Given that mode of thinking, I would assume you would check the image of returning employees laptop hard drive for malicious changes installed by professionals.
That is the funniest thing I've read in a long time. Thanks for the laugh.
Even if you trust your employee completely, the laptop has been in the hands of customs and other unknown people while in the world. It can't be assumed safe until re-imaged. Finding any attackers code would be a bonus of the 'standard' harddrive swap by IT on return.
Very true here. However, most IT departments have more important things to worry about, like making sure the new security patch isn't going to interfere with the CEO's favorite gambling website. Looking for malicious code isn't going to be on any priority lists when a wipe will "solve the problem".
And no it wouldn't be that bad. Employee has only had laptop for a few days. Tech pulls old drive, installs standard image replacement, checks for nonstandard flash, updates crypto, puts back on shelf. Tech installs old drive in USB enclosure, enters crypto key, scans then copies data folders to employees user folder, then runs paranoia process on OS and drive. If nothing found drive re-imaged and put back on shelf.
To the employee it looks like he turned in his machine and his data showed up in his folder 30 minutes later. To the tech it looks like he has a job doing paranoid shit, until one day he finds the next Stuxnet.
An anti-virus scan will only catch malware that is widespread and has been in the wild for several days. Look how old Stuxnet was before it was detected by A/V. Their are other custom jobs that have gone years without detection as well. The 'paranoia process' would require a forensic examination. A decent forensic triage takes at least 4 hours on a smallish drive. A full examination can take days just to determine if something unusual is present. Than you have to take apart that unusual piece of software just to find out you are chasing down the wrong rabbit hole. This is the kind of work it takes to find the next Stuxnet.
Unless you are in the security industry then some VP is going to look at a poorly done risk assessment, look at the pricetag as overhead, and slash the budget, thinking "that won't happen here" and put down on his next review how many millions he just saved the company. Even in the security industry this isn't done nearly as often as it should.
Their are several well known adages in the IT security field. The most important one is that the usability of a system is inversely proportional to the security of the system. The corollary to this is, the only secure system is the one locked in a safe with no power or internet connection. I've worked cases of documents being stolen from computers which had never been connected to the internet and had all the security bells and whistles. If the computer is required to be capable of running software (kind of important for most users) security holes will be found. No exceptions. The biggest threat I've seen to network security is admins who are overconfident in the security of their network.
For those who don't like to verify there connection themselves can just use Firefox 3.0. If the site really is secure the background of the favicon changes to blue or green depending on how trusted the certificate is. So when the background of the padlock doesn't change color you will know it is fake.
Furthermore, just because you would not have paid the $10 admission, and the theater has empty seats (IOW, the theater's revenue is the same whether you sneak in or not) doesn't make it right for you to sneak in without paying.
It may not make it right. The argument though is that since the theater's revenue is the same either way it isn't theft. Furthermore, if the theater's revenue is the same then a claim of $200 billion in lost revenue is total bullshit.
On a larger scale, the fact that the back door is propped open devalues the service the theater is providing, because some percentage of individuals who otherwise would have paid the $10 admission now decide that they'd rather watch the movie and keep their $10.
If that is the case they need to come up with a true estimate that people can trust. Making up an unrealistic number just makes people feel justified in there actions against the evil movie industry. Besides that you have to also calculate in how many sales are gained from TPB. How many people download a movie, enjoy it, and then purchase the movie and all its sequels? I know several people who do this. I've done it with video games numerous times when I have been untrusting of a magazine review-vertisment. If the game sucks I delete it, but if it is worth the money I give the developer their due.
Read some Kim Stanley-Robinson books (ie, the Mars series).
A lot of his ideas are being put into play by NASA, it's not unimaginable that another of his ideas, the space elevator, wouldn't be picked up by some cokehead wannabe. It's just sad it didn't come into fruition - the advantages of a space elevator are quite massive. One of Kim Stanley-Robinson's ideas? The idea for the space elevator has been tossed around by scientists since the late 19th century. If you are trying to talk about the popularization of the concept, I've heard good things about Kim Stanley-Robinson, but lets give credit where credit is due. The Fountains of Paradise by Arthur C. Clarke was published in 1979 versus Red Mars in 1992.
Don't worry about it not coming to fruition though. A number of other universities and companies are still working on this. Check out elevator2010.org for information on a number of the companies currently competing to create a space elevator.
A quick check on the stock history shows that it started falling within a few days of the IPO due to investors selling short. It had already fallen 50% by the time of the first lawsuit and then another 50% from that point before the Verizon suit.
That's why you keep your bill (yes that tiny paper they give you when you purchase something) so you can prove you bought it. No, you clearly bought one copy and stole another. Once you get this stolen copy activated using the receipt from the legitimate copy you plan to return the legitimate unopened copy. We know how you criminals think!!
As for direction. Our professional athletes, scientists and Engineers produce far fewer children than those at the bottom of our social order. For the sake of our species, I would advise you all (Creationists and Evolutionist) to pray (To Jesus or Darwin) that human intelligence is not seriously impacted by our genetic makeup. If it is our society will collapse when we are no longer able to maintain what our parents built. Oddly enough that is the plot for the movie Idiocracy
What this means is that *NEW* HD-DVD and Bluray discs won't work on old players, unless patched. It's worse than that:
This update includes security enhancements as well as updated licensing keys that will be required to view both newly purchased HD DVD/BD titles and those in your existing HD DVD/BD collections. By downloading Corel's free update, you will be able to continue to enjoy the latest HD DVD/BD content, while ensuring that copyrighted materials are properly protected.
Please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled. - intervideo.com (first emphasis mine, second emphasis in original)
When the crack was first being discussed on the doom9 forums this was covered. Every disc comes with a list of valid keys. The player will check if the list on the disc is newer than the list in memory. If the disc has a newer list it will update the list in memory. So any disc produced after the key was revoked will 'patch' WinDVD to stop playing HD content until you apply the 'security patch'. Don't have internet access to patch your system? So sorry, thanks for all your money, pirate! Several of those doing the cracking told the others not to mention what player they were using to do their debugging to prevent exactly this situation.
It should also be noted that InterVideo does not supply the patch, but refers you to "your PC or Drive manufacturer's websites."
Asus is known for their site being down for days at a time, having horrendous javascript, and often breaking in firefox. They are also known for having an unresponsive customer service. The most common answer you get is "look at our forums", yet their own forums indicate the problem is known and unresolved. To pick just one issue I've had with them as an example, due to their buggy firmware my DVD+-RW was recognized as a CD-R for over a year before they finally fixed it, with hundreds of people claiming the same problem. And, even then the firmware update could only be installed using a floppy drive (in 2006!) and required a third party bios flasher. No, this is par for the course with Asus and I laughed when I received my ISC newsletter.
Google Maps says it's 558 miles / 8 hours 10 minutes from Berkeley County SC to Washington, DC.
Google Maps is just telling you what they want you to hear. Don't believe their lies. Exactly! I've driven almost that exact same route before. With a good radar detector you can do it in 4 hours, easy!
No matter how dumb people may think southern speech is, it is actually hardwired into their nervous system via language acquisition and would have to be accounted for physiologically.
That is why each new user has to train the device all over again. Even if you think in a different dialect it doesn't matter. The computer learns the patterns produced by each individual brain as they think of whatever letter, and in the future word or phoneme, they are being prompted for.
In this day and age is it that hard to imagine the code being hacked. Or for that matter a control device being stolen or copied? Is the control center where these are run from secure against hijacking? Can a terrorist make his way onto the staff and pull an inside job? With this setup one single terrorist kicks in the door hard and then it doesn't matter if the passengers take him out. His friends on the ground can control the plane however they want.
I do like this idea. It all depends on the amount of security and forethought that is put into the actual setup. Use the door warning, but have a few seconds delay and warning that allows the pilot to disable it if it gets bumped. Have a strong encryption and other methods to make it hard to fake the signal. Keep nuclear level security on the control systems. But then I keep thinking that this is the same administration that loves Diebold and RFID passports with non-random keys.
So where's the hack? A real hack would be to prevent a security warning from raising, not to raise a security warning when one is granted (or not).
To be more specific than the other replies: Vista's UAC display has four different colors that warns a user how dangerous the action is. The hack is that the malicious code should display a yellow-orange - unsigned/unknown source - but instead displays green-teal - Vista. By displaying an elevated level of trust it makes social engineering easier.
I found it interesting that the bubble on the arrow said 'Niagra Falls, U.S.A.' and pointed to the Canadian side of the falls. That's odd. My map says Viagra Falls...
There were a half dozen torrents for Sims 2 and each expansion on PirateBay when I downloaded Pets last week... I mean when I looked them up after reading your comment just now!!
Out of the seven movies listed I had seen six of them by the time I was 16, half of them in the theater. These movies were the popular ones in my school since I was bused across town to be one of the token white guys in the ghetto so that no one could complain about the schools racial divide. However, I watched movies near my house, or rented them in a local video store, in what was considered a "good" (i.e. mostly white) neighborhood. The only one I didn't see in my non-ghetto neighborhood you ask? Casino.
"Sex and gore" have been the predominant features of nature for hundreds of millions of years. Your statement is correct as you use the past tense. For the last few centuries, and in ever increasing amounts, children are sheltered from both until they become adults. When they finally do encounter these matters years after they should have it comes as a shock to their world views. It is emotionally destabling to them when they discover just how much of the world revolves around "sex and gore". So what the grandparent seems to be trying to say is that the kids should receive, in moderation, the exposure that has been unnaturally stripped from them.
... because there have not been crimes committed in the USA related to Iran and terrorism. I'm all for a good conspiracy theory, but yours fails the logic test. One only has to consider that at the current time there is an ongoing terror plot by Iran being conducted entirely within the United States. You only consider past tense, not present in your claim. Being entirely within the US the case is no longer international, despite the fact that the players are international, and would be handled by the FBI, not the CIA. Under your own description this would fall under an open investigation for the FBI which merits secrecy. It could be a cover up of something, but you're reaching for straws claiming that we are going to fake an attack from Iran.
Well both the text of the article and the legal document make one thing very clear: By linking to any copyrighted material in Australia you are encouraging someone to download and use that material illegally.
Since almost everything published is protected under copyright almost all hyperlinks are illegal! The web as a whole is nothing but one great big collection of pirates and must be shutdown to protect the record industry!
Slashdot Mirror
Given that mode of thinking, I would assume you would check the image of returning employees laptop hard drive for malicious changes installed by professionals.
That is the funniest thing I've read in a long time. Thanks for the laugh.
Even if you trust your employee completely, the laptop has been in the hands of customs and other unknown people while in the world. It can't be assumed safe until re-imaged. Finding any attackers code would be a bonus of the 'standard' harddrive swap by IT on return.
Very true here. However, most IT departments have more important things to worry about, like making sure the new security patch isn't going to interfere with the CEO's favorite gambling website. Looking for malicious code isn't going to be on any priority lists when a wipe will "solve the problem".
And no it wouldn't be that bad. Employee has only had laptop for a few days. Tech pulls old drive, installs standard image replacement, checks for nonstandard flash, updates crypto, puts back on shelf. Tech installs old drive in USB enclosure, enters crypto key, scans then copies data folders to employees user folder, then runs paranoia process on OS and drive. If nothing found drive re-imaged and put back on shelf.
To the employee it looks like he turned in his machine and his data showed up in his folder 30 minutes later. To the tech it looks like he has a job doing paranoid shit, until one day he finds the next Stuxnet.
An anti-virus scan will only catch malware that is widespread and has been in the wild for several days. Look how old Stuxnet was before it was detected by A/V. Their are other custom jobs that have gone years without detection as well. The 'paranoia process' would require a forensic examination. A decent forensic triage takes at least 4 hours on a smallish drive. A full examination can take days just to determine if something unusual is present. Than you have to take apart that unusual piece of software just to find out you are chasing down the wrong rabbit hole. This is the kind of work it takes to find the next Stuxnet.
Unless you are in the security industry then some VP is going to look at a poorly done risk assessment, look at the pricetag as overhead, and slash the budget, thinking "that won't happen here" and put down on his next review how many millions he just saved the company. Even in the security industry this isn't done nearly as often as it should.
Their are several well known adages in the IT security field. The most important one is that the usability of a system is inversely proportional to the security of the system. The corollary to this is, the only secure system is the one locked in a safe with no power or internet connection. I've worked cases of documents being stolen from computers which had never been connected to the internet and had all the security bells and whistles. If the computer is required to be capable of running software (kind of important for most users) security holes will be found. No exceptions. The biggest threat I've seen to network security is admins who are overconfident in the security of their network.
For those who don't like to verify there connection themselves can just use Firefox 3.0. If the site really is secure the background of the favicon changes to blue or green depending on how trusted the certificate is. So when the background of the padlock doesn't change color you will know it is fake.
Taiwan is not governed by the PRC in any way.
That depends on whether you are asking a Chinese or a Taiwanese.
I'm sure it wouldn't require too much sophistication to replace the blood with injected dye after using a cheap sealant on the severed end.
Furthermore, just because you would not have paid the $10 admission, and the theater has empty seats (IOW, the theater's revenue is the same whether you sneak in or not) doesn't make it right for you to sneak in without paying.
It may not make it right. The argument though is that since the theater's revenue is the same either way it isn't theft. Furthermore, if the theater's revenue is the same then a claim of $200 billion in lost revenue is total bullshit.
On a larger scale, the fact that the back door is propped open devalues the service the theater is providing, because some percentage of individuals who otherwise would have paid the $10 admission now decide that they'd rather watch the movie and keep their $10.
If that is the case they need to come up with a true estimate that people can trust. Making up an unrealistic number just makes people feel justified in there actions against the evil movie industry. Besides that you have to also calculate in how many sales are gained from TPB. How many people download a movie, enjoy it, and then purchase the movie and all its sequels? I know several people who do this. I've done it with video games numerous times when I have been untrusting of a magazine review-vertisment. If the game sucks I delete it, but if it is worth the money I give the developer their due.
A lot of his ideas are being put into play by NASA, it's not unimaginable that another of his ideas, the space elevator, wouldn't be picked up by some cokehead wannabe. It's just sad it didn't come into fruition - the advantages of a space elevator are quite massive. One of Kim Stanley-Robinson's ideas? The idea for the space elevator has been tossed around by scientists since the late 19th century. If you are trying to talk about the popularization of the concept, I've heard good things about Kim Stanley-Robinson, but lets give credit where credit is due. The Fountains of Paradise by Arthur C. Clarke was published in 1979 versus Red Mars in 1992.
Don't worry about it not coming to fruition though. A number of other universities and companies are still working on this. Check out elevator2010.org for information on a number of the companies currently competing to create a space elevator.
A quick check on the stock history shows that it started falling within a few days of the IPO due to investors selling short. It had already fallen 50% by the time of the first lawsuit and then another 50% from that point before the Verizon suit.
http://finance.google.com/finance?q=vonage&hl=en
Bulletproof evidence? How about asking the phone company for records instead of relying on a caller-id for evidence?
Please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled. - intervideo.com (first emphasis mine, second emphasis in original)
When the crack was first being discussed on the doom9 forums this was covered. Every disc comes with a list of valid keys. The player will check if the list on the disc is newer than the list in memory. If the disc has a newer list it will update the list in memory. So any disc produced after the key was revoked will 'patch' WinDVD to stop playing HD content until you apply the 'security patch'. Don't have internet access to patch your system? So sorry, thanks for all your money, pirate! Several of those doing the cracking told the others not to mention what player they were using to do their debugging to prevent exactly this situation.
It should also be noted that InterVideo does not supply the patch, but refers you to "your PC or Drive manufacturer's websites."
Asus is known for their site being down for days at a time, having horrendous javascript, and often breaking in firefox. They are also known for having an unresponsive customer service. The most common answer you get is "look at our forums", yet their own forums indicate the problem is known and unresolved. To pick just one issue I've had with them as an example, due to their buggy firmware my DVD+-RW was recognized as a CD-R for over a year before they finally fixed it, with hundreds of people claiming the same problem. And, even then the firmware update could only be installed using a floppy drive (in 2006!) and required a third party bios flasher. No, this is par for the course with Asus and I laughed when I received my ISC newsletter.
That is why each new user has to train the device all over again. Even if you think in a different dialect it doesn't matter. The computer learns the patterns produced by each individual brain as they think of whatever letter, and in the future word or phoneme, they are being prompted for.
No wonder there is so much TFTP traffic on my network! Its full of porn!
In this day and age is it that hard to imagine the code being hacked. Or for that matter a control device being stolen or copied? Is the control center where these are run from secure against hijacking? Can a terrorist make his way onto the staff and pull an inside job? With this setup one single terrorist kicks in the door hard and then it doesn't matter if the passengers take him out. His friends on the ground can control the plane however they want.
I do like this idea. It all depends on the amount of security and forethought that is put into the actual setup. Use the door warning, but have a few seconds delay and warning that allows the pilot to disable it if it gets bumped. Have a strong encryption and other methods to make it hard to fake the signal. Keep nuclear level security on the control systems. But then I keep thinking that this is the same administration that loves Diebold and RFID passports with non-random keys.
To be more specific than the other replies:
Vista's UAC display has four different colors that warns a user how dangerous the action is. The hack is that the malicious code should display a yellow-orange - unsigned/unknown source - but instead displays green-teal - Vista. By displaying an elevated level of trust it makes social engineering easier.
I think that name could get a lot more people behind it than tooi.org. Either way, I'd help out where I could on that cause.
There were a half dozen torrents for Sims 2 and each expansion on PirateBay when I downloaded Pets last week... I mean when I looked them up after reading your comment just now!!
Out of the seven movies listed I had seen six of them by the time I was 16, half of them in the theater. These movies were the popular ones in my school since I was bused across town to be one of the token white guys in the ghetto so that no one could complain about the schools racial divide. However, I watched movies near my house, or rented them in a local video store, in what was considered a "good" (i.e. mostly white) neighborhood. The only one I didn't see in my non-ghetto neighborhood you ask? Casino.
... because there have not been crimes committed in the USA related to Iran and terrorism. I'm all for a good conspiracy theory, but yours fails the logic test. One only has to consider that at the current time there is an ongoing terror plot by Iran being conducted entirely within the United States. You only consider past tense, not present in your claim. Being entirely within the US the case is no longer international, despite the fact that the players are international, and would be handled by the FBI, not the CIA. Under your own description this would fall under an open investigation for the FBI which merits secrecy. It could be a cover up of something, but you're reaching for straws claiming that we are going to fake an attack from Iran.Well both the text of the article and the legal document make one thing very clear: By linking to any copyrighted material in Australia you are encouraging someone to download and use that material illegally.
Since almost everything published is protected under copyright almost all hyperlinks are illegal! The web as a whole is nothing but one great big collection of pirates and must be shutdown to protect the record industry!