The documentation provided is pretty standard Intel Oversight reporting and really is nothing to wow over... Honestly everytime a possible "incident" happens where an agent, or military Intel analyst or someone in any other Intelligence related position happens to overstep EO 12333 or one of the other numerous Intel Oversight related docs out there (there are a lot) then it gets reported via an Intel Oversight officer to a board. The board investigates and takes action (administrative or criminal in some cases...) There are tons of these occurrences over a year period all over the place so this FBI report is not surprising what-so-ever... (Its not even that high considering FBI is an investigative power...) The process is there to investigate people abusing investigative powers (and not necessarily Patriot Act related powers since these IO Boards and incidents have been around long before Patriot took effect...) and the process is there to take action against those who would continually abuse the powers given to them. All this report shows me is that the process to keep agents/analysts in check is working?
"Well, since I live in CENTRAL FLORIDA, where we get hit with more hurricanes than New Orleans has welfare recipients, I could most certainly lend my expertise."
OMFG I so didn't want to laugh at that comment, but I had to. I think the problem here is that emotion and pride in one's city/state is just clouding what needs to be done, which is look back and figure out what went wrong and make damned sure it doesn't happen again elsewhere...
No offense but just because you live somewhere where natural disasters hit often does not make you an expert in developing and implementing disaster preparedness plans and recovery efforts. If it did then you would see a lot less people deciding to just weather the storm or doing stupid things like hanging out on the porch to see it... People are looking back on this disaster and commenting that planning for something like this was not done well. I know I have worked on DP/DR plans. Have you? Or do you simply declare yourself to be expert because you weathered storms in the past? Maybe this is all 20/20 hindsight, but it would be damned stupid to not look back and figure out exactly what went wrong in all this and attempt to ensure it does not happen again...
I know a certain recent Zombie network that was discovered which collectively had quite a few Pbs of storage... Of course I wouldn't recommend going down that road as it leads to you know... jail.
So basically you just made the argument that there was no good local or state disaster preparedness plan implemented? Nagin took betweek 12 to 24 hours to order mandatory evacuation because he was unsure if he was allowed to issue it as stated in his "official" disaster recovery plan. More than 350 buses of the New Orleans Regional Transportation Authority, eventually flooded where they were parked, were not mobilized to evacuate infirm, poor, and car-less residents? What about the train "the City of New Orleans." Why was there no evacuation by rail? Was Amtrak part of the disaster planning? If not, why not? City Hall's emergency command center had to be abandoned early in the crisis because its generator supposedly ran out of diesel fuel. Many critical-care patients died from heat or equipment failure after hospital backup generators failed. Why were supplies of diesel fuel so inadequate? Why were so many hospital generators located in basements that would obviously flood? With 48 hours large ships could have evacuated people up the Mississippi River out of more dangerous areas...
My statement is that the handling of this unfortunate disaster was poor from beginning to end and the finger should be pointed at both local, state and federal government on why it occurred. If you think your local and state govt. officials did everything in their power then that is your opinion, but I disagree. Using assets like public transportation isnt something you think of when an emergency happens, it is something you plan for before it happens (i.e. disaster preparedness and recovery). Drivers, destinations, a plan to get transportation back... is what is covered in a DP and DR plan. Understandibly good DP/DR plans take a long time to write because there is so much information and input that needs to be reviewed (especially at the city level), but isn't an excuse not to have one (and New Orleans did have one).
My comment says that Just Do It advice is not always good to follow, not This Guy Made a Bad Decision... In most cases especially within an enterprise network a change to the core architecture should go through an implementation process which includes testing, CM, security involvement, legal and etc... to ensure that you are not losing functionality, it will work down the road, security issues are addressed and etc... Yes it worked for this gentleman, but I would venture to say in most cases you need to do a lot of upfront research, coordination and other work before implementing a core change. I'm not saying Open Source is the wrong way to go at all, but he made the generic statement about just Gittin R' Done and I was adding to what should be considered before moving ahead with a project... You may call it a "boxed beaurocracy", but there is a reason why defined processes and procedures exist. They don't stifle ingenuity, they just ensure that new ideas don't break current architectures...
Seriously the Just Do It type attitude will more often than not lead to an IT disaster and subsequent loss of job scenario. Adding or changing architectures needs to be managed and approved. It just isn't smart not to go through the entire development lifecycle and not to get senior leadership involved right off the bat. You may think that implementing this new, cool architecture will be great for the company, but you might not know you are breaking something in the process. What about legal issues? You might think oh I will just install X copies of freeware Y and then it turns out that the software isn't free to corporate users... Stick with a lifecycle set of processes, good change management and make corporate leadership get involved so they semi-understand the possible pro's and con's of what will be done... Otherwise be prepared to get slammed if something goes wrong and you didnt do due diligence up front...
I'm no fan of the current administration, but state and local government officials did not do everything possible to evacuate. Public transportation should have been immediately used as a means of getting people out. There was also shipping lanes and carge barges that could have been used to float people out. Katrina was a massive screwup on all levels of government for disaster preparedness and response.
Wow so they are taking down the person who took part in the copyright infringement and not the software used... Oh wait its still early in the day, I'm sure BitTorrent will be blamed once again for its ability to be used for evil purposes...
Is that developers are looking to make a profit because that is what it comes down to when you do cost vs. benefit analysis... Its like when factories were required to put giant filters in place to help cut down on pollution and if they didnt they were find $1000 dollars... Well if it costs a million dollars to implement the pollution solution (yes that rhymes) then cost vs. benefit for a profit margin was simple for them (although the environment suffered...) Should there be penalties for bad security practices when developing code... IMO yes, but even with those penalties it still might not make a difference depending on what those penalties are...
Cisco devices lend towards reboot when attacked with a buffer overflow so why not create a Slammer like worm with a quick infection vector and then at X time infected PCs send out a reboot sequence across the WAN, which in theory would cause Cisco devices to go into a reboot. If enough devices rebooted at the same time how badly would that affect the Internet? Not sure if this is plausible but if Cisco devices are vulnerable to traffic passing through them in this manner it would seem like an attack like that would work?
How many times do we see this same type of story in the news... Passwords are a weak link in the security chain and guidelines on how to create and manage passwords have been around forever. In this day and age it is a simple thing to use two-factor authentication through RSA tokens and such and it should be IMO a requirement placed upon systems that protect personal information. There is no excuse other than negligence for this kind of situation. I have seen so many cases where passwords initially given are so simple to guess (lastname,first initial or even password) and it plain pisses me off. Then on top of that they don't automate the system to check for weak passwords so people wind up changing their initial password to something just as easy to guess. One audit I did of about 200 users had a dozen or so using "password" another 20 or so using their name and another 50+ using passwords that were easily guessable... Its piss poor and there is no excuse.
Honest question that I fail to grasp... A library purchases a book and then that book is made publicly available for all to read. If Google were to purchase the initial copy then scan it how are they different from a library other than the factor that is it will be easier to search for and access books from anywhere? I understand the issue of individuals copying the books and keeping them and I am sure Google can put a mechanism in place to deter copying of the material. Libraries generally will disallow copying of entire books on their copiers but that doesn't stop someone from checking out the book and either scanning it or copying it elsewhere... but they have done their part to CYA themselves. As long as Google offers this service like a library would then why is it an issue?
Yes the US invented the Internet, but then again Switzerland invented the World Wide Web which allowed for organization of the information contained on the Internet... My point is that there have been so many contributors to how the Internet functions that it isn't really a single entity that should declare ownership of it as it functions today.
Against the motion picture industry when the aliens attack since they released movies like Mars Attacks and Alien which are obviously trainers for how aliens should kill people and take over the earth...
Oh sweet irony prevail and let this man get run over by a delivery truck from EB Games full of violent video games...
To my knowledge they are not tracking the sales of printers just adding in identifiers to pages printed from the machines...
The world has changed quite a bit since the 60's and if you really want to get upset over loss of freedoms like having to fill out legal docs when buying a car then you might as well just off yourself now. Certain "freedoms" seem pretty inconsequential to me and I really don't mind "losing" them. There isn't going to be a Utopian society anytime soon so these kind of initiatives are needed to deter people from breaking the law. If we didn't have these kind of countermeasures then I would venture to say you would be screaming when someone steals your identity, car, wallet, credit cards, etc... and there is no good way for the police to track them down and catch/stop them because of all the freedoms we so need... Freedom isn't free and there has to be certain things in place that may seem like they take away from freedom, but really wind up protecting it in the long run.
I think that the argument of not creating something because it could be abused by someone just doesn't work. Cops abuse their power, but we still need cops. Cops have the lawful right to carry weapons and they abuse that right, but they still need to carry them. Email monitoring in workplaces get abused, but we still need it to stop espionage, workplace violence, blackmail and so on.... I don't think stopping the creation of these technologies is what should be focused on in order to protect the people from the 1% who will abuse them. What is needed is a strong penalty and enforcement for any abuse of the technology. Would you at least agree to that as being a more viable solution than just not creating new ways to catch criminals?
Oh and btw that was an intelligent argument to a post that could have easily generated flames so I applaud that!
One of the things I like about this website is the simplicity in viewing it and I really wouldn't want to see much changed. The only thing I would say to change is to kill some of the white space between posted articles and user comments, but that is really a minute nitpick... Slashdot has enough of a following that changing the site won't hurt numbers of visitors IMO but hopefully if they decide to go with a new spread it won't wind up being visually unappealing...
So they broke the code that allows the govt. to match up a document with a printer. Lets say a counterfeiter or a stalker/rapist or a kidnapper prints out some fake money or a ransom note or etc... Then they become a suspect and the feds can now say Hey this guy has a printer in his house or in a library nearby lets see if the code on the paper matches with what the person has in their home or nearby their home and possibly get more usable evidence or less evidence if nothing is found... Sometimes we worry about the "coulds" way too much in this country. Oh my god they "could" track everything we do with this technology, or red light cameras could be used to keep track of people or could this and could that. Not everything is an invasion of privacy and/or invasive in general. There are not always hidden agendas. All we have done here is help to disable something that would be useful in not only catching, but sometimes admonishing criminals as well...
So is MySpace.com going to bring criminal charges against this individual for creating and propagating malcode? Outright it may have done no damage, but they may be able to claim damages caused from shutdown and cleanup...
I laugh because I still play Red Alert 2 and the graphics in that game stink, but it is a fun game so I still engage in it. For me it seems that the games I have really liked haven't been graphically intense (for the most part). Of course an exception to that was EQ, but that was more addicting because of the interaction with other players more than the graphics for me.
In my opinion one of the biggest steps we need in general is to have both better educational material (make the subjects not only interesting but fun to learn) and better educators. Looking back at my high school teachers I am sorely disappointed in how poorly their teaching skills were... That disappointment has been further strengthened by some of my friends who are teachers now (Yes they are friends but when I talk to them I am truly amazed that they are allowed to teach...) We need to seriously revamp our educational structure in the US and get people interested early on. Pushing a book in a child's face and telling them to read it is not teaching in my opinion, but it seems that is what happens in a lot of schools today. Interaction, discussion, experiments and etc... are key.
I 100% agree with your statement. While visually the game may be amazing it still won't be worth playing if the gameplay itself is poor. How many video games have we seem come out that have taken extraordinary efforts to make them look graphically superb, but then you play it and it is just boring.
Visual stimulation is nice, but if the game itself is crap I'm not gonna buy it... Thats why I loved Fable. It was a great concept (character grows as you play it and the world around you is effected by your actions) and it was visually pleasing, but I believe they made the game with gameplay weighing heavier than graphics... Additionally you need to consider the market you are trying to sell to as well. If you make a game that has unbelievably great visuals, but requires a high end video card and massive amount of PC power then you wind up not being able to sell the game to a large part of your targeted audience who don't have the PC to play it...
I'm not the biggest proponent of MS, but why should they learn from the success of Linux? They are a corporation and thusly are in the business of making money, and that business has been extremely good. Lets face it they make OS's and Apps for the masses. By including more security software in their portfolio they stand to make a nice profit and that is what drives the business.
Slashdot Mirror
The documentation provided is pretty standard Intel Oversight reporting and really is nothing to wow over... Honestly everytime a possible "incident" happens where an agent, or military Intel analyst or someone in any other Intelligence related position happens to overstep EO 12333 or one of the other numerous Intel Oversight related docs out there (there are a lot) then it gets reported via an Intel Oversight officer to a board. The board investigates and takes action (administrative or criminal in some cases...) There are tons of these occurrences over a year period all over the place so this FBI report is not surprising what-so-ever... (Its not even that high considering FBI is an investigative power...) The process is there to investigate people abusing investigative powers (and not necessarily Patriot Act related powers since these IO Boards and incidents have been around long before Patriot took effect...) and the process is there to take action against those who would continually abuse the powers given to them. All this report shows me is that the process to keep agents/analysts in check is working?
No offense but just because you live somewhere where natural disasters hit often does not make you an expert in developing and implementing disaster preparedness plans and recovery efforts. If it did then you would see a lot less people deciding to just weather the storm or doing stupid things like hanging out on the porch to see it... People are looking back on this disaster and commenting that planning for something like this was not done well. I know I have worked on DP/DR plans. Have you? Or do you simply declare yourself to be expert because you weathered storms in the past? Maybe this is all 20/20 hindsight, but it would be damned stupid to not look back and figure out exactly what went wrong in all this and attempt to ensure it does not happen again...
I know a certain recent Zombie network that was discovered which collectively had quite a few Pbs of storage... Of course I wouldn't recommend going down that road as it leads to you know ... jail.
So basically you just made the argument that there was no good local or state disaster preparedness plan implemented? Nagin took betweek 12 to 24 hours to order mandatory evacuation because he was unsure if he was allowed to issue it as stated in his "official" disaster recovery plan. More than 350 buses of the New Orleans Regional Transportation Authority, eventually flooded where they were parked, were not mobilized to evacuate infirm, poor, and car-less residents? What about the train "the City of New Orleans." Why was there no evacuation by rail? Was Amtrak part of the disaster planning? If not, why not? City Hall's emergency command center had to be abandoned early in the crisis because its generator supposedly ran out of diesel fuel. Many critical-care patients died from heat or equipment failure after hospital backup generators failed. Why were supplies of diesel fuel so inadequate? Why were so many hospital generators located in basements that would obviously flood? With 48 hours large ships could have evacuated people up the Mississippi River out of more dangerous areas...
My statement is that the handling of this unfortunate disaster was poor from beginning to end and the finger should be pointed at both local, state and federal government on why it occurred. If you think your local and state govt. officials did everything in their power then that is your opinion, but I disagree. Using assets like public transportation isnt something you think of when an emergency happens, it is something you plan for before it happens (i.e. disaster preparedness and recovery). Drivers, destinations, a plan to get transportation back... is what is covered in a DP and DR plan. Understandibly good DP/DR plans take a long time to write because there is so much information and input that needs to be reviewed (especially at the city level), but isn't an excuse not to have one (and New Orleans did have one).
My comment says that Just Do It advice is not always good to follow, not This Guy Made a Bad Decision... In most cases especially within an enterprise network a change to the core architecture should go through an implementation process which includes testing, CM, security involvement, legal and etc... to ensure that you are not losing functionality, it will work down the road, security issues are addressed and etc... Yes it worked for this gentleman, but I would venture to say in most cases you need to do a lot of upfront research, coordination and other work before implementing a core change. I'm not saying Open Source is the wrong way to go at all, but he made the generic statement about just Gittin R' Done and I was adding to what should be considered before moving ahead with a project... You may call it a "boxed beaurocracy", but there is a reason why defined processes and procedures exist. They don't stifle ingenuity, they just ensure that new ideas don't break current architectures...
Seriously the Just Do It type attitude will more often than not lead to an IT disaster and subsequent loss of job scenario. Adding or changing architectures needs to be managed and approved. It just isn't smart not to go through the entire development lifecycle and not to get senior leadership involved right off the bat. You may think that implementing this new, cool architecture will be great for the company, but you might not know you are breaking something in the process. What about legal issues? You might think oh I will just install X copies of freeware Y and then it turns out that the software isn't free to corporate users... Stick with a lifecycle set of processes, good change management and make corporate leadership get involved so they semi-understand the possible pro's and con's of what will be done... Otherwise be prepared to get slammed if something goes wrong and you didnt do due diligence up front...
I'm no fan of the current administration, but state and local government officials did not do everything possible to evacuate. Public transportation should have been immediately used as a means of getting people out. There was also shipping lanes and carge barges that could have been used to float people out. Katrina was a massive screwup on all levels of government for disaster preparedness and response.
Wow so they are taking down the person who took part in the copyright infringement and not the software used... Oh wait its still early in the day, I'm sure BitTorrent will be blamed once again for its ability to be used for evil purposes...
Is that developers are looking to make a profit because that is what it comes down to when you do cost vs. benefit analysis... Its like when factories were required to put giant filters in place to help cut down on pollution and if they didnt they were find $1000 dollars... Well if it costs a million dollars to implement the pollution solution (yes that rhymes) then cost vs. benefit for a profit margin was simple for them (although the environment suffered...) Should there be penalties for bad security practices when developing code... IMO yes, but even with those penalties it still might not make a difference depending on what those penalties are...
Cisco devices lend towards reboot when attacked with a buffer overflow so why not create a Slammer like worm with a quick infection vector and then at X time infected PCs send out a reboot sequence across the WAN, which in theory would cause Cisco devices to go into a reboot. If enough devices rebooted at the same time how badly would that affect the Internet? Not sure if this is plausible but if Cisco devices are vulnerable to traffic passing through them in this manner it would seem like an attack like that would work?
How many times do we see this same type of story in the news... Passwords are a weak link in the security chain and guidelines on how to create and manage passwords have been around forever. In this day and age it is a simple thing to use two-factor authentication through RSA tokens and such and it should be IMO a requirement placed upon systems that protect personal information. There is no excuse other than negligence for this kind of situation. I have seen so many cases where passwords initially given are so simple to guess (lastname,first initial or even password) and it plain pisses me off. Then on top of that they don't automate the system to check for weak passwords so people wind up changing their initial password to something just as easy to guess. One audit I did of about 200 users had a dozen or so using "password" another 20 or so using their name and another 50+ using passwords that were easily guessable... Its piss poor and there is no excuse.
Honest question that I fail to grasp... A library purchases a book and then that book is made publicly available for all to read. If Google were to purchase the initial copy then scan it how are they different from a library other than the factor that is it will be easier to search for and access books from anywhere? I understand the issue of individuals copying the books and keeping them and I am sure Google can put a mechanism in place to deter copying of the material. Libraries generally will disallow copying of entire books on their copiers but that doesn't stop someone from checking out the book and either scanning it or copying it elsewhere... but they have done their part to CYA themselves. As long as Google offers this service like a library would then why is it an issue?
Yes the US invented the Internet, but then again Switzerland invented the World Wide Web which allowed for organization of the information contained on the Internet... My point is that there have been so many contributors to how the Internet functions that it isn't really a single entity that should declare ownership of it as it functions today.
Against the motion picture industry when the aliens attack since they released movies like Mars Attacks and Alien which are obviously trainers for how aliens should kill people and take over the earth...
Oh sweet irony prevail and let this man get run over by a delivery truck from EB Games full of violent video games...
To my knowledge they are not tracking the sales of printers just adding in identifiers to pages printed from the machines...
The world has changed quite a bit since the 60's and if you really want to get upset over loss of freedoms like having to fill out legal docs when buying a car then you might as well just off yourself now. Certain "freedoms" seem pretty inconsequential to me and I really don't mind "losing" them. There isn't going to be a Utopian society anytime soon so these kind of initiatives are needed to deter people from breaking the law. If we didn't have these kind of countermeasures then I would venture to say you would be screaming when someone steals your identity, car, wallet, credit cards, etc... and there is no good way for the police to track them down and catch/stop them because of all the freedoms we so need... Freedom isn't free and there has to be certain things in place that may seem like they take away from freedom, but really wind up protecting it in the long run.
I think that the argument of not creating something because it could be abused by someone just doesn't work. Cops abuse their power, but we still need cops. Cops have the lawful right to carry weapons and they abuse that right, but they still need to carry them. Email monitoring in workplaces get abused, but we still need it to stop espionage, workplace violence, blackmail and so on .... I don't think stopping the creation of these technologies is what should be focused on in order to protect the people from the 1% who will abuse them. What is needed is a strong penalty and enforcement for any abuse of the technology. Would you at least agree to that as being a more viable solution than just not creating new ways to catch criminals?
Oh and btw that was an intelligent argument to a post that could have easily generated flames so I applaud that!
One of the things I like about this website is the simplicity in viewing it and I really wouldn't want to see much changed. The only thing I would say to change is to kill some of the white space between posted articles and user comments, but that is really a minute nitpick... Slashdot has enough of a following that changing the site won't hurt numbers of visitors IMO but hopefully if they decide to go with a new spread it won't wind up being visually unappealing...
So they broke the code that allows the govt. to match up a document with a printer. Lets say a counterfeiter or a stalker/rapist or a kidnapper prints out some fake money or a ransom note or etc... Then they become a suspect and the feds can now say Hey this guy has a printer in his house or in a library nearby lets see if the code on the paper matches with what the person has in their home or nearby their home and possibly get more usable evidence or less evidence if nothing is found... Sometimes we worry about the "coulds" way too much in this country. Oh my god they "could" track everything we do with this technology, or red light cameras could be used to keep track of people or could this and could that. Not everything is an invasion of privacy and/or invasive in general. There are not always hidden agendas. All we have done here is help to disable something that would be useful in not only catching, but sometimes admonishing criminals as well...
So is MySpace.com going to bring criminal charges against this individual for creating and propagating malcode? Outright it may have done no damage, but they may be able to claim damages caused from shutdown and cleanup...
All I have to say is All You Photo Realism Are Belong To Us!
I laugh because I still play Red Alert 2 and the graphics in that game stink, but it is a fun game so I still engage in it. For me it seems that the games I have really liked haven't been graphically intense (for the most part). Of course an exception to that was EQ, but that was more addicting because of the interaction with other players more than the graphics for me.
In my opinion one of the biggest steps we need in general is to have both better educational material (make the subjects not only interesting but fun to learn) and better educators. Looking back at my high school teachers I am sorely disappointed in how poorly their teaching skills were... That disappointment has been further strengthened by some of my friends who are teachers now (Yes they are friends but when I talk to them I am truly amazed that they are allowed to teach...) We need to seriously revamp our educational structure in the US and get people interested early on. Pushing a book in a child's face and telling them to read it is not teaching in my opinion, but it seems that is what happens in a lot of schools today. Interaction, discussion, experiments and etc... are key.
I 100% agree with your statement. While visually the game may be amazing it still won't be worth playing if the gameplay itself is poor. How many video games have we seem come out that have taken extraordinary efforts to make them look graphically superb, but then you play it and it is just boring.
Visual stimulation is nice, but if the game itself is crap I'm not gonna buy it... Thats why I loved Fable. It was a great concept (character grows as you play it and the world around you is effected by your actions) and it was visually pleasing, but I believe they made the game with gameplay weighing heavier than graphics... Additionally you need to consider the market you are trying to sell to as well. If you make a game that has unbelievably great visuals, but requires a high end video card and massive amount of PC power then you wind up not being able to sell the game to a large part of your targeted audience who don't have the PC to play it...
I'm not the biggest proponent of MS, but why should they learn from the success of Linux? They are a corporation and thusly are in the business of making money, and that business has been extremely good. Lets face it they make OS's and Apps for the masses. By including more security software in their portfolio they stand to make a nice profit and that is what drives the business.