The problem is not the lack of time spent on creativity, it is a lack of creativity from schooling. Most attackers find creative ways to get into systems because they taught themselves. they only have an objective and no process they have to follow. Many security professionals learned process of coding and of doing things and think they need to follow it. The professionals need to think like the attackers, in order to defend against them. It is like using a tiger team to test your network, they can fix your network the best cause they are thinking of ways to break into it first.
You hit the nail right on the head! It's like a war where one side is using traditional war tactics, and the other side are guerilla freedom fighters. The tendency of a large military organization is to see the war as a problem of engineering and management, whereas the guerilla freedom fighters are willing to do whatever it takes out think and thwart their enemy, and part of guerilla mindset is, "even though we're outmanned and outequipped, we can still win if we sit here and think of ways to beat our enemy."
Security is like war: you have to out-think and out-manuever your opponent, even if your rag-tag army of freedom fighters is out-equipped and out-manned. All security analysts should be required to run The Art of War.
Sure you can. Go check this self-test out. There are three smiles, one is fake, one is real, and one is a smile of contempt. Probably very few people with average or even mediocre social kills would get that wrong. I think we're wired to see the difference, even though we can't seem to define exactly what makes a smile "genuine."
THIS is why we need to go to the Moon and Mars and beyond... it is only through pushing through the boundaries to the unknown that we advance as a species.
A good way to explain it to the technophobes is this with the Turner Thesis, which stated that what made America exceptional was its frontier. And in a lot ways, Turner was right. Continental expansionism (the so-called Manifest Destiny) was the impetus for much technological innovation in North America, including the telegraph, the steam locomotive, etc.
Yes, I realize that we are talking microseconds. A 'minute or two' was intended to be a generic unit of time like 'a few jiffies', but didn't quite come off that way.
Maybe you can't match them in hardware, networks and server location, but I'm willing to bet someone can and that that someone is willing to pay a lot of information for those algorithms.
gulli.com is a known hacking/warez site. Back in the day they were one of the places you could reliably get programs like Serialz 2000. They also have rootkits and other malware available for download.
I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption.
Knowing the algorithms that Goldman Sachs uses to do realtime trades could possibly give you insider information you wouldn't have otherwise had. When doing realtime transactions, if you know the ORDER Goldman Sachs will use to do the transactions, for instance, you could buy certain stocks a minute or two before Goldman Sachs does...since the act of GS (or anyone) buying a stock will increase its trading price some, and you've just automatically made money and hurt GS at the same time.
This type of insider trading information will likely result in criminal prosecution by the SEC, however, so don't try this at home, kiddies.
Bah. India and China are soooo last year. Outsource it to the Czech Republic, Puerto Rico, or Brazil. I hear the Elbonians will work for pennies on the dollar.
My experience is that NAS is a _lot_ slower than local storage for many applications. If he's a developer, for instance, he really wants local storage, otherwise he's going to be suffering substantially slower compile times.
Agreed there, but he never said he was doing development and:
Video encoding and DVD authoring likewise is noticeably slowed by access over 100Mbit networks.
Actually, IME, no. Video encoding is mostly CPU intensive so unless you are using some sort of hardware video encoder, the primary bottleneck isn't disk, it's CPU.
NAS; this is an expensive solution that provides suboptimal performance. If he has only a single desktop machine there are no real advantages to the approach, either.
Actually, NAS is not as expensive as you might think. Several devices with 2 bays are available for under $100. And performance may not be important for his needs. Even if it is, the D-Link 323 NAS, for instance, supports RAID 1 and Gigabit Ethernet OOTB and is available in this price range. A GigE switch just ain't that expensive.
The article smacks of false dichotomy. There are a number of solutions, not just Windows 7 or a hardware RAID controller.
To begin with, every NT-lineage Windows version ever produced supports software RAID out of the box. Add that to the fact that any major Linux distro today supports software RAID. And so do the *BSDs. And Mac OS X. And Solaris. And probably a bunch of other platforms I can't think of right now.
Hell, you could buy one of these one of these and throw the drives in it, connect it to your network switch, and presto -- instant RAID+NAS.
I think we would all like to know why you think Windows 7 is your only option, because if that's what you think, you don't know how mistaken you are.
On the other hand, Apple has been releasing proprietary, non-upgradeable hardware, forcing their users to pay a premium for the hardware, then forcing an upgrade to the customer, causing them to buy all new hardware, for most of the company's history since the Mac was invented. Apple's Proprietary business deals have stagnated their platform several times, but their "creative marketing' has always managed to create enough fanboys to turn almost every Mac user into a smug elitist bastard who points the flaws out in everyone else's product except their own. Microsoft has also been making progress in that marketing strategy, but has yet to achieve Apple's market share in holier-than-thou egotistical bastards.
Meanwhile, we Linux/Ubuntu smug elitist bastards continue to point out flaws in everyone else's production, including our own, constantly taking the defeatist attitude that Linux is "not ready for the desktop" despite the fact that, at this point, it's easier to install than all competitors' products and easier to admin, maintain and upgrade than all competitors' products,
Yeah and open source usually doesn't ever do anything fully. Almost all open source projects (that I've used) are partially done. They do work, yes, but they don't work well, and nor do they look good.
Not true. Sure, there are a lot of small, obscure open source projects that either get abandoned, or lack developers, or whatever, but most of the major open source projects out there work and work well. Firefox, Gnome, OpenOffice.org, Ubuntu,
Those who know know what they are doing can figure it out, but new users have tons of issues.
That's true of every piece of software on the planet, including such vaunted products as Windows, Mac OS X, Microsoft Office, etc. Just take one look at any of the various support forums out there for these packages (official or unofficial) and that becomes very obvious, very quickly.
Open source isn't the final end-all-commercial business thing. It's just an alternative.
That's the only part of your post that isn't verbal diarrhea.
If there aren't a bunch of Microsoft fanboys and astroturfers on this site, how did you get modded informative?
Yep. That's why they re-named 'manic-depression' to 'bipolar disorder' in the first place. Bipolar disorder is more closely linked to schizophrenia than it is to depression.
Also, schizophrenia != multiple personality disorder. A schizophrenic may additionally have multiple personality disorder, but the terms are not synonymous. Schizophrenia is more closely classified as a disorder that causes a "break from reality."
Full disclaimer: my wife is a psychologist and psychotherapist.
The NSA does signal intelligence. This includes functions such as breaking codes through cryptoanalysis, etc. The CIA is in the 'old-fashioned' spy business. Neither are directly responsible for "stopping nut jobs from blowing up buildings" on home soil: that job, at the time, would have fallen to the FBI, the Federal Marshals, the ATF, and state and local law enforcement. Currently, the agency tasked with this job is the Department of Homeland Security.
Besides, we know from media accounts that the CIA and NSA both informed the White House and the FBI about Al Qaeda's plans, but they were roundly ignored.
A Catholic priest went into a barber shop for a haircut. When he was finished, the barber refused to take payment saying, "You are a man of the cloth... this is a free service that I offer to you." The Priest thanked the barber and went on his way. The next morning the barber found seven fishes and seven loaves of bread on his doorstep in gratitude from the priest.
The next week, a Jewish Rabbi went into the same shop for a cut. Again the barber refused payment saying, "You are a man of God... this is a free service that I offer to you." The next morning the barber found a fitting gift from the Rabbi.
The following week, two LDS Missionaries went into the shop for haircuts. Again, the barber refused payment saying, "You work in the service of God... this is a free service that I offer to you." The next morning the barber arrived to find 12 LDS Missionaries on his doorstep.
You might have a point.... except that Apache is far more popular than IIS and yet IIS is the one routinely attacked.
Citation needed?;)
Apache is far more popular: Netcraft confirms it! Attacks, on the other hand, are probably about equal, though, IME, security hardening Apache on *nix is far easier than security hardening IIS on Windows.
Tbere is theory and then there is reality. How likely are you to encounter that Linux malware? Properly admined, not likely. On Windows? The odds are near 100%, no matter how effective your system administration skills are.
Slashdot Mirror
The problem is not the lack of time spent on creativity, it is a lack of creativity from schooling. Most attackers find creative ways to get into systems because they taught themselves. they only have an objective and no process they have to follow. Many security professionals learned process of coding and of doing things and think they need to follow it. The professionals need to think like the attackers, in order to defend against them. It is like using a tiger team to test your network, they can fix your network the best cause they are thinking of ways to break into it first.
You hit the nail right on the head! It's like a war where one side is using traditional war tactics, and the other side are guerilla freedom fighters. The tendency of a large military organization is to see the war as a problem of engineering and management, whereas the guerilla freedom fighters are willing to do whatever it takes out think and thwart their enemy, and part of guerilla mindset is, "even though we're outmanned and outequipped, we can still win if we sit here and think of ways to beat our enemy."
Security is like war: you have to out-think and out-manuever your opponent, even if your rag-tag army of freedom fighters is out-equipped and out-manned. All security analysts should be required to run The Art of War.
Sure you can. Go check this self-test out. There are three smiles, one is fake, one is real, and one is a smile of contempt. Probably very few people with average or even mediocre social kills would get that wrong. I think we're wired to see the difference, even though we can't seem to define exactly what makes a smile "genuine."
Just because you're Paranoid doesn't mean they're not all out to get you.
THIS is why we need to go to the Moon and Mars and beyond... it is only through pushing through the boundaries to the unknown that we advance as a species.
A good way to explain it to the technophobes is this with the Turner Thesis, which stated that what made America exceptional was its frontier. And in a lot ways, Turner was right. Continental expansionism (the so-called Manifest Destiny) was the impetus for much technological innovation in North America, including the telegraph, the steam locomotive, etc.
Yes, I realize that we are talking microseconds. A 'minute or two' was intended to be a generic unit of time like 'a few jiffies', but didn't quite come off that way.
Maybe you can't match them in hardware, networks and server location, but I'm willing to bet someone can and that that someone is willing to pay a lot of information for those algorithms.
That's what matters.
gulli.com is a known hacking/warez site. Back in the day they were one of the places you could reliably get programs like Serialz 2000. They also have rootkits and other malware available for download.
I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption.
Knowing the algorithms that Goldman Sachs uses to do realtime trades could possibly give you insider information you wouldn't have otherwise had. When doing realtime transactions, if you know the ORDER Goldman Sachs will use to do the transactions, for instance, you could buy certain stocks a minute or two before Goldman Sachs does...since the act of GS (or anyone) buying a stock will increase its trading price some, and you've just automatically made money and hurt GS at the same time.
This type of insider trading information will likely result in criminal prosecution by the SEC, however, so don't try this at home, kiddies.
Bah. India and China are soooo last year. Outsource it to the Czech Republic, Puerto Rico, or Brazil. I hear the Elbonians will work for pennies on the dollar.
My experience is that NAS is a _lot_ slower than local storage for many applications. If he's a developer, for instance, he really wants local storage, otherwise he's going to be suffering substantially slower compile times.
Agreed there, but he never said he was doing development and:
Video encoding and DVD authoring likewise is noticeably slowed by access over 100Mbit networks.
Actually, IME, no. Video encoding is mostly CPU intensive so unless you are using some sort of hardware video encoder, the primary bottleneck isn't disk, it's CPU.
NAS; this is an expensive solution that provides suboptimal performance. If he has only a single desktop machine there are no real advantages to the approach, either.
Actually, NAS is not as expensive as you might think. Several devices with 2 bays are available for under $100. And performance may not be important for his needs. Even if it is, the D-Link 323 NAS, for instance, supports RAID 1 and Gigabit Ethernet OOTB and is available in this price range. A GigE switch just ain't that expensive.
The article smacks of false dichotomy. There are a number of solutions, not just Windows 7 or a hardware RAID controller.
To begin with, every NT-lineage Windows version ever produced supports software RAID out of the box. Add that to the fact that any major Linux distro today supports software RAID. And so do the *BSDs. And Mac OS X. And Solaris. And probably a bunch of other platforms I can't think of right now.
Hell, you could buy one of these one of these and throw the drives in it, connect it to your network switch, and presto -- instant RAID+NAS.
I think we would all like to know why you think Windows 7 is your only option, because if that's what you think, you don't know how mistaken you are.
On the other hand, Apple has been releasing proprietary, non-upgradeable hardware, forcing their users to pay a premium for the hardware, then forcing an upgrade to the customer, causing them to buy all new hardware, for most of the company's history since the Mac was invented. Apple's Proprietary business deals have stagnated their platform several times, but their "creative marketing' has always managed to create enough fanboys to turn almost every Mac user into a smug elitist bastard who points the flaws out in everyone else's product except their own. Microsoft has also been making progress in that marketing strategy, but has yet to achieve Apple's market share in holier-than-thou egotistical bastards.
Meanwhile, we Linux/Ubuntu smug elitist bastards continue to point out flaws in everyone else's production, including our own, constantly taking the defeatist attitude that Linux is "not ready for the desktop" despite the fact that, at this point, it's easier to install than all competitors' products and easier to admin, maintain and upgrade than all competitors' products,
Yeah and open source usually doesn't ever do anything fully. Almost all open source projects (that I've used) are partially done. They do work, yes, but they don't work well, and nor do they look good.
Not true. Sure, there are a lot of small, obscure open source projects that either get abandoned, or lack developers, or whatever, but most of the major open source projects out there work and work well. Firefox, Gnome, OpenOffice.org, Ubuntu,
Those who know know what they are doing can figure it out, but new users have tons of issues.
That's true of every piece of software on the planet, including such vaunted products as Windows, Mac OS X, Microsoft Office, etc. Just take one look at any of the various support forums out there for these packages (official or unofficial) and that becomes very obvious, very quickly.
Open source isn't the final end-all-commercial business thing. It's just an alternative.
That's the only part of your post that isn't verbal diarrhea.
If there aren't a bunch of Microsoft fanboys and astroturfers on this site, how did you get modded informative?
FTFA:
Hey! That's the combination to my luggage!
Yep. That's why they re-named 'manic-depression' to 'bipolar disorder' in the first place. Bipolar disorder is more closely linked to schizophrenia than it is to depression.
Also, schizophrenia != multiple personality disorder. A schizophrenic may additionally have multiple personality disorder, but the terms are not synonymous. Schizophrenia is more closely classified as a disorder that causes a "break from reality."
Full disclaimer: my wife is a psychologist and psychotherapist.
The NSA does signal intelligence. This includes functions such as breaking codes through cryptoanalysis, etc. The CIA is in the 'old-fashioned' spy business. Neither are directly responsible for "stopping nut jobs from blowing up buildings" on home soil: that job, at the time, would have fallen to the FBI, the Federal Marshals, the ATF, and state and local law enforcement. Currently, the agency tasked with this job is the Department of Homeland Security.
Besides, we know from media accounts that the CIA and NSA both informed the White House and the FBI about Al Qaeda's plans, but they were roundly ignored.
A Catholic priest went into a barber shop for a haircut. When he was finished, the barber refused to take payment saying, "You are a man of the cloth... this is a free service that I offer to you." The Priest thanked the barber and went on his way. The next morning the barber found seven fishes and seven loaves of bread on his doorstep in gratitude from the priest.
The next week, a Jewish Rabbi went into the same shop for a cut. Again the barber refused payment saying, "You are a man of God... this is a free service that I offer to you." The next morning the barber found a fitting gift from the Rabbi.
The following week, two LDS Missionaries went into the shop for haircuts. Again, the barber refused payment saying, "You work in the service of God... this is a free service that I offer to you." The next morning the barber arrived to find 12 LDS Missionaries on his doorstep.
Sadly, lynx fails Acid3 for some reason.
Firefox is the fastest fully open-source browser.
Use this link to avoid registration or see the same exact same story on CNET.
Bah! My root password is ""
Average Joe User behind a home router browsing regular sites w/o ActiveX and not opening executable attachments probably won't have a problem.
And no Flash. And UPNP turned off on his home router. And JavaScript turned off or Firefox with NoScript.
In fact, your scenario is increasingly looking like an edge case by the second.
Citation needed? ;)
Apache is far more popular: Netcraft confirms it! Attacks, on the other hand, are probably about equal, though, IME, security hardening Apache on *nix is far easier than security hardening IIS on Windows.
Tbere is theory and then there is reality. How likely are you to encounter that Linux malware? Properly admined, not likely. On Windows? The odds are near 100%, no matter how effective your system administration skills are.
Leave it to kdawson to post a story where the only link goes to digg....
I like his thinking anyway. :)
Anyway, the screenshots are visually stunning. The social networking aggregation tool looks like it might be Moblin's killer app...
No, they didn't. *sigh*
Tough crowd.