In the myth of Eros and Psyche, Psyche had to sneak past Kerberos to get into Hell and borrow Persephone's beauty secret. She used honey cakes to get past. Aeneas also used honey cakes to get past.
Orpheus played music, and Hercules just picked him up and dragged him out.
It is an article of faith that all technical problems have technical solutions. It is a further article of faith that if a problem can be called "technical" it will be -- no matter whether or not that's accurate. Because technical problems can by definition be solved by technology, and everyone wants problems to be solved, all problems are therefore technical.
God forbid we have to change the way we do business to fix an issue. No! Just put a technical band-aid on it!
Worldcon is trademarked by the World Science Fiction Society. They were really not thrilled with the "Worldcon" headlines. The Worldcon Mark Protection Committee is going to get you!
I assume your parents are in the U.S. They are entirely SOL until the identity is used. The only exception is for people in the states of California. If they're in CA, they can put a security freeze on their information so that nobody can pull your credit report. If they're trying to move and get an apartment, utilities, etc. this can be a pain, but it's probably worth it. If they're in Louisiana, they'll be able to do this in July. People in Texas (now) and Vermont (July) can also do this, but only after the identity has been used.
You can try to put some sort of warning on your information at the credit bureaus, but a) they don't have to do it and b) everyone ignores that anyway. It's probably worth trying for the due-diligence aspects, but it won't actually prevent ID theft.
The only thing you can do is check your credit report frequently and immediately follow up on any problems. However, even that isn't sufficient because your credit report will only pull up information with your name. If only the SSN is used, you'll never see the bad information, though potential creditors will.
You know, I'm not the most politically correct person out there. I have no problem with slaving hard drives, using "he" to mean "everyone regardless of gender," and other such shibboleths. But I did do a double-take at that headline. I don't precisely think it's a wrong use of the word. I do think that the headline itself was awkward and invited unfortunate comparisons. Allusion is a pretty common trope in English, and the headline could definitely be read as alluding to Abu Graib.
I don't watch tv. I have avoided the Abu Graib pictures as much as possible, because I just don't need to see it. But the most vivid picture, the one even I've seen, is the hooded prisoner with wires attached to his body. "Power Supply Torture Test" reminded me of that. My first response was "WTF? Oh, they're being cute. Yech."
I know it's industry standard, I just think it's tacky in this instance. I probably wouldn't have blinked at "torture test" in other headlines: "Hard Drive Torture Test" doesn't bother me. "Server Torture Test" doesn't either. But hard drives and servers aren't notoriously used in torture, either. Electricity, sadly, is.
Anyone who believes Verisign is trustworthy isn't paying attention.
I personally admire their competence almost as much as I admire their integrity....
So I installed Trust, Google, Netcraft, Earthlink, Ebay and Spoofstick toolbars. This results in a) not enough screen space and b) Netcraft plotzing. Everyone else plays well, but the Netcraft toolbar disappears and gives errors like "An error (ActiveX component can't create object: 429) occurred while loading toolbar options. Please contact technical support for further information."
All I wanted was a screenshot....
The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added
Prove it. (I'm talking more to the guy in the article than you, btw.)
That is just the kind of nonsense people say when they're trying to look "balanced" regarding Windows' security failures. I find it infuriating. The Mac and Linux boxen were "attacked" that often because they were on the same network and everything on that network was being attacked. Why? Because Windows machines were attacking them.
The argument that Windows has the most marketshare & therefore is attacked more isn't true in the web server and database markets. Yet while apache and Oracle have problems, they're not anywhere near as bad as IIS and SQL Server. (If anyone has hard data to the contrary, I'd be very glad to see it.)
The argument that Mac and Linux boxes are lone islands in a sea of Windows and therefore worms can't gain critical mass for major infections is equally bogus: the Witty worm attacked only boxes that were running certain versions of ISS BlackIce, yet managed to compromise most of its potential threat profile before it ran out of victims. There are easy, easy ways to find concentrations of Mac and Linux users if you need 'em. Try spamming certain domains with a virus, for example. That argument simply doesn't hold water.
I'm not saying that *NIX computers can't be hacked. I'm not saying that they will never fall victim to automated exploits. I am saying that they are much, much less vulnerable, even if the code were tailor-written to those systems. Privilege escalation vulnerabilities are much rarer and more difficult to exploit -- and no, getting privileges by the asking the user to sudo for you isn't a privilege escalation vulnerability. Social engineering is a cross platform flaw.
Spam, phishing, Witty, and fractions-of-a-penny theft schemes all prove the profitability of niche compromises. I have faith in the entrepreneurial spirit of the new commercial crackers. It will happen. The reason it hasn't happened yet is that OS X and Linux are not as vulnerable and it's hard.
In short, what Windows has is the most market share on bugs.
My first thought was, "Wait, didn't that come out 20 years ago? Is there a reprint? Can I get another copy? Yay!"
David Palmer's Emergence was a really good sf book from the long-ago. Too bad he didn't write anything else. (And no, I don't count Threshold. I am in fact still trying to forget it, twenty years later.)
The author's opinion of her work doesn't count, I agree. I have a looooong rant on the authorial fallacy somewhere around here.... On the other hand, the author's opinion of her own intent does. The director can say the stuff was really there; but saying that the author intentionally put it there, when she says she didn't, is pretty rude.
Re:Dude, did I steal your job?
on
Offshoring IT
·
· Score: 1
Not at all. On the other hand, if the company is getting zillions in subsidies from my tax dollars, I think they ought to hire me or my fellow taxpayers. It seems peculiar that companies save tax money by exporting their wealth to other countries.
Look, I'm all for globalization. I think it's great that other countries get a piece of the pie. They should. This is important. However, it's not okay for big corporations to take my tax dollars and then give my job to someone who doesn't pay taxes here, thus making it harder for me to pay my taxes....
I'm serious. As a child, I was an "Apple II for all" kid. Then I became one of those "Macs are too easy and wimpy" teens. In college, however, I became a "Hey, I can do work, I'm an addict!" person. Then I became a security wonk, and I'm a "Gee, why can't I find hardly any information on hardening OS X? It's not perfect" kind of person.
I don't believe it's possible for the average user to run Windows cleanly. You have to know too much. I've heard my security-wonk coworkers joke about how much spyware they had after a scan (and yeah, they're not great security wonks, but they were well above me on the food chain). If yer average security wonk can't keep his stupid box clean, then there's a problem with both the box and the user, not just the user.
I don't believe that OS X is perfect. There are exploits that work. Safari has some of the same problems IE does (minus the whole hooked-into-the-OS-issue). You have to look really hard to find the issues, though. And for getting actual work done, they're a wonder. The built-in software does much of what regular users need. The interface is pretty and clean. And with BSD underneath, I've found that they a lot easier for linux-geek techie friends to suss out.
I've come to the conclusion that Macs really are the best computers for most of the population. You don't get owned out of the box. You can download your security patches on modem--they come separate from the OS updates. You can safely read The Register. Even my Classic-emulated Office doesn't crash on OS X.
Hardware costs are pretty much at parity for brand-name devices. The cost problem tends to be with replacing software. But there is a useful shareware community for Macs, Fink is pretty well-regarded, and commercial software can be found. Consider how much a password-sniffing Trojan might cost and cough it up.
It won't stop phishing. They'll just use the domain names they've already bought -- secure-visa.com, ebay-fraud.com, etc.
Or accountonline.com or verifiedbyvisa.com...oh, wait, those are real.
Or they'll go down to smaller, localized ISPs and vendors who haven't yet implemented, like spamming for Podunk Bank on the @podunk.net addresses.
On the other hand, it's _much_ better than SPF (SPF headers are easily forged, and I'm more likely to get spam that passes its SPF check than legitimate mail that does).
The guy is a Mac nut, too. I am ashamed for my tribe. Steve "most common music format on an ipod is 'stolen'" Ballmer is probably writing up this little example as we speak...
And he's not allowing others to download from his collection. While I've never really approved of downloading music (probably largely because I had dialup during the heyday, so I can afford to be all snotty), he's freeloading and that's worse. I thought "sharing" was the whole point of p2p.
These cubes are great. The outer surfaces are flat and the inner surfaces are pyramids. They fold and unfold from a cube to a rectangle to two pretty stars. Then you put them back together. They're not really a puzzle so much as a piece of worry-geometry. I could spend hours fiddling with one.
Diebold introduced the concept of a cash-dispensing automated teller machine in 1966.
By contrast, many of today's ATMs are multifunction devices that perform a variety of tasks -- some quite advanced. Diebold makes them all. From simple to complex. And Diebold makes more of them than most any other manufacturer.
Re:Why is it so hard to catch these criminals?
on
Fishing for Phishers
·
· Score: 2, Informative
The money doesn't go to the criminals; it goes to a mule who thinks he's processing charity donations. Then it goes to another mule who thinks she's reselling computers. Then someone uses the cash to buy a plasma tv and send it to some other country. Then the recipient sells the plasma tv and wires the money to someone else.....
The basic problem is money laundering, and we still don't have a good handle on that.
30:37 And Jacob took him rods of green poplar, and of the hazel and chestnut tree; and pilled white streaks in them, and made the white appear which was in the rods.
30:38 And he set the rods which he had pilled before the flocks in the gutters in the watering troughs when the flocks came to drink, that they should conceive when they came to drink.
30:39 And the flocks conceived before the rods, and brought forth cattle ring-streaked, speckled, and spotted.
30:40 And Jacob did separate the lambs, and set the faces of the flocks toward the ring-streaked, and all the brown in the flock of Laban; and he put his own flocks by themselves, and put them not unto Laban's cattle.
30:41 And it came to pass, whensoever the stronger cattle did conceive, that Jacob laid the rods before the eyes of the cattle in the gutters, that they might conceive among the rods.
30:42 But when the cattle were feeble, he put them not in: so the feebler were Laban's, and the stronger Jacob's.
Obviously, you just put the RoundUp bottles in front of the pollen.
Slashdot Mirror
In the myth of Eros and Psyche, Psyche had to sneak past Kerberos to get into Hell and borrow Persephone's beauty secret. She used honey cakes to get past. Aeneas also used honey cakes to get past.
Orpheus played music, and Hercules just picked him up and dragged him out.
Kerberos was the three-headed dog who guarded the entrance to hell in Greek mythology. He could be bribed with honey cakes.
Never.
It is an article of faith that all technical problems have technical solutions. It is a further article of faith that if a problem can be called "technical" it will be -- no matter whether or not that's accurate. Because technical problems can by definition be solved by technology, and everyone wants problems to be solved, all problems are therefore technical.
God forbid we have to change the way we do business to fix an issue. No! Just put a technical band-aid on it!
Worldcon is trademarked by the World Science Fiction Society. They were really not thrilled with the "Worldcon" headlines. The Worldcon Mark Protection Committee is going to get you!
This is one of my hobby horses...
I assume your parents are in the U.S. They are entirely SOL until the identity is used. The only exception is for people in the states of California. If they're in CA, they can put a security freeze on their information so that nobody can pull your credit report. If they're trying to move and get an apartment, utilities, etc. this can be a pain, but it's probably worth it. If they're in Louisiana, they'll be able to do this in July. People in Texas (now) and Vermont (July) can also do this, but only after the identity has been used.
You can try to put some sort of warning on your information at the credit bureaus, but a) they don't have to do it and b) everyone ignores that anyway. It's probably worth trying for the due-diligence aspects, but it won't actually prevent ID theft.
The only thing you can do is check your credit report frequently and immediately follow up on any problems. However, even that isn't sufficient because your credit report will only pull up information with your name. If only the SSN is used, you'll never see the bad information, though potential creditors will.
Welcome to American credit system!
You know, I'm not the most politically correct person out there. I have no problem with slaving hard drives, using "he" to mean "everyone regardless of gender," and other such shibboleths. But I did do a double-take at that headline. I don't precisely think it's a wrong use of the word. I do think that the headline itself was awkward and invited unfortunate comparisons. Allusion is a pretty common trope in English, and the headline could definitely be read as alluding to Abu Graib.
I don't watch tv. I have avoided the Abu Graib pictures as much as possible, because I just don't need to see it. But the most vivid picture, the one even I've seen, is the hooded prisoner with wires attached to his body. "Power Supply Torture Test" reminded me of that. My first response was "WTF? Oh, they're being cute. Yech."
I know it's industry standard, I just think it's tacky in this instance. I probably wouldn't have blinked at "torture test" in other headlines: "Hard Drive Torture Test" doesn't bother me. "Server Torture Test" doesn't either. But hard drives and servers aren't notoriously used in torture, either. Electricity, sadly, is.
"Because if something does go wrong, it is the vendors fault and not yours. With free software, it is your fault."
Um, check the EULA. Unless you've written a change into your contract, it's unlikely that the vendor actually is responsible.
Free software relieves you of the burden of believing the vendor's got your back. For the most part, they don't.
Anyone who believes Verisign is trustworthy isn't paying attention. I personally admire their competence almost as much as I admire their integrity....
So I installed Trust, Google, Netcraft, Earthlink, Ebay and Spoofstick toolbars. This results in a) not enough screen space and b) Netcraft plotzing. Everyone else plays well, but the Netcraft toolbar disappears and gives errors like "An error (ActiveX component can't create object: 429) occurred while loading toolbar options. Please contact technical support for further information." All I wanted was a screenshot....
The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added
Prove it. (I'm talking more to the guy in the article than you, btw.)
That is just the kind of nonsense people say when they're trying to look "balanced" regarding Windows' security failures. I find it infuriating. The Mac and Linux boxen were "attacked" that often because they were on the same network and everything on that network was being attacked. Why? Because Windows machines were attacking them.
The argument that Windows has the most marketshare & therefore is attacked more isn't true in the web server and database markets. Yet while apache and Oracle have problems, they're not anywhere near as bad as IIS and SQL Server. (If anyone has hard data to the contrary, I'd be very glad to see it.)
The argument that Mac and Linux boxes are lone islands in a sea of Windows and therefore worms can't gain critical mass for major infections is equally bogus: the Witty worm attacked only boxes that were running certain versions of ISS BlackIce, yet managed to compromise most of its potential threat profile before it ran out of victims. There are easy, easy ways to find concentrations of Mac and Linux users if you need 'em. Try spamming certain domains with a virus, for example. That argument simply doesn't hold water.
I'm not saying that *NIX computers can't be hacked. I'm not saying that they will never fall victim to automated exploits. I am saying that they are much, much less vulnerable, even if the code were tailor-written to those systems. Privilege escalation vulnerabilities are much rarer and more difficult to exploit -- and no, getting privileges by the asking the user to sudo for you isn't a privilege escalation vulnerability. Social engineering is a cross platform flaw.
Spam, phishing, Witty, and fractions-of-a-penny theft schemes all prove the profitability of niche compromises. I have faith in the entrepreneurial spirit of the new commercial crackers. It will happen. The reason it hasn't happened yet is that OS X and Linux are not as vulnerable and it's hard.
In short, what Windows has is the most market share on bugs.
My first thought was, "Wait, didn't that come out 20 years ago? Is there a reprint? Can I get another copy? Yay!"
David Palmer's Emergence was a really good sf book from the long-ago. Too bad he didn't write anything else. (And no, I don't count Threshold. I am in fact still trying to forget it, twenty years later.)
The author's opinion of her work doesn't count, I agree. I have a looooong rant on the authorial fallacy somewhere around here.... On the other hand, the author's opinion of her own intent does. The director can say the stuff was really there; but saying that the author intentionally put it there, when she says she didn't, is pretty rude.
Not at all. On the other hand, if the company is getting zillions in subsidies from my tax dollars, I think they ought to hire me or my fellow taxpayers. It seems peculiar that companies save tax money by exporting their wealth to other countries.
Look, I'm all for globalization. I think it's great that other countries get a piece of the pie. They should. This is important. However, it's not okay for big corporations to take my tax dollars and then give my job to someone who doesn't pay taxes here, thus making it harder for me to pay my taxes....
Talk her into a Mac, if you can.
I can't believe I said that. This is in no way any attempt to encourage creating a bonsai person, even a voluntary one.
Talk her into a Mac, if you can.
I'm serious. As a child, I was an "Apple II for all" kid. Then I became one of those "Macs are too easy and wimpy" teens. In college, however, I became a "Hey, I can do work, I'm an addict!" person. Then I became a security wonk, and I'm a "Gee, why can't I find hardly any information on hardening OS X? It's not perfect" kind of person.
I don't believe it's possible for the average user to run Windows cleanly. You have to know too much. I've heard my security-wonk coworkers joke about how much spyware they had after a scan (and yeah, they're not great security wonks, but they were well above me on the food chain). If yer average security wonk can't keep his stupid box clean, then there's a problem with both the box and the user, not just the user.
I don't believe that OS X is perfect. There are exploits that work. Safari has some of the same problems IE does (minus the whole hooked-into-the-OS-issue). You have to look really hard to find the issues, though. And for getting actual work done, they're a wonder. The built-in software does much of what regular users need. The interface is pretty and clean. And with BSD underneath, I've found that they a lot easier for linux-geek techie friends to suss out.
I've come to the conclusion that Macs really are the best computers for most of the population. You don't get owned out of the box. You can download your security patches on modem--they come separate from the OS updates. You can safely read The Register. Even my Classic-emulated Office doesn't crash on OS X.
Hardware costs are pretty much at parity for brand-name devices. The cost problem tends to be with replacing software. But there is a useful shareware community for Macs, Fink is pretty well-regarded, and commercial software can be found. Consider how much a password-sniffing Trojan might cost and cough it up.
Thus endeth annoying advice.
Our passwords die after about 3 minutes of being abused
There. Phishing is solved. Just ask the adult industry how!
I'm actually serious. You can't stop people from giving away their information, but you can stop it from being used.
But you need broadband for downloading your Microsoft patches and service packs!
It won't stop phishing. They'll just use the domain names they've already bought -- secure-visa.com, ebay-fraud.com, etc.
Or accountonline.com or verifiedbyvisa.com...oh, wait, those are real.
Or they'll go down to smaller, localized ISPs and vendors who haven't yet implemented, like spamming for Podunk Bank on the @podunk.net addresses.
On the other hand, it's _much_ better than SPF (SPF headers are easily forged, and I'm more likely to get spam that passes its SPF check than legitimate mail that does).
The guy is a Mac nut, too. I am ashamed for my tribe. Steve "most common music format on an ipod is 'stolen'" Ballmer is probably writing up this little example as we speak...
And he's not allowing others to download from his collection. While I've never really approved of downloading music (probably largely because I had dialup during the heyday, so I can afford to be all snotty), he's freeloading and that's worse. I thought "sharing" was the whole point of p2p.
These cubes are great. The outer surfaces are flat and the inner surfaces are pyramids. They fold and unfold from a cube to a rectangle to two pretty stars. Then you put them back together. They're not really a puzzle so much as a piece of worry-geometry. I could spend hours fiddling with one.
The stars are stellated rhombic dodecahedrons.
Um. Diebold makes ATMs:
The money doesn't go to the criminals; it goes to a mule who thinks he's processing charity donations. Then it goes to another mule who thinks she's reselling computers. Then someone uses the cash to buy a plasma tv and send it to some other country. Then the recipient sells the plasma tv and wires the money to someone else..... The basic problem is money laundering, and we still don't have a good handle on that.
wormpaper.jpg
Ok, here's mine:
Use OS X.
Run Software Update every once and a while.
Make sure the firewall stays on.
Back up.
Watch Slashdot for malware that isn't just FUD.
That one's easy. Genesis 30:
Obviously, you just put the RoundUp bottles in front of the pollen.