Why bother putting cameras on all the street corners and deal with face recognition software to track people, like England? It's easier to put rfid readers on all the street corners and record all the rfid tags. The credit card companies are starting to put rfid in the credit cards and those would be damn easy to track or copy if you're a thief. Or similar to http cookies, notice the combination of size 11 purple nikes, walmart brand socks, size large fruit of the loom mini-briefs, and trojan condoms in the wallet passing by the scanner.
Read what I wrote again. It didn't dispute that they fall under the Secretary of Defense and were not technically a DOD agency. While they do fall under the Secretary of Defense, and have military personnel, they are outside of the normal DOD functions and function a bit more like a sole-source contractor for the functions they provide the military (intel, comsec, IA functions). They provide services to the army/navy/airforce but do not answer directly to them.
They aren't a DOD agency in the normal sense. They have a flag officer, but they are outside of DOD for all intents and purposes. The DOD already has a joint network protection group (JTF-GNO) and they are monitoring and protecting their networks across the three branches fairly well now. NSA provides input and expertise, but they aren't doing any of the actual work. The agency that is supposed to be doing this is DISA, but their too screwed up to do anything but manage the telco stuff (and poorly at that). This initiative is probably aimed at all the non-military Federal governments that have a crappy track record of protecting and monitoring their networks. If I had to guess, I'd say the initiative calls for putting all of the federal agencies on their own network and get down to a couple of easy to monitor and protect, internet access points like the DOD did.
Personally, I'm all for having NSA monitor for attack activity and actually having the ability to stop an ongoing attack originating from outside of the US. One problem is that these attack can, and frequently do, originate from compromised computers within our borders. At that point, it becomes a question of whether you call it monitoring or spying.
You'll get it if your system doesn't have the proper print driver and needs to pull it from the print server. A print server with malicious drivers is very obscure and little considered way of hacking. A major company I known got stung this way, when an admin user connected to an untrusted windows print server which provided a nice custom set of unsigned print drivers to the client computer.
Given how aggressively the Chinese are spying on the US govt and commercial industry, it wouldn't surprise me to see malicious code on computers and devices shipping from China. It wouldn't be common stuff that the a/v vendors have signatures for either. I'd guess this was suspected by the govt at some point because there was a brief ban on buying systems from Lenovo. First think I do with any new computer is to nuke and reinstall from a known good source. At the very least this dumps all the adware/spyware that come preinstalled.
IF you have thousands of machines, it's likely you have Active Directory by now. Simply set the autorun, as well as the tons of other security settings, in a group policy and be done with it.
Can I have some of what you're smoking? Linux is infamous for forcing the user to chase down so esoteric option in a text config file. Of course, Windows is really confusing - it's called hold down shift when you insert the USB key (something they stole from Mac, btw).
I'll say. Usually when I destroy a hard drive, I'd rip out the magnets, bend the platters and throw it in the trash. I found out the hard way about the glass platters when one shattered instead of bending. Pulling that chunk out of my thumb hurt like hell and bled like crazy. Worst part was having to dig around and make sure all the pieces were out. Now I whack the platters to see if they shatter first. If they dent instead then it's safe to fold them up like a taco.
You forgot requirements on data storage and accessibility for the new US Gestapo. Effectively it is a national ID. All the licenses will look similar and Homeland Security will have access to all the data. The govt can't directly require the states to do anything with drivers licenses, but they've found another loophole to coerce the states into giving them what they want. The other way to strongarm the citizens and states is to make it difficult to get a passport but allow state drivers licenses to function as passports if the states conceded to the government. For other stuff like national speed limits, and the "no child gets ahead" program, the govt holds funding hostage unless the states comply.
Personally, I'm tired of a federal government that keeps blackmailing the individual states. It's a complete violation of the intent of the 10th Amendment. http://en.wikipedia.org/wiki/Tenth_Amendment_to_the_United_States_Constitution
It's only too complicated on Linux. Heck, I'm be thrilled if Samba handled file permissions correctly let you change permissions without having to ssh in and do it as root. No problem though, I run my file servers on Windows where I don't have to mess with such crap.
Goof ups similar to your VMS example are very easy to run into under both Linux and Windows too. Try using the EXT extended attributes to apply acls. A few setuid tools totally ignore them, and they disappear with back and restore. Plus you need to be root to use them in the first place. Another good example is users setting file permissions on a MS Word file. Next time the user saves the document it will assume the default permissions of the folder it's in (because word saves a a temp file, deletes the original and renames the temp file). Maybe I'm making the case that permissions should be kept simple, but there are too many cases where you need complex ones.
Given how few of the campaign promises they even have the power to deliver, much less the ones they even remember after getting elected, why worry? It'll just be another forgotten promise thrown out there for the gullible folks who believe the candidates. To truly figure out what a president/senator/representative nominee will do, just look at their voting record and the campaign contributors list. They don't give a crap about their promises or morality.
What like FireFox doesn't crash and burn anytime a plug-in misbehaves? FF is worse than IE in that regard, especially with plugins like Adobe Acrobat reader. Isn't the FF fanclub party line that instabilities and crashes are caused by misbehaving extensions and plug-ins.
They are under no obligation to distribute the source with each computer. They do have to make it available which can be via written request if need be.
You must be one of those math impaired folks as well. Even if you had perfect efficiency and as much sun as Australia, and no rainy or cloudy days you can still only get 1kw/sq-meter. That just isn't that much to make a difference for a car.
Sorry Tony is just a full of crap. Claiming that veggie oil gets stored as fats because it starts out as a fat? I guess he doesn't understand the whole blood sugar, glycogens, and insulin thing. Body builders are a poor example to follow for dieting. They basically crash diet just before the competition and rebound immediately afterwards - exactly what most people want to avoid.
Go lookup how calories (really kcals) are determined for foods. They figure out how much thermal energy they get by burning the food and then apply fudge factors for the type of food. For example wood burns great but is scaled down as it's not terribly absorbable into the body. In somecases, they simply look at the food content and make estimates based on the percentage of fats and sugars. The set of fudge factors used is probably not a bad estimate for most people. However, it's entirely likely that this model doesn't fit a significant portion of the population. Some folks might be really good at storing sugars or fats, in which case that 300 calories marked on the box might really mean 600 calories for this person.
So while it is true that calories_in minus calories_out is true, it's not that simple. You have to account for absorbtion efficiency and how many calories end up in the toilet.
Mainstream support for XP ends April 2009. Extended support which includes security fixes, knowledge base info, and the ability to buy hotfix support goes out to 2014. This assumes that Microsoft doesn't change those dates to force update of Vista. Extended support for 2000 ends July 2010. I can see upgrading 2000 to XP as security support is likely to go away before Windows 7 is rolled out. Windows XP plays with AD much better than 2000, but I have zero reason to upgrade anything in my network to Vista.
http://en.wikipedia.org/wiki/Polymorphic_code
The code isn't truly self-modifying in the polymorphic sense. It's not changing form while doing the same function. It's updating a portion of itself from a web site. This is no different than Adobe Acrobat or Firefox checking for updates and automatically installing them (OMG! Firefox can install code on my machines!) The difference is that not everyone gets the same update, so all the WoW installations are not doing checksums or detections the same way.
I think the author needs to see what polymorphic really means, aside from being a virus related buzzword. A program being able to dynamically update itself from a server is not polymorphism. I think we just have a cheater bent out of shape that he can't write a single cheat tool that will work across multiple systems.
Even more to the point, please refer to http://www.cybertelecom.org/ci/esp.htm. Specifically, the ISPs want to provide only "basic" service. As soon as they start doing anything with the "format, content, protocol or similar aspects of the subscriber's transmitted information", that becomes "enhanced" services which do not enjoy common carrier status under Title II of the Communications Act.
Still, it's a hotly debated subject as far as the ISPs are concerned. They don't want to do anything that jeopardizes the status quo.
The major ISPs do not want to implement any kind of IDS or traffic monitoring. Why? Because they really enjoy their status as common-carriers. It absolves them of any blame for how the end users use the internet. If they start examining and filtering traffic even for legitimate reasons like detecting malicious traffic, they put that distinction in jeopardy. People and potentially the civil courts would assign the Telco the responsibility of policing their traffic.
People would start suing the Telcos because they didn't detect that joe-blow had his computer compromised or they didn't detect and squash the DDOS attack directed against some company. Next step is forcing the Telcos to listen to all phone calls for the words 'bomb' or "Allah is great". Afterall that's NSAs job.:}
Slashdot Mirror
Quit shouting, it makes you look like a freaking idiot. Try reading http://www.foodproductiondaily.com/news/ng.asp?id=52356-long-distance-rfid , and http://en.wikipedia.org/wiki/RFID for starters. Or google and find the article when a guy build an rfid sniffer that could eavesdrop on an rfid exchange between a reader and chip from 30-meters away. It's not as implausible as you make it sound.
Why bother putting cameras on all the street corners and deal with face recognition software to track people, like England? It's easier to put rfid readers on all the street corners and record all the rfid tags. The credit card companies are starting to put rfid in the credit cards and those would be damn easy to track or copy if you're a thief. Or similar to http cookies, notice the combination of size 11 purple nikes, walmart brand socks, size large fruit of the loom mini-briefs, and trojan condoms in the wallet passing by the scanner.
Read what I wrote again. It didn't dispute that they fall under the Secretary of Defense and were not technically a DOD agency. While they do fall under the Secretary of Defense, and have military personnel, they are outside of the normal DOD functions and function a bit more like a sole-source contractor for the functions they provide the military (intel, comsec, IA functions). They provide services to the army/navy/airforce but do not answer directly to them.
They aren't a DOD agency in the normal sense. They have a flag officer, but they are outside of DOD for all intents and purposes. The DOD already has a joint network protection group (JTF-GNO) and they are monitoring and protecting their networks across the three branches fairly well now. NSA provides input and expertise, but they aren't doing any of the actual work. The agency that is supposed to be doing this is DISA, but their too screwed up to do anything but manage the telco stuff (and poorly at that). This initiative is probably aimed at all the non-military Federal governments that have a crappy track record of protecting and monitoring their networks. If I had to guess, I'd say the initiative calls for putting all of the federal agencies on their own network and get down to a couple of easy to monitor and protect, internet access points like the DOD did.
Personally, I'm all for having NSA monitor for attack activity and actually having the ability to stop an ongoing attack originating from outside of the US. One problem is that these attack can, and frequently do, originate from compromised computers within our borders. At that point, it becomes a question of whether you call it monitoring or spying.
You'll get it if your system doesn't have the proper print driver and needs to pull it from the print server. A print server with malicious drivers is very obscure and little considered way of hacking. A major company I known got stung this way, when an admin user connected to an untrusted windows print server which provided a nice custom set of unsigned print drivers to the client computer.
Given how aggressively the Chinese are spying on the US govt and commercial industry, it wouldn't surprise me to see malicious code on computers and devices shipping from China. It wouldn't be common stuff that the a/v vendors have signatures for either. I'd guess this was suspected by the govt at some point because there was a brief ban on buying systems from Lenovo. First think I do with any new computer is to nuke and reinstall from a known good source. At the very least this dumps all the adware/spyware that come preinstalled.
IF you have thousands of machines, it's likely you have Active Directory by now. Simply set the autorun, as well as the tons of other security settings, in a group policy and be done with it.
Can I have some of what you're smoking? Linux is infamous for forcing the user to chase down so esoteric option in a text config file. Of course, Windows is really confusing - it's called hold down shift when you insert the USB key (something they stole from Mac, btw).
I'll say. Usually when I destroy a hard drive, I'd rip out the magnets, bend the platters and throw it in the trash. I found out the hard way about the glass platters when one shattered instead of bending. Pulling that chunk out of my thumb hurt like hell and bled like crazy. Worst part was having to dig around and make sure all the pieces were out. Now I whack the platters to see if they shatter first. If they dent instead then it's safe to fold them up like a taco.
You forgot requirements on data storage and accessibility for the new US Gestapo. Effectively it is a national ID. All the licenses will look similar and Homeland Security will have access to all the data. The govt can't directly require the states to do anything with drivers licenses, but they've found another loophole to coerce the states into giving them what they want. The other way to strongarm the citizens and states is to make it difficult to get a passport but allow state drivers licenses to function as passports if the states conceded to the government. For other stuff like national speed limits, and the "no child gets ahead" program, the govt holds funding hostage unless the states comply. Personally, I'm tired of a federal government that keeps blackmailing the individual states. It's a complete violation of the intent of the 10th Amendment. http://en.wikipedia.org/wiki/Tenth_Amendment_to_the_United_States_Constitution
It's only too complicated on Linux. Heck, I'm be thrilled if Samba handled file permissions correctly let you change permissions without having to ssh in and do it as root. No problem though, I run my file servers on Windows where I don't have to mess with such crap.
Goof ups similar to your VMS example are very easy to run into under both Linux and Windows too. Try using the EXT extended attributes to apply acls. A few setuid tools totally ignore them, and they disappear with back and restore. Plus you need to be root to use them in the first place. Another good example is users setting file permissions on a MS Word file. Next time the user saves the document it will assume the default permissions of the folder it's in (because word saves a a temp file, deletes the original and renames the temp file). Maybe I'm making the case that permissions should be kept simple, but there are too many cases where you need complex ones.
Given how few of the campaign promises they even have the power to deliver, much less the ones they even remember after getting elected, why worry? It'll just be another forgotten promise thrown out there for the gullible folks who believe the candidates. To truly figure out what a president/senator/representative nominee will do, just look at their voting record and the campaign contributors list. They don't give a crap about their promises or morality.
What like FireFox doesn't crash and burn anytime a plug-in misbehaves? FF is worse than IE in that regard, especially with plugins like Adobe Acrobat reader. Isn't the FF fanclub party line that instabilities and crashes are caused by misbehaving extensions and plug-ins.
They are under no obligation to distribute the source with each computer. They do have to make it available which can be via written request if need be.
You must be one of those math impaired folks as well. Even if you had perfect efficiency and as much sun as Australia, and no rainy or cloudy days you can still only get 1kw/sq-meter. That just isn't that much to make a difference for a car.
Sorry Tony is just a full of crap. Claiming that veggie oil gets stored as fats because it starts out as a fat? I guess he doesn't understand the whole blood sugar, glycogens, and insulin thing. Body builders are a poor example to follow for dieting. They basically crash diet just before the competition and rebound immediately afterwards - exactly what most people want to avoid.
Go lookup how calories (really kcals) are determined for foods. They figure out how much thermal energy they get by burning the food and then apply fudge factors for the type of food. For example wood burns great but is scaled down as it's not terribly absorbable into the body. In somecases, they simply look at the food content and make estimates based on the percentage of fats and sugars. The set of fudge factors used is probably not a bad estimate for most people. However, it's entirely likely that this model doesn't fit a significant portion of the population. Some folks might be really good at storing sugars or fats, in which case that 300 calories marked on the box might really mean 600 calories for this person.
So while it is true that calories_in minus calories_out is true, it's not that simple. You have to account for absorbtion efficiency and how many calories end up in the toilet.
Mainstream support for XP ends April 2009. Extended support which includes security fixes, knowledge base info, and the ability to buy hotfix support goes out to 2014. This assumes that Microsoft doesn't change those dates to force update of Vista. Extended support for 2000 ends July 2010. I can see upgrading 2000 to XP as security support is likely to go away before Windows 7 is rolled out. Windows XP plays with AD much better than 2000, but I have zero reason to upgrade anything in my network to Vista.
Would you trust a secure webmail company that uses Outlook? This certainly looks like a printout from Outlook to me. http://blog.wired.com/27bstroke6/files/hush_klp.pdf
http://en.wikipedia.org/wiki/Polymorphic_code The code isn't truly self-modifying in the polymorphic sense. It's not changing form while doing the same function. It's updating a portion of itself from a web site. This is no different than Adobe Acrobat or Firefox checking for updates and automatically installing them (OMG! Firefox can install code on my machines!) The difference is that not everyone gets the same update, so all the WoW installations are not doing checksums or detections the same way.
Philosopher's Stone was the original title the book was released under in Europe.
I think the author needs to see what polymorphic really means, aside from being a virus related buzzword. A program being able to dynamically update itself from a server is not polymorphism. I think we just have a cheater bent out of shape that he can't write a single cheat tool that will work across multiple systems.
Even more to the point, please refer to http://www.cybertelecom.org/ci/esp.htm. Specifically, the ISPs want to provide only "basic" service. As soon as they start doing anything with the "format, content, protocol or similar aspects of the subscriber's transmitted information", that becomes "enhanced" services which do not enjoy common carrier status under Title II of the Communications Act. Still, it's a hotly debated subject as far as the ISPs are concerned. They don't want to do anything that jeopardizes the status quo.
Maybe because they fall under the definition as described in 47 U.S.C. 153(h)? http://www.cybertelecom.org/notes/telecom_carrier.htm
Yeah, the same parents who thought a game centered around thugs and car-jackings was just fine.
The major ISPs do not want to implement any kind of IDS or traffic monitoring. Why? Because they really enjoy their status as common-carriers. It absolves them of any blame for how the end users use the internet. If they start examining and filtering traffic even for legitimate reasons like detecting malicious traffic, they put that distinction in jeopardy. People and potentially the civil courts would assign the Telco the responsibility of policing their traffic. People would start suing the Telcos because they didn't detect that joe-blow had his computer compromised or they didn't detect and squash the DDOS attack directed against some company. Next step is forcing the Telcos to listen to all phone calls for the words 'bomb' or "Allah is great". Afterall that's NSAs job. :}