It isn't a "criminal lawsuit" offence to connect your laptop to your work's network, assuming you had no malicious intent.
That depends on your jurisdiction. The UK laws are pretty strict and don't require intent (presumably because intent is always hard to prove). In the US things are more complicated due to varying state laws. Many of them require intent of your actions, not malicious intent. In other words, his way out would be to claim so much ignorance of security that he didn't know connecting a corporate network directly to the Internet is bad, or so much ignorance of networks that he didn't know his tethering action would open the corporate network to the Internet at large.
But my comment was even more specific than that. Note that I didn't make the point in my first reply, I made it after he basically wrote "fuck the corporate rules, I think they suck" - i.e. he is both aware of their existence and intentionally breaking them - and "I am intentionally deceiving you because I think you deserve this" - the legal term is fraud - he is intentionally hiding relevant information for his advantage, knowing that doing so causes another party damage. That is the legal definition of fraud, and fraud is a criminal offense.
Assuming an unfiltered network connection, the ability to install your payload, a machine policy that allows you to get at the data, etc. etc. etc.
Here, take this: upload your data to your evil.com website. That is a realistic scenario. Hide the window so the upload can continue in the background.
I'm the guy telling his manager what he can and can't do on the network. His manager can not override corporate policies. Have you ever worked in a corporate environment?
You have a black-and-white image of trust and security that we abandoned somewhere in the 80s, I think.
Mobile devices are by nature less trustworthy than devices that remain within the physical perimeter you control, but there is no such thing as 100% or 0% trust in any halfway modern security view.
By all that is entirely besides the point, so let's burn the strawman down quickly and get back to the original point: Mistrusting the mobile devices was, in this example, exactly what the company is doing and is why our friend is putting his employer at risk so he can play FarmVille.
Security often relies on humans, like it or not. You can, theoretically, construct an entrance that guarantees through technological means that no unauthorized person can enter. In the real world, very few people outside certain TLAs would put up with something like that, and very few companies would even entertain the thought after you've told them what it would cost. Almost every real-world physical entry control has a human element.
The IT world is not so different, just less visible and touchable. Real-world security measures are a combination of technological and organisational countermeasures. You may be more familiar with the other term for "organisational measure": Policies.
Let me get this straight: your security plan assumes that no one does this?
My network would be configured so that his notebook doesn't get talked to and a red flag in the NOC shows the presence of an unauthorized device. Because yes, my security plan would most likely say that we have defined connections to other networks, including the Internet.
You sound like a modern dictator and the whole stuff sounds like modern slavery.
Please don't diminish the horrible reality of slavery by comparing it to policies within a corporation.
While i can see your point from a security stance of view, it's still not a valid argument to think you -and you alone- have absolute control over someone else.
No, but is the concept of "here are the rules, we expect you to follow them" really so hard to grasp? I am strict on enforcing the policies, yes. At the same time, I made it clear that the rules are not set in stone - give me a good reason to change them and I will be on your side.
Also, your arguments will be bull. The information is not safe, whatever locked-up solution you use. People could always just make a photograph of the screen, if not anything else.
Your safety should come from the fact that you _trust_ your employees. And to tell a little secret. Trust must come from both sides, else it won't work.
I'm not trying to protect against the user. That's idiotic, and any company feeling that it needs to do that needs its leadership exchanged.
I am trying to protect the user and the corporate network against whatever risks have been decided to need mitigation. In this context: Outside attackers. Usually, a part of the defense layers is network seperation. Someone who tethers the machine he's plugged into the corporate network to his iPhone so he can surf the web? I'm sorry, why are we even discussing this?
You, as IT staff, you do your best to secure your network and hardware. But as you can read in the rest of this article, as soon you overdo it, employees will find a way to work around it. And no, you will not all see them in your office. What you need to do here, Sir, is to find that delicate balance between security and workability.
I'd never have guessed. Oh wait, I just gave the keynote at a security conference on this topic.
One of the things I said is that we don't need more security awareness in users - we need more user awareness in security. So you can kind of guess that I'm all with you there on the basic idea. And still that doesn't mean any joker can violate the policies and push holes into the corporate security infrastructure just because he feels he's entitled to something.
I am entirely serious on the "visit me in my office" part. Don't take it word-for-word, what I am saying is that there should be a process for changes in the security rules and restrictions, and users need to be aware of it. If someone needs Internet access for his work, then by all means he should get it - but in a way that's in line with the requirements of the company, including security, and not by plugging his private notebook into the corporate network on one end and into his iPhone on the other.
If 'that information' is so sensitive, you should consider not putting it on a network at all.
Welcome to the 21st century. You can't really do that anymore. What you can do is having multiple networks, and if you require very high security, entirely seperated ones. Of course, that also only works until some joker tethers his iPhone to his... you get the idea.
If actions of your employees compromised your security, YOU did something wrong, not them.
That is a simplified view. In general, I will agree. However, there are many cases where organisational measures are more effective, easier or simply cheaper than technological measures. I could turn the entire building into a Faraday cage to make sure nobody tethers his iPhone to his... - but that's not exactly an optimal solution. Nor would the users be very happy that all their mobiles phones stopped working because I needed to make sure no idiot with an iPhone...
Yes, I am aware that I can stop him at the other end, and a properly configured network simpl
That's assuming you'd know. As I said above, you'd be none the wiser.
That's a criminal lawsuit right there, you are aware of that, yes?
As an IT professional you are supposed to work WITH me, not AGAINST me. Until you understand that, deceit is all you deserve.
I will gladly work with you. I told you how to initiate such a cooperative effort. Bypassing the corporate security measures is where you are working against the company.
I am 100% for making security a lot more user-friendly and cooperative than it is today. In fact, I've given the keynote on a security conference on that exact topic two weeks ago.
But that doesn't mean any joker who thinks he's smart can just go and violate all policies, bypass all security measures and put the entire corporate network at risk.
somebody has physical access to the laptop for a minute or two. A backdoor is loaded on the laptop during the distraction.
I think you need to be a little more detailed at the "and then magic happens" step.
If I can compromise your notebook in two minutes, it was never properly secured. How do you intend to get your backdoor on there? Type it in? Oh, you assume I have an optical drive and USB ports that will accept any arbitrary device someone happens to plug in?
Again, the question goes back to what this employee is really doing.
No, it doesn't. It goes back to what the company is doing. If they are in any business where lives are on the line, or actual damages could occur - I'm not talking about a dent in profits - then what the employee wants to stroke his ego doesn't matter.
Not all mobile users handle sensitive data or are really targets for attacks.
If your notebook goes on a network I'm responsible for, then it is a potential target. Even if it contains no data worth anything, it can bring malware into the system, or a nice piece of malware could download sensitive data unto it once it has connected to the network.
Read up on Stuxnet and how it got across not only firewalls, but airwalls.
You can lock down a notebook well enough that it requires malicious intent and considerable technical skill to tamper with it.
The fact that there is no 100% security doesn't mean that there isn't 99% security.
IMO if the user is competent enough to install Linux or their own custom Windows image on there, I don't think you are any worse off than it was previously. Seeing how out of date some IT departments are with patching and service packs, the machine may end up being more secure.
Maybe. But that "more" of security could be in the wrong place, while the security that actually matters for the threat scenarios that the risk assessment has defined has been reduced.
All the information needed to access corporate services is in my possession anyway, so you're none the wiser. If you block Internet access at work, I will happily tether to my iPhone or bring my iPad.
Let me get this straight: You would connect to the corporate network using a private, unapproved machine? And you would then connect that machine directly to the Internet?
In several environments in which I've worked, as the IT Security/Compliance Officer I would recommend you for immediate termination.
Just because you think that you are entitled to your own rules doesn't make it so. If you don't like my rules, you are welcome to come into my office and discuss them with me. You better have good reasons, because I do. You are not free to just break the rules and open up the corporate network to the world at large, bypassing all the security layers that are there for a reason.
Are there any other precautions I could or should take?
Yes. Check your employers rules on private use.
If they allow it - forget about private mode and encryption, if I control the hardware, you can't hide from me. Don't treat the company IT like an enemy, unless you want to be treated likewise in return. Storing your personal data on an USB stick is a good decision, however. Not for security reasons, but because it makes the seperation between work and private simpler.
If they don't allow it - get an iPad for the road.
The one thing IT departments, and especially the IT security guys, can't stand and will come down on like a ton of bricks if they ever get the chance are the "power users" - the people who know enough to screw things up and not enough to resist doing it.
If your machine is locked down tightly, there are reasons for it. They might be bullshit reasons, in which case there are appropriate ways to challenge them and get things changed. Playing Johnny Hacker isn't one of them.
Funny, but besides the point. The bikeshed problem doesn't surface in concrete, physical issues, it's an artifact of design, management, abstraction and complexity.
I am saying that you have not provided any evidence for your claim.
I fail to see what this simple statement of fact has to do with intelligence.
Also, you conveniently forgot about everything else I wrote by acting all upset and angry. So I will add this: The evidence you produced for the other claim of yours has also, on checking, failed to uphold the point you were trying to make with it. While the quote was real, read in context it does not mean what you alleged.
But you claimed that the interview would be easy to find. So please, entertain me. I will apologize if you can produce the actual interview, and if it makes the points you claim it makes, I may very well change my mind on the subject matter.
Until then, I'll call you a liar and a fraud.
Oh, and since you also dodged my request to take a guess at my agenda: Google for some of the writings of Hakim Bey. There's a guy ripping the established powers to shreds and pulling away the curtains without having to invent quotes and make up conspiracies.
my assertion and defense of the very groups and powerful, wealthy people advocating depopulation makes your own agenda questionable to an objective observer.
I'm really curious what you would guess my agenda is...
No, seriously. Let me know.
the first quote starts on the bottom of page 21,
Now that gives it the missing context. See, you put it into a context of depopulation, but the entire chapter is about population growth, and on p. 22 it puts the necessary depth into the debate by pointing out that the relationship is varied and in some countries the per-capita emissions are even falling.
If you read the entire report - or just a few chapters - it doesn't seem to support your claim that some mysterious global elite is planning to kill most of the world population in the slightest. It's a calm review of what we know about the relationship between various factors such as population, consumption, transporation, energy consumption, etc.
As for Ted Turner's quote, it (along with the entire context and his views) was first published in an interview given in 1996 to the magazine of the American conservation organisation The Audubon Society
Quotes get made up all the time, and once enough people are quoting it, everyone thinks it's real. There are a nice number of examples for this effect, and too few journalists who actually check the sources. In fact, one of the pet/. topics has an example: The estimate for losses to movie "piracy" are such a thing. Someone once made up a number, and that number has been quoted and re-quoted ever since, with everyone referencing someone else who only got it somewhere else, until it has so many references that it seems real.
So, in the language of the IntarWeb: "Pics or it didn't happen".
And yes, the burden of proof lies with you. Extraordinary claims require extraordinary evidence. I am highly sceptical, but I can be convinced. I took a few months to make up my mind about 9/11, for example. I used to doubt that ECHOLON was real, but as more and more evidence has surfaced that I was wrong, I've come around.
But depopulation on a massive scale? And advocated by the very people who have the most to lose from any major socio-political change? That's a crackpot theory and those spreading it are frauds and liars. And I say that in these clear words because I'm not on TV like Pen & Teller and thus I can say what I believe.
One of the strongest evidences for conspiracy theories is the style of selective quoting you show: Many short quotes by many different people, all well picked to create a narrative.
It's exploiting a psychological quirk of human beings: That we are more easily convinced by consistent narratives than by complicated facts. There's a lot of very interesting, fairly recent (past few decades) research into this fascinating area.
But that doesn't make it one bit true. It's fraud, plain and simple. Exploiting psychological weakness to make a point that facts can not support is a fraudulent activity.
I'm not even saying your quotes are out-of-context or wholesale inventions, though I strongly suspect that at least some of them are. But that doesn't matter, because we know the facts and they don't match your nice story:
The globe can sustain a population at the current level, provided we move to a pollution level per person much below the current one of the civilized world
Food is a more important problem with overpopulation than pollution. Pollution and global warming are not by necessity tied to population levels, but to energy generation and our methods of doing so.
Reducing population growth is indeed a serious issue that needs to be solved in the forseable future. Population reduction is such an extraordinarily claim that you need a lot better support for it than a couple of choice quotes. In fact, contrary to what I wrote above, I've actually downloaded the 2009 UNFPA report and guess what, your alleged quote doesn't appear in it. If you respond to this, kindly include the page number.
In fact, I believe everything you've written is made up. I've checked the Ted Turner "quote" as well, and it appears exclusively on crackpot websites like "endoftheamericandream.com" - the domain name says it all. I could not find one single respectible source for it.
Of course, that's all because the globale elite suppresses it through their control of the media. You need to pick up a good book on dissonance theory.
And sometimes, as in the case of phrenology and eugenics, people are harmed in the name of science.
When that name is taken in vain, yes.
Science provides the foundation and is often wrong for a time. But it takes someone with an agenda to put things into action. Eugenics, for a start, is not qualified as a science by most members of the scientific community - not then and not now. It is an applied science, kind of the political arm of genetics. But just like atomic physics creates atom bombs, but doesn't tell us if or where to use them, so the scientific understanding of genetics can be applied in various ways, with eugenics being one of them. That doesn't make eugenics a science any more than, say, cable TV is a science. Both have a scientific foundation without which they would not be possible, but questions of what to do with the possibilities are not purely scientific questions.
Various incarnations of this have been tried for at least 10 years.
All of them miss the point. That it's not more visuals that is lacking from online shopping, but other senses. Feeling the weight and texture, touching something, getting the full experience.
It's like increasing the resolution on sports TV because you think too many people still go to the event instead of watching it at home. That decision was hardly ever because the picture was so small.
While I agree with you on most points, I don't think the absolute stands.
Ancient codes aren't crypto by todays standards, but they were in their days, so we need to give them credit for that, or else we should stop calling AES et al crypto as well, because a thousand years from now, people with quantum computers (or whatever) will laugh at us the way we laugh about the Cesar cypher today.
Two, the NSA and its predecessors were formed out of necessity, because there was encryption being used by the enemy, the most famous being the Enigma machines of the germans during WW2, which had been used both commercially and in the military since the early 1920s. By that fact alone we know that business people had already seen a need for cryptography almost a hundred years ago.
The NSA is definitely top of the class today, but they weren't the first.
One of the basic rules of cryptography is that you need to understand fully what you're doing, because it's complicated and has side-effects.
In many cases, encrypting something multiple times does not increase the strength of the encryption, and may even reduce it. Sometimes, though, it does.
In the case of 3DES, avoiding the meet-in-the-middle attack is one of the reasons that it is set up the way it is (two encryptions with one decryption in the middle). But it is a good example - a novice would think that two encryption and one decryption step make the equivalent of one encryption.
someone asked if, by publishing a spec on how to do encrypted secure comms on an Android, her division hadn't made the job of the SIGINT spooks impossibly more difficult. She somewhat artfully dodged/refused to answer, and simply said that her job was to protect the data and communications of the US Government. My take: draw your own conclusions about NSA's ability to break IPSEC.
Doesn't necessarily follow. The NSA has these two different and often conflicting missions. And I know that if I were in the second one (what she said), I would make damn sure that my own spooks can't break it. Because if they can, so can someone else.
Her dodge is probably due to this conflict, which I'm sure is constantly generating friction within the NSA.
No free pass on fundamental flaws in motivation and execution just because feathers get ruffled on a bureaucratic/system in disparate need of overhaul. We need change of a higher order....but I won't pass on change of an incremental nature in the right direction, I just won't call it holy and righteous.
That sums it up nicely.
Anonymous has picked its image well. The character V is deeply flawed and his motivations and methods doubtful. But in the end, he's doing the right thing. Love him or hate him, but he gets the job done.
And I think that is exactly what many people hope Anon will do. Their methods are juvenile, their motivation is more ego-driven than visionary, but they are drawing away some of the curtains, and getting attention to something that has been hidden for too long.
I remember a good Zen story about a peasant talking to a monk, asking for advise, because he lost his temper with a guy at the market and hit him over the head with his umbrella. And since Buddhism tells you to be peaceful, he now regrets it, but he says the guy was acting really terrible, and has been doing it all the time, and he just couldn't help it. And hitting him did make him stop. But still, he feels horrible. The monk says: "You are rightly upset that you could not stay calm. It is important to not lose ones temper and stay in the moment, and hatred is a bad motivation. So next time, if he acts up again, remain calm and maintain your inner peace. And hit him over the head again, as apparently that is the language he understands."
I maintain my point. You think of Anonymous as an organisation. It isn't. Sure, some of these strategies will work to some degree. But not to the same degree and not with the same result that they would in an actual organisation.
Example:
If you do that repeatedly the intelligence agencies will be annoyed but they'll assume every leak came from a different source and not assume they're a singular entity. They'll also have no way of knowing who or where it came from. They'll probably suspect leaks in their own organization. Telling people it's a hacking group tells the intelligence people that the flaw is in their computer system. Why tell them that if your objective is to steal information from them?
What tells you that the various Anonymous actions are done by the same people, or even by people who have the slightest connection? Anyone can hack a computer, release what he found, and put the Anonymous logo on it all.
What tells you that the hack was an IT security issue at all? Because someone said so? Could be misdirection. I know I in their place would make up a plausible and entirely false story.
The iPad can disable notifications - there won't be any alerts in the middle of a Keynote presentation.
All it needs is to add a "don't disturb me" switch into the iBooks application.
It isn't a "criminal lawsuit" offence to connect your laptop to your work's network, assuming you had no malicious intent.
That depends on your jurisdiction. The UK laws are pretty strict and don't require intent (presumably because intent is always hard to prove). In the US things are more complicated due to varying state laws. Many of them require intent of your actions, not malicious intent. In other words, his way out would be to claim so much ignorance of security that he didn't know connecting a corporate network directly to the Internet is bad, or so much ignorance of networks that he didn't know his tethering action would open the corporate network to the Internet at large.
But my comment was even more specific than that. Note that I didn't make the point in my first reply, I made it after he basically wrote "fuck the corporate rules, I think they suck" - i.e. he is both aware of their existence and intentionally breaking them - and "I am intentionally deceiving you because I think you deserve this" - the legal term is fraud - he is intentionally hiding relevant information for his advantage, knowing that doing so causes another party damage. That is the legal definition of fraud, and fraud is a criminal offense.
Assuming an unfiltered network connection, the ability to install your payload, a machine policy that allows you to get at the data, etc. etc. etc.
Here, take this: upload your data to your evil.com website. That is a realistic scenario. Hide the window so the upload can continue in the background.
But that doesn't compromise the notebook.
I'm the guy telling his manager what he can and can't do on the network. His manager can not override corporate policies. Have you ever worked in a corporate environment?
You have a black-and-white image of trust and security that we abandoned somewhere in the 80s, I think.
Mobile devices are by nature less trustworthy than devices that remain within the physical perimeter you control, but there is no such thing as 100% or 0% trust in any halfway modern security view.
By all that is entirely besides the point, so let's burn the strawman down quickly and get back to the original point: Mistrusting the mobile devices was, in this example, exactly what the company is doing and is why our friend is putting his employer at risk so he can play FarmVille.
Security often relies on humans, like it or not. You can, theoretically, construct an entrance that guarantees through technological means that no unauthorized person can enter. In the real world, very few people outside certain TLAs would put up with something like that, and very few companies would even entertain the thought after you've told them what it would cost. Almost every real-world physical entry control has a human element.
The IT world is not so different, just less visible and touchable. Real-world security measures are a combination of technological and organisational countermeasures. You may be more familiar with the other term for "organisational measure": Policies.
Let me get this straight: your security plan assumes that no one does this?
My network would be configured so that his notebook doesn't get talked to and a red flag in the NOC shows the presence of an unauthorized device. Because yes, my security plan would most likely say that we have defined connections to other networks, including the Internet.
You sound like a modern dictator and the whole stuff sounds like modern slavery.
Please don't diminish the horrible reality of slavery by comparing it to policies within a corporation.
While i can see your point from a security stance of view, it's still not a valid argument to think you -and you alone- have absolute control over someone else.
No, but is the concept of "here are the rules, we expect you to follow them" really so hard to grasp? I am strict on enforcing the policies, yes. At the same time, I made it clear that the rules are not set in stone - give me a good reason to change them and I will be on your side.
Also, your arguments will be bull. The information is not safe, whatever locked-up solution you use. People could always just make a photograph of the screen, if not anything else.
Your safety should come from the fact that you _trust_ your employees. And to tell a little secret. Trust must come from both sides, else it won't work.
I'm not trying to protect against the user. That's idiotic, and any company feeling that it needs to do that needs its leadership exchanged.
I am trying to protect the user and the corporate network against whatever risks have been decided to need mitigation. In this context: Outside attackers. Usually, a part of the defense layers is network seperation. Someone who tethers the machine he's plugged into the corporate network to his iPhone so he can surf the web? I'm sorry, why are we even discussing this?
You, as IT staff, you do your best to secure your network and hardware. But as you can read in the rest of this article, as soon you overdo it, employees will find a way to work around it. And no, you will not all see them in your office. What you need to do here, Sir, is to find that delicate balance between security and workability.
I'd never have guessed. Oh wait, I just gave the keynote at a security conference on this topic.
One of the things I said is that we don't need more security awareness in users - we need more user awareness in security. So you can kind of guess that I'm all with you there on the basic idea. And still that doesn't mean any joker can violate the policies and push holes into the corporate security infrastructure just because he feels he's entitled to something.
I am entirely serious on the "visit me in my office" part. Don't take it word-for-word, what I am saying is that there should be a process for changes in the security rules and restrictions, and users need to be aware of it. If someone needs Internet access for his work, then by all means he should get it - but in a way that's in line with the requirements of the company, including security, and not by plugging his private notebook into the corporate network on one end and into his iPhone on the other.
If 'that information' is so sensitive, you should consider not putting it on a network at all.
Welcome to the 21st century. You can't really do that anymore. What you can do is having multiple networks, and if you require very high security, entirely seperated ones. Of course, that also only works until some joker tethers his iPhone to his... you get the idea.
If actions of your employees compromised your security, YOU did something wrong, not them.
That is a simplified view. In general, I will agree. However, there are many cases where organisational measures are more effective, easier or simply cheaper than technological measures. I could turn the entire building into a Faraday cage to make sure nobody tethers his iPhone to his... - but that's not exactly an optimal solution. Nor would the users be very happy that all their mobiles phones stopped working because I needed to make sure no idiot with an iPhone...
Yes, I am aware that I can stop him at the other end, and a properly configured network simpl
That's assuming you'd know. As I said above, you'd be none the wiser.
That's a criminal lawsuit right there, you are aware of that, yes?
As an IT professional you are supposed to work WITH me, not AGAINST me. Until you understand that, deceit is all you deserve.
I will gladly work with you. I told you how to initiate such a cooperative effort. Bypassing the corporate security measures is where you are working against the company.
I am 100% for making security a lot more user-friendly and cooperative than it is today. In fact, I've given the keynote on a security conference on that exact topic two weeks ago.
But that doesn't mean any joker who thinks he's smart can just go and violate all policies, bypass all security measures and put the entire corporate network at risk.
somebody has physical access to the laptop for a minute or two. A backdoor is loaded on the laptop during the distraction.
I think you need to be a little more detailed at the "and then magic happens" step.
If I can compromise your notebook in two minutes, it was never properly secured. How do you intend to get your backdoor on there? Type it in? Oh, you assume I have an optical drive and USB ports that will accept any arbitrary device someone happens to plug in?
Again, the question goes back to what this employee is really doing.
No, it doesn't. It goes back to what the company is doing. If they are in any business where lives are on the line, or actual damages could occur - I'm not talking about a dent in profits - then what the employee wants to stroke his ego doesn't matter.
Not all mobile users handle sensitive data or are really targets for attacks.
If your notebook goes on a network I'm responsible for, then it is a potential target. Even if it contains no data worth anything, it can bring malware into the system, or a nice piece of malware could download sensitive data unto it once it has connected to the network.
Read up on Stuxnet and how it got across not only firewalls, but airwalls.
You can lock down a notebook well enough that it requires malicious intent and considerable technical skill to tamper with it.
The fact that there is no 100% security doesn't mean that there isn't 99% security.
IMO if the user is competent enough to install Linux or their own custom Windows image on there, I don't think you are any worse off than it was previously. Seeing how out of date some IT departments are with patching and service packs, the machine may end up being more secure.
Maybe. But that "more" of security could be in the wrong place, while the security that actually matters for the threat scenarios that the risk assessment has defined has been reduced.
All the information needed to access corporate services is in my possession anyway, so you're none the wiser. If you block Internet access at work, I will happily tether to my iPhone or bring my iPad.
Let me get this straight: You would connect to the corporate network using a private, unapproved machine? And you would then connect that machine directly to the Internet?
In several environments in which I've worked, as the IT Security/Compliance Officer I would recommend you for immediate termination.
Just because you think that you are entitled to your own rules doesn't make it so. If you don't like my rules, you are welcome to come into my office and discuss them with me. You better have good reasons, because I do.
You are not free to just break the rules and open up the corporate network to the world at large, bypassing all the security layers that are there for a reason.
Are there any other precautions I could or should take?
Yes. Check your employers rules on private use.
If they allow it - forget about private mode and encryption, if I control the hardware, you can't hide from me. Don't treat the company IT like an enemy, unless you want to be treated likewise in return. Storing your personal data on an USB stick is a good decision, however. Not for security reasons, but because it makes the seperation between work and private simpler.
If they don't allow it - get an iPad for the road.
The one thing IT departments, and especially the IT security guys, can't stand and will come down on like a ton of bricks if they ever get the chance are the "power users" - the people who know enough to screw things up and not enough to resist doing it.
If your machine is locked down tightly, there are reasons for it. They might be bullshit reasons, in which case there are appropriate ways to challenge them and get things changed. Playing Johnny Hacker isn't one of them.
Funny, but besides the point. The bikeshed problem doesn't surface in concrete, physical issues, it's an artifact of design, management, abstraction and complexity.
I am saying that you have not provided any evidence for your claim.
I fail to see what this simple statement of fact has to do with intelligence.
Also, you conveniently forgot about everything else I wrote by acting all upset and angry. So I will add this: The evidence you produced for the other claim of yours has also, on checking, failed to uphold the point you were trying to make with it. While the quote was real, read in context it does not mean what you alleged.
But you claimed that the interview would be easy to find. So please, entertain me. I will apologize if you can produce the actual interview, and if it makes the points you claim it makes, I may very well change my mind on the subject matter.
Until then, I'll call you a liar and a fraud.
Oh, and since you also dodged my request to take a guess at my agenda: Google for some of the writings of Hakim Bey. There's a guy ripping the established powers to shreds and pulling away the curtains without having to invent quotes and make up conspiracies.
Mod article down.
Oh, wait. Why can't we do modding for articles again? Oh yes, the /. frontpage would be very empty on some days.
There's so much flamebait in this, I don't even know where to start. Pathetic, really.
And your own technique is a very common one,
You are right. Debunking is a common technique.
my assertion and defense of the very groups and powerful, wealthy people advocating depopulation makes your own agenda questionable to an objective observer.
I'm really curious what you would guess my agenda is...
No, seriously. Let me know.
the first quote starts on the bottom of page 21,
Now that gives it the missing context. See, you put it into a context of depopulation, but the entire chapter is about population growth, and on p. 22 it puts the necessary depth into the debate by pointing out that the relationship is varied and in some countries the per-capita emissions are even falling.
If you read the entire report - or just a few chapters - it doesn't seem to support your claim that some mysterious global elite is planning to kill most of the world population in the slightest. It's a calm review of what we know about the relationship between various factors such as population, consumption, transporation, energy consumption, etc.
As for Ted Turner's quote, it (along with the entire context and his views) was first published in an interview given in 1996 to the magazine of the American conservation organisation The Audubon Society
The reference is all over the net. The Audubon Magazine website itself doesn't seem to know about it: http://www.audubonmagazine.org/search/node/ted%20turner
Quotes get made up all the time, and once enough people are quoting it, everyone thinks it's real. There are a nice number of examples for this effect, and too few journalists who actually check the sources. In fact, one of the pet /. topics has an example: The estimate for losses to movie "piracy" are such a thing. Someone once made up a number, and that number has been quoted and re-quoted ever since, with everyone referencing someone else who only got it somewhere else, until it has so many references that it seems real.
I'm serious, I've tried to find it. Now the funny thing is - I'm not alone. Search for "interview" in the comments here:
http://www.mediaite.com/online/ted-turner-bashes-tea-party-calling-them-mean-spirited/
Someone else is asking some other one else the same question I am - and gets no reply.
So, in the language of the IntarWeb: "Pics or it didn't happen".
And yes, the burden of proof lies with you. Extraordinary claims require extraordinary evidence. I am highly sceptical, but I can be convinced. I took a few months to make up my mind about 9/11, for example. I used to doubt that ECHOLON was real, but as more and more evidence has surfaced that I was wrong, I've come around.
But depopulation on a massive scale? And advocated by the very people who have the most to lose from any major socio-political change? That's a crackpot theory and those spreading it are frauds and liars. And I say that in these clear words because I'm not on TV like Pen & Teller and thus I can say what I believe.
One of the strongest evidences for conspiracy theories is the style of selective quoting you show: Many short quotes by many different people, all well picked to create a narrative.
It's exploiting a psychological quirk of human beings: That we are more easily convinced by consistent narratives than by complicated facts. There's a lot of very interesting, fairly recent (past few decades) research into this fascinating area.
But that doesn't make it one bit true. It's fraud, plain and simple. Exploiting psychological weakness to make a point that facts can not support is a fraudulent activity.
I'm not even saying your quotes are out-of-context or wholesale inventions, though I strongly suspect that at least some of them are. But that doesn't matter, because we know the facts and they don't match your nice story:
In fact, I believe everything you've written is made up. I've checked the Ted Turner "quote" as well, and it appears exclusively on crackpot websites like "endoftheamericandream.com" - the domain name says it all. I could not find one single respectible source for it.
Of course, that's all because the globale elite suppresses it through their control of the media. You need to pick up a good book on dissonance theory.
And sometimes, as in the case of phrenology and eugenics, people are harmed in the name of science.
When that name is taken in vain, yes.
Science provides the foundation and is often wrong for a time. But it takes someone with an agenda to put things into action. Eugenics, for a start, is not qualified as a science by most members of the scientific community - not then and not now. It is an applied science, kind of the political arm of genetics. But just like atomic physics creates atom bombs, but doesn't tell us if or where to use them, so the scientific understanding of genetics can be applied in various ways, with eugenics being one of them. That doesn't make eugenics a science any more than, say, cable TV is a science. Both have a scientific foundation without which they would not be possible, but questions of what to do with the possibilities are not purely scientific questions.
Various incarnations of this have been tried for at least 10 years.
All of them miss the point. That it's not more visuals that is lacking from online shopping, but other senses. Feeling the weight and texture, touching something, getting the full experience.
It's like increasing the resolution on sports TV because you think too many people still go to the event instead of watching it at home. That decision was hardly ever because the picture was so small.
While I agree with you on most points, I don't think the absolute stands.
Ancient codes aren't crypto by todays standards, but they were in their days, so we need to give them credit for that, or else we should stop calling AES et al crypto as well, because a thousand years from now, people with quantum computers (or whatever) will laugh at us the way we laugh about the Cesar cypher today.
Two, the NSA and its predecessors were formed out of necessity, because there was encryption being used by the enemy, the most famous being the Enigma machines of the germans during WW2, which had been used both commercially and in the military since the early 1920s. By that fact alone we know that business people had already seen a need for cryptography almost a hundred years ago.
The NSA is definitely top of the class today, but they weren't the first.
One of the basic rules of cryptography is that you need to understand fully what you're doing, because it's complicated and has side-effects.
In many cases, encrypting something multiple times does not increase the strength of the encryption, and may even reduce it. Sometimes, though, it does.
In the case of 3DES, avoiding the meet-in-the-middle attack is one of the reasons that it is set up the way it is (two encryptions with one decryption in the middle).
But it is a good example - a novice would think that two encryption and one decryption step make the equivalent of one encryption.
someone asked if, by publishing a spec on how to do encrypted secure comms on an Android, her division hadn't made the job of the SIGINT spooks impossibly more difficult. She somewhat artfully dodged/refused to answer, and simply said that her job was to protect the data and communications of the US Government. My take: draw your own conclusions about NSA's ability to break IPSEC.
Doesn't necessarily follow. The NSA has these two different and often conflicting missions. And I know that if I were in the second one (what she said), I would make damn sure that my own spooks can't break it. Because if they can, so can someone else.
Her dodge is probably due to this conflict, which I'm sure is constantly generating friction within the NSA.
No free pass on fundamental flaws in motivation and execution just because feathers get ruffled on a bureaucratic/system in disparate need of overhaul. We need change of a higher order....but I won't pass on change of an incremental nature in the right direction, I just won't call it holy and righteous.
That sums it up nicely.
Anonymous has picked its image well. The character V is deeply flawed and his motivations and methods doubtful. But in the end, he's doing the right thing. Love him or hate him, but he gets the job done.
And I think that is exactly what many people hope Anon will do. Their methods are juvenile, their motivation is more ego-driven than visionary, but they are drawing away some of the curtains, and getting attention to something that has been hidden for too long.
I remember a good Zen story about a peasant talking to a monk, asking for advise, because he lost his temper with a guy at the market and hit him over the head with his umbrella. And since Buddhism tells you to be peaceful, he now regrets it, but he says the guy was acting really terrible, and has been doing it all the time, and he just couldn't help it. And hitting him did make him stop. But still, he feels horrible.
The monk says: "You are rightly upset that you could not stay calm. It is important to not lose ones temper and stay in the moment, and hatred is a bad motivation. So next time, if he acts up again, remain calm and maintain your inner peace. And hit him over the head again, as apparently that is the language he understands."
Because this is a public discussion board, and other people - like you - come across the answers as well.
I maintain my point. You think of Anonymous as an organisation. It isn't. Sure, some of these strategies will work to some degree. But not to the same degree and not with the same result that they would in an actual organisation.
Example:
If you do that repeatedly the intelligence agencies will be annoyed but they'll assume every leak came from a different source and not assume they're a singular entity. They'll also have no way of knowing who or where it came from. They'll probably suspect leaks in their own organization. Telling people it's a hacking group tells the intelligence people that the flaw is in their computer system. Why tell them that if your objective is to steal information from them?
What tells you that the various Anonymous actions are done by the same people, or even by people who have the slightest connection? Anyone can hack a computer, release what he found, and put the Anonymous logo on it all.
What tells you that the hack was an IT security issue at all? Because someone said so? Could be misdirection. I know I in their place would make up a plausible and entirely false story.