yeah I know. I was going to prefix my comment with "replying in business-speak that your manager will understand".
You shouldn't even need to do this to know what's right, but the thing is, no company ever just does what's right; they -need- to have this type of wank.
This is a really hard problem, especially given that I don't know what how sensitive the sensitive information might have been, but the bottom line for me (as a client, MD or security guy) would be; disclose.
I come to this conclusion from an evaluation of worst-case scenarios;
possible results: harmful use of customer data, harms client disclosure, harms company reputation
I am assuming that the harmed client would not know that company at fault. we shall call this 'harm1' If the nature of the data means that a harmed client would know that it was this company's fault, this harms both client and reputation; 'harm2'
1) No disclosure + No harmful use = client OK, reputation OK 2) No disclosure + Harm1 = client harmed and reputation OK 3) No disclosure + Harm2 = client harmed and reputation harmed 4) Disclosure + No harmful use = client OK, reputation harmed? *1 5) Disclosure + Harm1 = client harmed, reputation harmed? *2 6) Disclosure + Harm2 = client harmed, reputation harmed *3
From this simplistic analysis we can see that a No Disclosure policy seems best, however:
*1; reputation not necessarily harmed; I would see disclosure before-the-fact as a sign of a very responsible company, and if nothing comes of the data breach, the client will remember the disclosure in a positive light.
*2; reputation only harmed if you own up; harm1 allows plausible deniability (unadvisable).
*3; The client will be pissed off certainly, but "at least they told us"; less damage to reputation than in case (3).
and given this, the new breakdown looks more like this: 1) No disclosure + No harmful use = client OK, reputation OK 2) No disclosure + Harm1 = client harmed and reputation OK 3) No disclosure + Harm2 = client harmed and reputation harmed 4) Disclosure + No harmful use = client OK, reputation better/OK 5a) Disclosure + Harm1 + own up = client harmed, reputation harmed 5b) Disclosure + Harm1 + not own up = client harmed, reputation OK 6) Disclosure + Harm2 = client harmed, reputation harmed less than (3)
Given this; I would disclose, either way, I hope the preceding helps.
"It's a wiki. If you find a problem with it, you fix it." no, it's a wiki. If you find a problem with it, you add a template telling everyone that someone else should fix it.
I've had to deal with spam attacks on both my personal site and a forum I use. In both cases, we tried to ban IP addresses, then tried invisible methods of stopping spam (eg hidden required fields populated by javascript), and nothing worked. In the end in both cases, we've just had to use a CAPTCHA system. Spammers tend to use multiple IP addresses (and I do mean in the hundreds, a lot of them proxies or botnet-controlled boxes) so banning simply doesn't work. I've tried doing things like only requiring a CAPTCHA if the comment includes "http" or similar techniques. It doesn't work, I've had spam that simply consists of "Hi, great site" posted 30 times. I don't know why, but spammers don't seem to care whether their spam even has the potential to turn into revenue for them or not.. CAPTCHA is the only viable method, IMHO. For those worried about accessibility; offer a non-CAPTCHA'ed form and manually review it; most users will be able to post perfectly well and for the few that can't enter the CAPTCHA, they can still post to the site, but with a delay as you check it for spam.
(offtopic) in actual fact though, the BBC do advertise, but only for their own services and products. I direct your attention to the 'radio times' adverts, 'gardeners world' adverts, adverts for new shows coming soon etc etc. I'd rather have adverts and not pay the license; the time between programs would stay about the same.
We created the kernel, it's something that can be entirely understood by humans. We did not create life, it's something that cannot be entirely understood by humans.
For every question abut kernel issues, someone knows the answer. The same is not true of biological scenarios. In this way, biological viruses are more mysterious, and that mystery opens the margin of error wider than some believe acceptable.
the article has no real content; anyone have any more info on this? it seems like it's pure speculation with reference to an unverifiable source.. hang on.. yeah, that's CIA involvement all right.
i have no idea what's wrong with streamripper.. The funny thing is that I use it from my USB stick, in conjunction with a few batch files set up to record from a few of my favorite stations.. If i'm on the move, I'll burn my previously recorded mp3s to my mp3 player, and if I have to listen to 5 more minutes of FM radio I think my ears may just strangle me.. why on earth would I need this device?
this'll slow things down significantly, if they're only doing web browsing(etc) then this is a great idea*, but if they're processing images or doing other processor intensive tasks then IMHO this approach is unfeasable.
* except that for that session, it would allow naughty things to happen, so the VM environment would have to have security of it's own.
(can't really think how to phrase this so the following is a little garbled. sorry)
So there's people who don't eat meat, people who don't eat dairy products, and people who only eat organic. Vegetarians are generally a lot stricter than organic-eaters, mainly because their choice is based on a moral judgement about things other than themselves, whereas people who eat organic food tend to have their main motivation as "I don't want to eat crap". But with 'advances' such as this, I think there should be a new and widely recognised classification of dietary requirement that prevents the use of these types of technology, not in a 'personal preference' way such as that of those who eat organic food, but in a much more fundamental way, such as that of vegetarians.
because selling music etc is fine and legal, downloading it from other people is illegal. If people present the only alternative to DRM as piracy, then business will choose DRM every time, but if there's a viable business alternative then hopefully we will start seeing non-DRM'ed (paid) filesharing popping up.
Slashdot Mirror
"$100,000 worth of credits" :-D
um, I think you mean New Lira - this isn't star trek.
yeah I know. I was going to prefix my comment with "replying in business-speak that your manager will understand".
You shouldn't even need to do this to know what's right, but the thing is, no company ever just does what's right; they -need- to have this type of wank.
yeah but you can wipe the virtual image and revert to a known clean one at the end of each day. like re-installing all the boxen every night.
This is a really hard problem, especially given that I don't know what how sensitive the sensitive information might have been, but the bottom line for me (as a client, MD or security guy) would be; disclose.
I come to this conclusion from an evaluation of worst-case scenarios;
possible results:
harmful use of customer data, harms client
disclosure, harms company reputation
I am assuming that the harmed client would not know that company at fault. we shall call this 'harm1'
If the nature of the data means that a harmed client would know that it was this company's fault, this harms both client and reputation; 'harm2'
1) No disclosure + No harmful use = client OK, reputation OK
2) No disclosure + Harm1 = client harmed and reputation OK
3) No disclosure + Harm2 = client harmed and reputation harmed
4) Disclosure + No harmful use = client OK, reputation harmed? *1
5) Disclosure + Harm1 = client harmed, reputation harmed? *2
6) Disclosure + Harm2 = client harmed, reputation harmed *3
From this simplistic analysis we can see that a No Disclosure policy seems best, however:
*1; reputation not necessarily harmed; I would see disclosure before-the-fact as a sign of a very responsible company, and if nothing comes of the data breach, the client will remember the disclosure in a positive light.
*2; reputation only harmed if you own up; harm1 allows plausible deniability (unadvisable).
*3; The client will be pissed off certainly, but "at least they told us"; less damage to reputation than in case (3).
and given this, the new breakdown looks more like this:
1) No disclosure + No harmful use = client OK, reputation OK
2) No disclosure + Harm1 = client harmed and reputation OK
3) No disclosure + Harm2 = client harmed and reputation harmed
4) Disclosure + No harmful use = client OK, reputation better/OK
5a) Disclosure + Harm1 + own up = client harmed, reputation harmed
5b) Disclosure + Harm1 + not own up = client harmed, reputation OK
6) Disclosure + Harm2 = client harmed, reputation harmed less than (3)
Given this; I would disclose, either way, I hope the preceding helps.
I'm glad it was interpreted as 'funny' not 'troll'.
you may be interested in my wiki ideas at [[User:user24]]
"It's a wiki. If you find a problem with it, you fix it."
no, it's a wiki. If you find a problem with it, you add a template telling everyone that someone else should fix it.
"You can't make this stuff up:
A retired veteran and candidate for Oklahoma State School Superintendent says he wants to make schools safer by creating bulletproof textbooks.
Bill Crozier says the books could give students and teachers a fighting chance if there's a shooting at their school."
why wasn't -that- slashdotted??
On the forum, we set the CAPTCHA up so that once entered, you wouldn't have to re-enter it for 24 hours. This way it annoys users less.
I've had to deal with spam attacks on both my personal site and a forum I use. In both cases, we tried to ban IP addresses, then tried invisible methods of stopping spam (eg hidden required fields populated by javascript), and nothing worked.
In the end in both cases, we've just had to use a CAPTCHA system. Spammers tend to use multiple IP addresses (and I do mean in the hundreds, a lot of them proxies or botnet-controlled boxes) so banning simply doesn't work.
I've tried doing things like only requiring a CAPTCHA if the comment includes "http" or similar techniques. It doesn't work, I've had spam that simply consists of "Hi, great site" posted 30 times.
I don't know why, but spammers don't seem to care whether their spam even has the potential to turn into revenue for them or not..
CAPTCHA is the only viable method, IMHO.
For those worried about accessibility; offer a non-CAPTCHA'ed form and manually review it; most users will be able to post perfectly well and for the few that can't enter the CAPTCHA, they can still post to the site, but with a delay as you check it for spam.
(offtopic)
in actual fact though, the BBC do advertise, but only for their own services and products. I direct your attention to the 'radio times' adverts, 'gardeners world' adverts, adverts for new shows coming soon etc etc. I'd rather have adverts and not pay the license; the time between programs would stay about the same.
We created the kernel, it's something that can be entirely understood by humans.
We did not create life, it's something that cannot be entirely understood by humans.
For every question abut kernel issues, someone knows the answer. The same is not true of biological scenarios. In this way, biological viruses are more mysterious, and that mystery opens the margin of error wider than some believe acceptable.
you do know there is no paid advertising on the BBC, right?
"I'm frightened by the hordes that wish to stop all research because of mythical scenarios that don't even make sense."
I think it's the "what if you're wrong" question that worries people.
Sure, if your calculations are correct then yes, there is no risk, but if not.....
the article has no real content; anyone have any more info on this? it seems like it's pure speculation with reference to an unverifiable source.. hang on.. yeah, that's CIA involvement all right.
I saw this on securityfocus.com* and TBH I just thought "tell me something I don't know" - seriously, who is suprised by this?
*http://www.securityfocus.com/news/11420
i have no idea what's wrong with streamripper.. The funny thing is that I use it from my USB stick, in conjunction with a few batch files set up to record from a few of my favorite stations..
If i'm on the move, I'll burn my previously recorded mp3s to my mp3 player, and if I have to listen to 5 more minutes of FM radio I think my ears may just strangle me.. why on earth would I need this device?
Spend a week reverting vandalism on recent changes and you'll see why.
I almost certainly am, yes.
so whats's this virtualisation stuff all about then?
this'll slow things down significantly, if they're only doing web browsing(etc) then this is a great idea*, but if they're processing images or doing other processor intensive tasks then IMHO this approach is unfeasable.
* except that for that session, it would allow naughty things to happen, so the VM environment would have to have security of it's own.
Really? I thought my obviously over-generalised statement was true of every single case imaginable. thanks for letting me know, captain obvious.
(can't really think how to phrase this so the following is a little garbled. sorry)
So there's people who don't eat meat, people who don't eat dairy products, and people who only eat organic.
Vegetarians are generally a lot stricter than organic-eaters, mainly because their choice is based on a moral judgement about things other than themselves, whereas people who eat organic food tend to have their main motivation as "I don't want to eat crap". But with 'advances' such as this, I think there should be a new and widely recognised classification of dietary requirement that prevents the use of these types of technology, not in a 'personal preference' way such as that of those who eat organic food, but in a much more fundamental way, such as that of vegetarians.
are "thousands of billions of atoms" visible to the naked eye? pea-sized? dust-sized? electron-microscope-viewable-only? what?
because selling music etc is fine and legal, downloading it from other people is illegal. If people present the only alternative to DRM as piracy, then business will choose DRM every time, but if there's a viable business alternative then hopefully we will start seeing non-DRM'ed (paid) filesharing popping up.
What a cool idea! Not only are they damaging MS's market share, but also breaching the idea of alternative software to the masses. Rock on.
mod parent up. add in factors such as gmail account auto checkers and other extensions that login automagically and it's a trivial excersise.