Why is it that applying security at a higher layer is a bad thing? The data is what needs to be secured, not the headers of the packets... I don't care if people know I'm sending data to my credit card company, I do care if they know what my login and password is though... Am I missing something? Why is it so important to apply security to the lowest layer?
Traffic analysis is rather dangerous too. Imagine if your neighbors noticed that you were surfing www.sexuallytransmitteddiseases.info a lot...
I can't remember who said that Gaia (the planet Earth considered a complex living entity) has a form of AIDS disease that's running amok and depleting its resources from within, and it's called Humanity.
"Dad keeps calling me all the time. It's always 'Iraq' this and 'Iraq' that. He's so annoying sometimes. I swear. Ooo! On another note, I did get my belly button pierced this past weekend! It is soooo cute!"
NZ isn't that close of an ally to the US actually, we (New Zealand) won't let the US bring nuclear powered or armed vessels into our waters, and the US doesn't much like us for that.
Every now and then they try and "convince" us otherwise, like waving FTA's (free trade agreements) under our nose or making thinly veiled threats to take something away or not play ball on something.
And every time we give them the finger and tell them to go take thier toys and play somewhere else.
And what of echelon? That's not really giving the NSA the finger.
Would only work if he became a U.S. citizen. And even then it might be difficult at best. Doesn't matter how close of an ally New Zealand is. A German friend of mine couldn't even get a job with a FFRDC, which is a 501c3 corporation.
North Korean Translation: "Your great robotic creation of the people will defeat the running capitalist dogs of war! All rise and sing the praises of our great leader, Kim Jung-Il!"
Maybe the mergers will lead to more jobs, but my guess is that most mergers will be followed by layoffs (and possibly more overseas outsourcing).
The hemorraging of outsourced jobs will stop once the first big security problem arises. Be it, proprietary code stolen, trojan horse inserted (perhaps by a foreign government), etc. Unfortunately, it'll take something of this magnitude to make companies realize that the short-term dollars saved in outsourcing will cose them long-term when the real problems arise.
According to Scaled's Careers page, "We are sorry but Scaled is unable to hire Summer interns or Co-op students." I didn't think any high tech companies could cope without co-ops and interns!
Huh? They have an intern program. Go to the Jobs section, then look under "Ballast".
Akmai doesn't have a heterogeneous IT solution. It is the root nameservers that do. In fact, TFA says that the cost would be too high for them to do this.
Mod this whole story down "-1 incorrect".
Except I never said it was Akamai. They do cite BIND.
nobody knows what they run, so nobody can make a decent attack..
Well, Kerkoff (sic) said in his principles of security to make the paranoid assumption that attackers will always be able to know what you have and/or how it works. So he says security only by obscurity isn't security at all. Kind of like the ostrich sticking its head in the sand and hoping the lion doesn't see it.
Allow me to perform a concise analysis for you. Hmm... the benefits are that DDoS's have some trouble knocking you offline. What are the costs? Much higher IT costs. Also, the total number of holes in your security will be higher. Just keeping track of all windows security fixes is hard. Imagine doing that for windows, solaris, linux, osx, and bsd. On 100 different hardware setups. Some things are going to go unpatched. You're giving hackers / crackers more opportunities, not more problems.
Fair enough. But what I was thinking of was more of a metric. What are the costs associated with various hardware and software systems? Then, at what point does the added complexity and cost overwhelm the security benefit?
Side note: the security benefit would have to be a metric unto itself also. Perhaps the number and severity of vulnerabilities per release, etc.
The diversity of hardware and software may be an IT nightmare but I think this shows how effective it really is. Now all we need is a concise cost/benefit analysis.
Somehow these Dave Matthews lyrics seem more appropriate with a little spelling alteration...
Stratellite in my eyes
Like a diamond in the sky
How I wonder
Stratellite strung from the moon
And the world your balloon
Peeping Tom for the mother station
I'm sure all of this isn't going to help china's transition into the being a free-market society integrated with the rest of the world.
Very true. China needs to learn, one way or another, that nationalist pride only interferes with technological advancement. Look at the disparity between North and South Korea for a good example.
What happens next time I bring a lady in with me and we sit up the back an eh... you know... do the things that slashdot never told you about... can this see us then?
No... of course not... don't let us bother you.
Chief Quimby over helicopter loud-speaker: "Don't mind us. Continue swimming naked. Oh, come on, continue! Aww..."
... to start using strong crypto for our email? The technology has been available for free for years now, so what's stoping us? Why this inertia?
Because the general public doesn't know much if anything about cryptography. And most likely the packages out there would be too difficult or confusing for them to use.
On a more technical note: I can see the computationally intensive nature of asymmetric encryption, and problems associated with key depositories, etc. being large issues.
2) Have you tried fooling the site by sending different authentication? Mozilla can just *tell* the site it's IE. Unless they're doing something very stupid like using ActiveX, that may work just fine. (If they are using ActiveX, switch banks. Seriously.)
Good point. I doubt your bank is "forcing" you, but rather says they are to avoid having to address misc. problems that might occur with other browsers. Of course, for people tech savvy enough to pick an independant browser, they wouldn't need tech support from the bank.
Slashdot Mirror
Why is it that applying security at a higher layer is a bad thing? The data is what needs to be secured, not the headers of the packets... I don't care if people know I'm sending data to my credit card company, I do care if they know what my login and password is though... Am I missing something? Why is it so important to apply security to the lowest layer?
Traffic analysis is rather dangerous too. Imagine if your neighbors noticed that you were surfing www.sexuallytransmitteddiseases.info a lot...
I can't remember who said that Gaia (the planet Earth considered a complex living entity) has a form of AIDS disease that's running amok and depleting its resources from within, and it's called Humanity.
It was George Carlin.
Or Agent Smith.
"Dad keeps calling me all the time. It's always 'Iraq' this and 'Iraq' that. He's so annoying sometimes. I swear. Ooo! On another note, I did get my belly button pierced this past weekend! It is soooo cute!"
NZ isn't that close of an ally to the US actually, we (New Zealand) won't let the US bring nuclear powered or armed vessels into our waters, and the US doesn't much like us for that. Every now and then they try and "convince" us otherwise, like waving FTA's (free trade agreements) under our nose or making thinly veiled threats to take something away or not play ball on something. And every time we give them the finger and tell them to go take thier toys and play somewhere else.
And what of echelon? That's not really giving the NSA the finger.
maybe the DoD should just hire him first.
Would only work if he became a U.S. citizen. And even then it might be difficult at best. Doesn't matter how close of an ally New Zealand is. A German friend of mine couldn't even get a job with a FFRDC, which is a 501c3 corporation.
Don't have Korean installed. North or South?
North Korean Translation: "Your great robotic creation of the people will defeat the running capitalist dogs of war! All rise and sing the praises of our great leader, Kim Jung-Il!"
5 years ago, you'd pay $2500 for a PII...
Aw, crap! And to think I just shelled out $5k for my PII yesterday...
Maybe the mergers will lead to more jobs, but my guess is that most mergers will be followed by layoffs (and possibly more overseas outsourcing).
The hemorraging of outsourced jobs will stop once the first big security problem arises. Be it, proprietary code stolen, trojan horse inserted (perhaps by a foreign government), etc. Unfortunately, it'll take something of this magnitude to make companies realize that the short-term dollars saved in outsourcing will cose them long-term when the real problems arise.
So, when guys enter their midlife crisis they go out and buy a Porsche. Does that mean that Microsoft will go out and buy Porsche?
According to Scaled's Careers page, "We are sorry but Scaled is unable to hire Summer interns or Co-op students." I didn't think any high tech companies could cope without co-ops and interns!
Huh? They have an intern program. Go to the Jobs section, then look under "Ballast".
Akmai doesn't have a heterogeneous IT solution. It is the root nameservers that do. In fact, TFA says that the cost would be too high for them to do this. Mod this whole story down "-1 incorrect".
Except I never said it was Akamai. They do cite BIND.
Mod this however you choose.
nobody knows what they run, so nobody can make a decent attack ..
Well, Kerkoff (sic) said in his principles of security to make the paranoid assumption that attackers will always be able to know what you have and/or how it works. So he says security only by obscurity isn't security at all. Kind of like the ostrich sticking its head in the sand and hoping the lion doesn't see it.
Allow me to perform a concise analysis for you. Hmm... the benefits are that DDoS's have some trouble knocking you offline. What are the costs? Much higher IT costs. Also, the total number of holes in your security will be higher. Just keeping track of all windows security fixes is hard. Imagine doing that for windows, solaris, linux, osx, and bsd. On 100 different hardware setups. Some things are going to go unpatched. You're giving hackers / crackers more opportunities, not more problems.
Fair enough. But what I was thinking of was more of a metric. What are the costs associated with various hardware and software systems? Then, at what point does the added complexity and cost overwhelm the security benefit?
Side note: the security benefit would have to be a metric unto itself also. Perhaps the number and severity of vulnerabilities per release, etc.
The diversity of hardware and software may be an IT nightmare but I think this shows how effective it really is. Now all we need is a concise cost/benefit analysis.
Too bad that they eat old people's medicine for fuel.
Not mine. I just checked and my Old Glory robot insurance policy is up to date.
Somehow these Dave Matthews lyrics seem more appropriate with a little spelling alteration...
Stratellite in my eyes
Like a diamond in the sky
How I wonder
Stratellite strung from the moon
And the world your balloon
Peeping Tom for the mother station
I'm sure all of this isn't going to help china's transition into the being a free-market society integrated with the rest of the world.
Very true. China needs to learn, one way or another, that nationalist pride only interferes with technological advancement. Look at the disparity between North and South Korea for a good example.
Well I'm using IPvInfinityPlusOne, so :-P to you!
Doesn't that support the controversial new ScratchNSniff (SNSv1) protocol?
They were manufactured in Taiwan or someplace... ?!
How do you say "Beowulf" in Mandarin?
Touche. Well met. I stand corrected. Last time I post after 2am.
What happens next time I bring a lady in with me and we sit up the back an eh... you know... do the things that slashdot never told you about... can this see us then?
No... of course not... don't let us bother you.
Chief Quimby over helicopter loud-speaker: "Don't mind us. Continue swimming naked. Oh, come on, continue! Aww..."
Because the general public doesn't know much if anything about cryptography. And most likely the packages out there would be too difficult or confusing for them to use.
On a more technical note: I can see the computationally intensive nature of asymmetric encryption, and problems associated with key depositories, etc. being large issues.
Something tells me that this is something slashdotters can contribute a lot to. I call it Project: Parents' Basement.
But, would AAA honor my membership card off-planet for when my mobile habitat needs a tow?
2) Have you tried fooling the site by sending different authentication? Mozilla can just *tell* the site it's IE. Unless they're doing something very stupid like using ActiveX, that may work just fine. (If they are using ActiveX, switch banks. Seriously.)
Good point. I doubt your bank is "forcing" you, but rather says they are to avoid having to address misc. problems that might occur with other browsers. Of course, for people tech savvy enough to pick an independant browser, they wouldn't need tech support from the bank.