Funnily enough I've been asked pretty much the same question.
Slightly different scenario, in this case it's payroll information being sent to the company that deals with the payments.
The "consultants" suggested emailing it, when I said that wasn't going to happen they suggested putting it on an ftp site. (What the hell are we paying them for?)
As the people involved at both ends are not IT people and are all on Windows PGP isn't really an option, but S/Mime is. It also gives the advantage that you can say - go buy an email certificate from this website (pointing them at verisign/globalsign/another-t-t-p) and let them worry about the authentication issue.
S/Mime is integrated into all the common MUA software these days, certainly anything they'll be using on windows, and it's really quite easy to use.
The downside of it is that the security of the system boils down to key management & users. Once you've told them it's ok to email this information how do you guarantee that it's been sent encrypted?
In the article they are speculating that the vector may have been a root password compromise. There are several ways of getting at this, it could be a weak password, it could be a brute force attack against an obtained password file, it could be social engineering.
You'd be surprised how many weak root passwords there are out there, my home machine was recently the victim of a dictionary attack (my own stupid fault - weak password on a seldom used account got compromised). They did not get root, I've run forensics on the compromised disk however it was still used to scan other machines for ssh access. I found and stopped it within 12 hours, but in that time it had found over 30 machines it could SSH into including one with the root password 'root'.
There is no technical solution to poor administration, a well maintained Windows system will be more secure than a poorly maintained Linux system.
There have been so many returns in the UK that one of Microsoft's 3rd party repair companies has stopped repairing them stating that this is a manufacturing defect and should be fixed at source rather than by them.
This is using Extreme Networks Altitude A350 & SummitWM-1000.
There's a newer version of the WM switch now, the 2000, which has some features that I would like, but unfortunately upgrading to that is cost prohibitive at this time.
I believe that Extreme re-badge the access point hardware from another manufacturer but run their own firmware.
I'm in the middle of the 3rd generation of our wireless network.
First generation was "Thick" access points individually managed.
Second generation was the first generation of "Thin" access points.
Third generation is "Thin" access points using CAP-WAP tunneling to a central management platform.
For the First & Second generations we had consultants in to do surveys and radio measurements, we spent days roaming the site with radio gear and plans working out the best locations for the AP.
That turned out the be as much use as a chocolate teapot.
With the third generation (which is a forklift upgrade for the 1st & 2nd generation) we've gone with the scientific approach of "suck it and see". We ordered about 10% more access points than we had existing and when we've finished the install we'll go back round with our survey gear and fill in the dead spots.
Things I've learned from trying to get this right:-
Architects hate you
They want the APs to be hidden, this is bad m'kay. Our second generation install we let the architects dictate where the APs could go. We've landed up with them 30' above the floor above a false ceiling. To maintain these we now have to close the building and get a cherry picker (which we're not allowed to use - it has to be a member of the facilities team)
Outdoor coverage is a bitch.
Lightning arresters, which are mandatory, cause significant loss as does "low loss" cable. Omni direction antennae are prety useless as generally you've got to mount them near a wall which nukes your signal. Directional ones are much better, but require more access points to get the same coverage.
Things you wouldn't expect to impact the signal can bite you in the arse.
UV filter glass (40db loss!), magnetic whiteboards, glass wall partitions. Out door it's even worse - forget it if you've got trees out there, oh and fog - fog kills the signal pretty dead.
Never try to survey a building that's not there.
This may seem obvious, but a lot of our installation had to be done from plans, so we had to estimate signal propagation - this doesn't work. Especially when the users of the building decided that what they really want is a nice metal mesh put into the walls, that really helps the signal.
On the plus side - the 3rd generation ap & management station are making our life much easier. We can actually see where clients are now, and the APs know about each other and manage their radio intelligently (and it seems to work!)
The institute I work for will be sequestered by the government in the event of a pandemic.
We've ring fenced large quantities of diskspace, and other resources to cope with the demands that are likely to be put on us in this event. However the one resource that's going to be vital we have no control over - the ability for our staff to work from home. The last few months I've been asked repeatedly if our remote access solutions will cope with 90% of the staff working from home, the answer has been 'if the internet copes'.
It doesn't take much contention on a DSL circuit to make video conferencing or IP telephony unusable, theses are the sorts of collaboration tool that will be required in this event.
It's only sensible for people to be planning for this scenario, it's something that can only be controlled by the telcos, and they won't do anything unless it is mandated by government.
Sure, 22Tb isn't an enormous amount of disk space these days, it represents about 5% of the total storage at the institute.
What you find however is that when you get above a threshold on disk space the cost of the actual disks becomes less relevant than the cost of the infrastructure to support & manage them. There are many 'cheap' raid arrays out there that will allow you to install large numbers of Tb very cheaply, and they are cheap & work - right up until they stop.
22Tb may be a 'small' amount of disk space, but it still takes one hell of a long time to recover that from tape!
Slashdot Mirror
How did you get involved with this? And why wasn't this the official video for Particle man?
I work in the institute that he founded and know the high regard that he is held in the scientific community.
Judging by the amount of money raised for the atheistbus the Humanist Society should by .god to stop the godsquad getting it.
wondered what this had to do with fish?
Slightly different scenario, in this case it's payroll information being sent to the company that deals with the payments.
The "consultants" suggested emailing it, when I said that wasn't going to happen they suggested putting it on an ftp site. (What the hell are we paying them for?)
As the people involved at both ends are not IT people and are all on Windows PGP isn't really an option, but S/Mime is. It also gives the advantage that you can say - go buy an email certificate from this website (pointing them at verisign/globalsign/another-t-t-p) and let them worry about the authentication issue.
S/Mime is integrated into all the common MUA software these days, certainly anything they'll be using on windows, and it's really quite easy to use.
The downside of it is that the security of the system boils down to key management & users. Once you've told them it's ok to email this information how do you guarantee that it's been sent encrypted?
However if you don't care about the content that you're sending after authentication (which I can see you might not) then why not use S/Key.
In the article they are speculating that the vector may have been a root password compromise. There are several ways of getting at this, it could be a weak password, it could be a brute force attack against an obtained password file, it could be social engineering.
You'd be surprised how many weak root passwords there are out there, my home machine was recently the victim of a dictionary attack (my own stupid fault - weak password on a seldom used account got compromised). They did not get root, I've run forensics on the compromised disk however it was still used to scan other machines for ssh access. I found and stopped it within 12 hours, but in that time it had found over 30 machines it could SSH into including one with the root password 'root'.
There is no technical solution to poor administration, a well maintained Windows system will be more secure than a poorly maintained Linux system.
I've been having trouble with a 2.4ghz video sender, and there's an xbox360 in the equation too, I wonder if this could be a cause.
to install debian than to type in the windoze license key.
http://news.bbc.co.uk/1/hi/health/6923577.stm
Recently Top Gear magazine paid for one of these to be subject to the most basic testing - the results were pretty horrific.
Nah, the sun is easy - just land at night.... oh wait.
According to the EU Commission at least http://www.theregister.co.uk/2007/07/04/ec_frattin i_web_terror_dunce_cap/
There have been so many returns in the UK that one of Microsoft's 3rd party repair companies has stopped repairing them stating that this is a manufacturing defect and should be fixed at source rather than by them.
- company-has-had-enough-of-repairing-xbox-360/
http://www.weplayxbox.com/2007/06/28/exclusive-uk
This is using Extreme Networks Altitude A350 & SummitWM-1000.
There's a newer version of the WM switch now, the 2000, which has some features that I would like, but unfortunately upgrading to that is cost prohibitive at this time.
I believe that Extreme re-badge the access point hardware from another manufacturer but run their own firmware.
Sorry about the formatting pressed submit when I meant to preview - D'oh
First generation was "Thick" access points individually managed.
Second generation was the first generation of "Thin" access points.
Third generation is "Thin" access points using CAP-WAP tunneling to a central management platform.
For the First & Second generations we had consultants in to do surveys and radio measurements, we spent days roaming the site with radio gear and plans working out the best locations for the AP.
That turned out the be as much use as a chocolate teapot.
With the third generation (which is a forklift upgrade for the 1st & 2nd generation) we've gone with the scientific approach of "suck it and see". We ordered about 10% more access points than we had existing and when we've finished the install we'll go back round with our survey gear and fill in the dead spots.
Things I've learned from trying to get this right:-
Architects hate you They want the APs to be hidden, this is bad m'kay. Our second generation install we let the architects dictate where the APs could go. We've landed up with them 30' above the floor above a false ceiling. To maintain these we now have to close the building and get a cherry picker (which we're not allowed to use - it has to be a member of the facilities team) Outdoor coverage is a bitch. Lightning arresters, which are mandatory, cause significant loss as does "low loss" cable. Omni direction antennae are prety useless as generally you've got to mount them near a wall which nukes your signal. Directional ones are much better, but require more access points to get the same coverage. Things you wouldn't expect to impact the signal can bite you in the arse. UV filter glass (40db loss!), magnetic whiteboards, glass wall partitions. Out door it's even worse - forget it if you've got trees out there, oh and fog - fog kills the signal pretty dead. Never try to survey a building that's not there. This may seem obvious, but a lot of our installation had to be done from plans, so we had to estimate signal propagation - this doesn't work. Especially when the users of the building decided that what they really want is a nice metal mesh put into the walls, that really helps the signal. On the plus side - the 3rd generation ap & management station are making our life much easier. We can actually see where clients are now, and the APs know about each other and manage their radio intelligently (and it seems to work!)Exactly who do you think will be making the anti-virals that you're going to stock up on?
Who is going to do the research to work out what particular strain of virus we're looking at?
If everyone takes the attitude that someone else will sort it out for them then we're doomed.
Believe it.....
The institute I work for will be sequestered by the government in the event of a pandemic.
We've ring fenced large quantities of diskspace, and other resources to cope with the demands that are likely to be put on us in this event. However the one resource that's going to be vital we have no control over - the ability for our staff to work from home. The last few months I've been asked repeatedly if our remote access solutions will cope with 90% of the staff working from home, the answer has been 'if the internet copes'.
It doesn't take much contention on a DSL circuit to make video conferencing or IP telephony unusable, theses are the sorts of collaboration tool that will be required in this event.
It's only sensible for people to be planning for this scenario, it's something that can only be controlled by the telcos, and they won't do anything unless it is mandated by government.
Gravity is an unproven 'theory' and as such shouldn't be given any more weight or teaching than other theories such as Intelligent Falling
Here are the 'official' calculations....
The 1 billion traces equates to 800 billion letters of genetic information.
70*50 is a solid page at times new roman 12 point font == 3,500 characters
100 sheets is 1cm high. = 350,000 letters
800,000,000,000/350,000 = 2,285,714.29
So the stack of paper would be 22,857M high
22.8 kilometers.
Mount Everest is 8.848 KM high.
So the stack of paper would be 2 1/2 times the height of Everest.
Sure, 22Tb isn't an enormous amount of disk space these days, it represents about 5% of the total storage at the institute.
:)
What you find however is that when you get above a threshold on disk space the cost of the actual disks becomes less relevant than the cost of the infrastructure to support & manage them. There are many 'cheap' raid arrays out there that will allow you to install large numbers of Tb very cheaply, and they are cheap & work - right up until they stop.
22Tb may be a 'small' amount of disk space, but it still takes one hell of a long time to recover that from tape!
'Been there - done that' not doing it again
It's running on Oracle 9, currently running on Tru64 Unix.
There's a project underway to migrate this to SuSE Linux & Oracle 10, this will be running on HP DL585 4 way Opteron boxes.
Nothing behind the link