The real reality (which of course is true because I am the one saying it) is far more simple and less sinister than you have been led to believe.
Ron Paul made enemies at the facebook debate. On stage he directly insulted his opponents' foreign policy in such a way that from that point on, all the other candidates refused to attend any debate that he was part of.
I think it's bullshit too, but I don't believe it is some sort of evil conspiracy designed to keep the will of the people suppressed.
It was a little ridiculous seeing things during the primaries like Giuliani 4% Other 9% where "Other" is Ron Paul. The moment he decided to take a shit on the RNC was the moment that the RNC decided they didn't want him to represent them.
Seems to be that the graph shows that 50 too late to start getting mammograms. From what I understand, it is recommended that women start getting mammograms at 35.
Also, isn't the point of the mammogram to detect anomalies before they turn into cancer? The numbers for whatever reason, seem a bit skewed in an attempt to get the most disproportionate ratio possible.
Hell, even the class name itself is usually enough, even for common words like class, object, system, string, etc, the java documentation is the top hit.
Sometimes I search for "java 6 " to make sure I get the recent docs.
With about 1000 dollars of radio gear and gnuradio, I could set up a similar system. If I dump 1000 more into an fpga I can passively crack a phone call every 30 minutes. This was demonstrated, and code was released 2 years ago. It has also been on the market since at least 2001.
Sure, I think it would be dumb if our three letter agencies were wasting our tax dollars on this, but I don't really see any legal issues here. This tech is even currently deployed in many shopping malls around the country so market researchers can see what sets of stores people like to visit.
To me it equates to "OMG the GOVMNT can use wireshark to see what websites I'm looking at!" By now this is public knowledge, and can be used offensively or defensively by anyone. I sort of have a pretty liberal view that once the information is in the air, it's fair game for interception.
1. you can turn it off 2. do you know a better way to do it? Signature detection is long broken for vx, and anomaly detection has been inevitable, but held back because of much larger chances of false positives.
The code is running on the clients. Anyone who feels like it can check out what files are being reported back, and what files are not. If it starts reporting things like movies etc, you can be sure that plenty of people will be on top of that quick, and then mcafee is fucked.
It seems more like seti@home to combat the vx market. Then again, I know quite a few people in avert, so grain of salt etc:-) Also, there are much better ways for big brother to watch what people are up to.
Not really. If done right (if they were to act as wireless smartcards) then they would still need to melt the card to pull off the key (private keys should always be stored in write only memory), and within seconds of the victim noticing that their card is missing, they can call a number and revoke the key.
Then they just get issued a new card (with a new key) next time they are in the office (bank, campus, etc..).
The funny thing is that I was unable to trigger the "some users have reported parts of this message as offensive" error with anything else. I tried with other urls, and I tried insulting facebook in the most vile ways my imagination could come up with, but the only way I found to get the notification was entering bugmenot.com in any part of my status.
There have been tons of projects like this in the past, and I don't think there will be any serious traction until people start releasing code.
By the way, shameless plug for my current project (as seen in my sig). It's a security visualization framework designed to make it very easy for security auditors to write data gathering modules, and visualization experts to write modules for visualizing data.
I will be giving a demo of my project at vizsec in a couple weeks (http://www.vizsec.org/workshop2008/), so if you are in the Cambridge area, I encourage you to stop by.
The problem is that "casual snoopers" don't use wireshark (ethereal) anymore. They use things like cain and ettercap that automatically inject fake ssl certs anyway.
I dare you to find me one scenario where a self signed cert on a public website is more secure than having no SSL at all.
The ONLY scenario that I know of where this is the case is when a friend of mine runs the site, and I can call them up and verify the fingerprint before I connect. In that case, you don't want some click through warning message.
Anyone who is able to sniff a session is also able to inject a fake cert. This is not just theoretical either, programs like cain and ettercap have doing this for at least 5 year.
Self signed certs are dangerous, and all firefox is doing with the warning message is alerting the public to the problem.
That is exactly the difference between "liberal" thinking and "conservative" thinking.
A pure liberal thinker does what they think is best all the time, even if it is a bit risky. A pure conservative thinker prioritizes stability over effectiveness. This has been true since the dawn of time.
By branding a politician a "flip flopper", the republicans are attempting to appeal to the conservative side of the swing voters. On the other side, democrats attempt to label conservative politicians as old and stale, with no real ideas for the future.
liberal view: new=progress old=stubborn
conservative view: new=scary old=wise
I am more on the liberal side of things, so I need to know that a politician can adapt to whatever new situations come up. I get worried when politicians start making absolute promises. Even though the ideas sound good now, by the time they are executed, it might not be the best idea.
You should be able to add a trusted root to all the browsers in the company, and have the proxy generate new certs signed with your internal root cert every time someone visits a new website.
The error message is because you are doing it wrong.
Insurance is a scam. Insurance companies scare consumers, telling them that the money will pay off in the long run, but if it ever did, insurance companies would be out of business.
It will post your password to an HTTPS action, but then it reverts back to clear text. Also try firing up wireshark sometime and notice that every single keypress (last time I checked) in the compose mail field sends out an xmlhttprequest. Web 2.0 is awesome.
There is a firefox plugin http://www.customizegoogle.com/ that will force https if you want, but even if you type https into the bar, gmail will attempt to downgrade your session back to http.
Except for the fact that every character you type into the gmail compose field gets sent over the network in clear text, as does your session key. Google does it so they can provide on the fly features like spellcheck and suggestions etc, but it is a huge risk.
Slashdot Mirror
If you think there are no good ISPs in your area, then you are in a prime location to start up your own ISP.
The real reality (which of course is true because I am the one saying it) is far more simple and less sinister than you have been led to believe.
Ron Paul made enemies at the facebook debate. On stage he directly insulted his opponents' foreign policy in such a way that from that point on, all the other candidates refused to attend any debate that he was part of.
I think it's bullshit too, but I don't believe it is some sort of evil conspiracy designed to keep the will of the people suppressed.
It was a little ridiculous seeing things during the primaries like Giuliani 4% Other 9% where "Other" is Ron Paul. The moment he decided to take a shit on the RNC was the moment that the RNC decided they didn't want him to represent them.
"that doesn't sound like it's legal. Does DHS have the legal authority to spy on American citizens going about their business? Should it?"
Hmm, not sure. Do I have legal authority to burn out the CCD with a high power laser?
There's a funny void in the "possible" spectrum between what is legal and what is illegal.
Seems to be that the graph shows that 50 too late to start getting mammograms. From what I understand, it is recommended that women start getting mammograms at 35.
Also, isn't the point of the mammogram to detect anomalies before they turn into cancer? The numbers for whatever reason, seem a bit skewed in an attempt to get the most disproportionate ratio possible.
I still believe that a well done electronic voting system can be significantly more secure than the most secure paper ballots.
Hell, even the class name itself is usually enough, even for common words like class, object, system, string, etc, the java documentation is the top hit.
Sometimes I search for "java 6 " to make sure I get the recent docs.
With about 1000 dollars of radio gear and gnuradio, I could set up a similar system. If I dump 1000 more into an fpga I can passively crack a phone call every 30 minutes. This was demonstrated, and code was released 2 years ago. It has also been on the market since at least 2001.
Sure, I think it would be dumb if our three letter agencies were wasting our tax dollars on this, but I don't really see any legal issues here. This tech is even currently deployed in many shopping malls around the country so market researchers can see what sets of stores people like to visit.
To me it equates to "OMG the GOVMNT can use wireshark to see what websites I'm looking at!" By now this is public knowledge, and can be used offensively or defensively by anyone. I sort of have a pretty liberal view that once the information is in the air, it's fair game for interception.
1. you can turn it off
2. do you know a better way to do it? Signature detection is long broken for vx, and anomaly detection has been inevitable, but held back because of much larger chances of false positives.
The code is running on the clients. Anyone who feels like it can check out what files are being reported back, and what files are not. If it starts reporting things like movies etc, you can be sure that plenty of people will be on top of that quick, and then mcafee is fucked.
It seems more like seti@home to combat the vx market. Then again, I know quite a few people in avert, so grain of salt etc :-) Also, there are much better ways for big brother to watch what people are up to.
Not really. If done right (if they were to act as wireless smartcards) then they would still need to melt the card to pull off the key (private keys should always be stored in write only memory), and within seconds of the victim noticing that their card is missing, they can call a number and revoke the key.
Then they just get issued a new card (with a new key) next time they are in the office (bank, campus, etc..).
The funny thing is that I was unable to trigger the "some users have reported parts of this message as offensive" error with anything else. I tried with other urls, and I tried insulting facebook in the most vile ways my imagination could come up with, but the only way I found to get the notification was entering bugmenot.com in any part of my status.
I believe they refer to is as the "omnibar"
There have been tons of projects like this in the past, and I don't think there will be any serious traction until people start releasing code.
By the way, shameless plug for my current project (as seen in my sig). It's a security visualization framework designed to make it very easy for security auditors to write data gathering modules, and visualization experts to write modules for visualizing data.
I will be giving a demo of my project at vizsec in a couple weeks (http://www.vizsec.org/workshop2008/), so if you are in the Cambridge area, I encourage you to stop by.
You laugh now, but most modern security analysis systems have this feature. Especially the expensive ones designed for large corporate networks.
Who else is in a position to be able to provide that information? The age limit was only designed to prevent parents or coaches from cheating.
The problem is that "casual snoopers" don't use wireshark (ethereal) anymore. They use things like cain and ettercap that automatically inject fake ssl certs anyway.
I dare you to find me one scenario where a self signed cert on a public website is more secure than having no SSL at all.
The ONLY scenario that I know of where this is the case is when a friend of mine runs the site, and I can call them up and verify the fingerprint before I connect. In that case, you don't want some click through warning message.
Anyone who is able to sniff a session is also able to inject a fake cert. This is not just theoretical either, programs like cain and ettercap have doing this for at least 5 year.
Self signed certs are dangerous, and all firefox is doing with the warning message is alerting the public to the problem.
That is exactly the difference between "liberal" thinking and "conservative" thinking.
A pure liberal thinker does what they think is best all the time, even if it is a bit risky. A pure conservative thinker prioritizes stability over effectiveness. This has been true since the dawn of time.
By branding a politician a "flip flopper", the republicans are attempting to appeal to the conservative side of the swing voters. On the other side, democrats attempt to label conservative politicians as old and stale, with no real ideas for the future.
liberal view:
new=progress
old=stubborn
conservative view:
new=scary
old=wise
I am more on the liberal side of things, so I need to know that a politician can adapt to whatever new situations come up. I get worried when politicians start making absolute promises. Even though the ideas sound good now, by the time they are executed, it might not be the best idea.
As long as you are taking care of your own best interests, how is that not free will?
Just because I know the squirrel is going to eat an acorn does not mean that I somehow control the squirrel.
http://www.torrentvalley.com/dw.php?id=1259769
jnode.org :-)
You should be able to add a trusted root to all the browsers in the company, and have the proxy generate new certs signed with your internal root cert every time someone visits a new website.
The error message is because you are doing it wrong.
By all means, suggest to us a way to encrypt a website that doesn't involve SSL.
The level of encryption means absolutely nothing if you don't know who you are talking to.
Insurance is a scam. Insurance companies scare consumers, telling them that the money will pay off in the long run, but if it ever did, insurance companies would be out of business.
You would think so, but check again.
It will post your password to an HTTPS action, but then it reverts back to clear text. Also try firing up wireshark sometime and notice that every single keypress (last time I checked) in the compose mail field sends out an xmlhttprequest. Web 2.0 is awesome.
There is a firefox plugin http://www.customizegoogle.com/ that will force https if you want, but even if you type https into the bar, gmail will attempt to downgrade your session back to http.
Except for the fact that every character you type into the gmail compose field gets sent over the network in clear text, as does your session key. Google does it so they can provide on the fly features like spellcheck and suggestions etc, but it is a huge risk.
http://news.cnet.com/8301-10784_3-9755575-7.html