had access to the entire database, rather than just the part he needed for his job (no access levels, compartments, etc.)
users (doctors) were stupid (or uneducated) enough to leave their user name and passwords (and the URL of the web interface to the DB) in a place where the public could find them... no, a post-it stuck to your screen in your office is not safe, if you routinely entertain members of the public in there, especially if you then leave them alone for a while!
the database contained data irrelevant to its purpose, such as a flag whether the sports(wo)men where of African origin or not (oddly enough, only Africa was singled out, no other ethnicity)
===> these data protection laws are only there to placate the public, so that they allow more and more data gathering, in the mistaken belief that such data will be safe with the government or whomever. But there is no real will to follow through with application of even the most basic security measures.
"Real issue is embedded links that activate scripts/contact other adservers, etc. There is so much junk embedded in modern web-pages that most users have no clue how bad their client is being raped of accumulating identifiable information."
So does Google's SPDY solve that problem or only contribute to it?
Both:
It solves it by removing the performance impact of these privacy intrusions. You'll still be raped, but now it is a quicky.
It contributes to it by making it less obvious performance-wise, so web servers can do it even more without risking that anybody discovers it by accident due to the excessive sluggishness. You'll be raped in your sleep.
**TCP** suffers from head-of-line blocking and therefore so does SPDY
Head-of-line blocking may happen at different levels.
In the case of pipelined HTTP, if the first request in the pipeline is slow, it will block all the others, because answers have to be delivered in order.
A smarter protocol could take a "tagged" approach, where each response is tagged, and thus can be associated with the correct request even if delivered out of order. IIRC, imap uses an approach like this.
GP is bullshitting, I can't think of any way that sending exactly the same data from the same host can introduce security issues if you don't close and reopen the connection between each one.
IIRC, some attacks against SSL were based on pipelining (where a malicious man-in-the-middle was somehow injecting its own data into the connection, making it look like it was pipelined data from the original client)
Get some guns
Encourage some friends to do same
Get a blowtorch (just in case the SOBs have panic rooms...)
March on MAFIAA members CEO houses and do what comes naturally.
... unless you had something like RS232, full duplex RS485, 10baseT, 100baseT,...
which can all work with only data lines for one direction connected...
... but then that RS485 would no longer be full duplex would it?
They have a hard outer-shell, but are far too squishy on the inside for my liking.
This is true of many corporate systems, not just SCADA. How many companies have companyname123 or some variation as their password on their internal systems? They still don't get hacked (usually), because their external firewalls. Access from outside is not possible, except through VPN for which you need a physical token.
... but all hell breaks loose if some smart guy manages to breach this outer shell (via spear phishing, USB keys, a rogue employee/consultant or whatever...)
It absolutely needs to be pointed out now while its still possible to do something about, that does not require firearms.
At least, in the US, you do have the rights to bear firearms. However, in all the other countries down whose throat you shove WIPO, ACTA et al., there is no second amendment. Why do we have to mirror the US for the MAFIAA protection laws, but not for the second amendment? I too want to be able to welcome the MAFIAA goons with a shotgun in my hand!
Yes, because you get sent to gitmo for porn related charges
There are other prisons than gitmo. For porn related charges, no state-sanctioned torturers are needed, as your fellow prisoners have been brainwashed to gladly assume that task free of charge!
Why has this been modded off-topic? Everybody knows which cruise ship this is about (don't pretend...) so why this silly moderation?
Now, if the moderator had said, Redundant I might agree (for being so late in the game), but Offtopic, no!
She's married, asshole. And if she weren't, I'm sure she didn't come to Slashdot to be facetiously and pseudonymously hit on.
She?
The person went out of their way not to mention their gender:
He's a number guy, I'm a language person.
... probably just wanted to avoid turning this thread into a homophobic rant or something. Instead, he got hit on by somebody mistaking him for a girl...
If you work for a certification authority, don't have sex at the bathroom of your workplace, and then sign his parking slip for the visitor's garage...
Fry's puts a big sticker on the front for returned items with a new lower price. It usually isn't much lower than an unopened item, maybe a couple bucks lower.
Go to store, browse the aisles for a product that you like, but don't buy
Friend of yours "buys" product
Friend of your returns product, gets full price back
Store puts it back on shelves, for 10% less
You swoop in and got 10% off your purchase, for something you know is actually perfectly fine!
Asked if there were concerns about the risk the security breach posed to government departments using the Trust Centre hosted by the post office...
If that's what I think it is, look forward to another wave of MITM-facilitating rogue certificates, this time from South Africa...
, Pule said: "The centre has high security parameters to protect all the services delivered through it."
oh, after that much buzz-word laden alphabet soup, I feel so much better. Hopefully their flux capacitors are fully charged or else there high security parameters might unload.
Slashdot Mirror
No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.
How serious are they about data protection, if even the EU governments themselves are even ignoring the most basic principles of secure database deployment.
Case in point, recently the database of the Luxembourgish service medico-sportif was breached. No, not by an evil-genius uberhacker, but by a sportsman who saw a password on a note stuck to a medico-sportif doctor's screen ...
It turned out, that the service ignored the most elementary security precautions:
===> these data protection laws are only there to placate the public, so that they allow more and more data gathering, in the mistaken belief that such data will be safe with the government or whomever. But there is no real will to follow through with application of even the most basic security measures.
"Real issue is embedded links that activate scripts/contact other adservers, etc. There is so much junk embedded in modern web-pages that most users have no clue how bad their client is being raped of accumulating identifiable information."
So does Google's SPDY solve that problem or only contribute to it?
Both:
It solves it by removing the performance impact of these privacy intrusions. You'll still be raped, but now it is a quicky.
It contributes to it by making it less obvious performance-wise, so web servers can do it even more without risking that anybody discovers it by accident due to the excessive sluggishness. You'll be raped in your sleep.
**TCP** suffers from head-of-line blocking and therefore so does SPDY
Head-of-line blocking may happen at different levels.
In the case of pipelined HTTP, if the first request in the pipeline is slow, it will block all the others, because answers have to be delivered in order.
A smarter protocol could take a "tagged" approach, where each response is tagged, and thus can be associated with the correct request even if delivered out of order. IIRC, imap uses an approach like this.
GP is bullshitting, I can't think of any way that sending exactly the same data from the same host can introduce security issues if you don't close and reopen the connection between each one.
IIRC, some attacks against SSL were based on pipelining (where a malicious man-in-the-middle was somehow injecting its own data into the connection, making it look like it was pipelined data from the original client)
even just looking at cat pictures can be unsafe if the hotspot decides to replace all images with goatse.
You mean, like this?
Nice. Ragingfist.net was way too long, good to see that there is again a simple 2-letter TLD for our favorite internet shock site.
I wonder how many more companies will decide it necessary to block access to the US as ever more draconian actions are taken by our government?
Could anybody post a brief note explaining how to easily block a country in Apache?
Does anyone know how to kill them?
Get some guns
Encourage some friends to do same
Get a blowtorch (just in case the SOBs have panic rooms...)
March on MAFIAA members CEO houses and do what comes naturally.
The second amendment exists for a reason.
The US has for generations has been a net exporter of culture.
ROTFL
... unless you had something like RS232, full duplex RS485, 10baseT, 100baseT, ...
which can all work with only data lines for one direction connected...
... but then that RS485 would no longer be full duplex would it?
They have a hard outer-shell, but are far too squishy on the inside for my liking.
This is true of many corporate systems, not just SCADA. How many companies have companyname123 or some variation as their password on their internal systems? They still don't get hacked (usually), because their external firewalls. Access from outside is not possible, except through VPN for which you need a physical token.
It absolutely needs to be pointed out now while its still possible to do something about, that does not require firearms.
At least, in the US, you do have the rights to bear firearms. However, in all the other countries down whose throat you shove WIPO, ACTA et al., there is no second amendment. Why do we have to mirror the US for the MAFIAA protection laws, but not for the second amendment? I too want to be able to welcome the MAFIAA goons with a shotgun in my hand!
And I'm pretty sure they enjoy looking at Porn so the dude would have been fine on a trip to the US.
As long as all the actors had their 18 years of age (or is that 21 in the US?), and the director has photocopies of their ids on file showing so...
Yes, because you get sent to gitmo for porn related charges
There are other prisons than gitmo. For porn related charges, no state-sanctioned torturers are needed, as your fellow prisoners have been brainwashed to gladly assume that task free of charge!
Why has this been modded off-topic? Everybody knows which cruise ship this is about (don't pretend...) so why this silly moderation?
Now, if the moderator had said, Redundant I might agree (for being so late in the game), but Offtopic, no!
(n/t)
Turn it into a water-cooled data center.
Too risky. Pirates could hack the databases hosted there-in and leak them to the press.
She's married, asshole. And if she weren't, I'm sure she didn't come to Slashdot to be facetiously and pseudonymously hit on.
She?
The person went out of their way not to mention their gender:
He's a number guy, I'm a language person.
... probably just wanted to avoid turning this thread into a homophobic rant or something. Instead, he got hit on by somebody mistaking him for a girl...
If you work for a certification authority, don't have sex at the bathroom of your workplace, and then sign his parking slip for the visitor's garage...
Fry's puts a big sticker on the front for returned items with a new lower price. It usually isn't much lower than an unopened item, maybe a couple bucks lower.
I'm much more surprised by the fact that they managed to take about 1% of the entire assets of the wanna-be bank.
At least, that means that their ATMs were well-stocked for the long New Years' break. Around here they'd have run out of money on the second day...
Asked if there were concerns about the risk the security breach posed to government departments using the Trust Centre hosted by the post office...
If that's what I think it is, look forward to another wave of MITM-facilitating rogue certificates, this time from South Africa...
, Pule said: "The centre has high security parameters to protect all the services delivered through it."
oh, after that much buzz-word laden alphabet soup, I feel so much better. Hopefully their flux capacitors are fully charged or else there high security parameters might unload.
I do this with my web servers. Make them report as if they were IIS while it's really apache or lighttpd.
I do this too... and then check my logs for attempted exploits which I can use against real IIS and ASP sites...
The correct conclusion is that incompetent governments should not be involved in banking.
But incompetent corporations should?
Seems some motorcyclists really like ethanol-based fuels, especially if left in the tank before the winter break...