The fault lies with the contractor who stole classified information, took it home, and put it on a personal computer where he had Kaspersky installed. I have a very hard time believing such actions to NOT be deliberate with the intention that the programs be scanned by Kaspersky, and possibly specifically by Kaspersky. I'm not saying Nghia Hoang Pho, 67, was flipped in his soviet client state homeland and sent to the US with specific pro-Russian instructions, but I mean, come on....
Then civil asset forfeiture is basically marque and reprisal, turning police into privateers. Some how, while seemingly correct, I donâ(TM)t see that argument working out in this day and age. Perhaps we shall see.
Trump didn't issue an order. He signed H.R. 2810, "National Defense Authorization Act for Fiscal Year 2018" into law. That means Congress did it, not Trump. The relevant bit is section 1634, entitled "Prohibition on use of products and services developed or provided by Kaspersky Lab.", which is under Subtitle C, "Cyberspace-related matters".
(a)Prohibition No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another department, agency, organization, or element of the Federal Government, any hardware, software, or services developed or provided, in whole or in part, by—
(1)Kaspersky Lab (or any successor entity); (2)any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or (3)any entity of which Kaspersky Lab has majority ownership. (b)Effective date The prohibition in subsection (a) shall take effect on October 1, 2018.
(c)Review and Report (1)Review The Secretary of Defense, in consultation with the Secretary of Energy, the Secretary of Homeland Security, the Attorney General, the Administrator of the General Services Administration, and the Director of National Intelligence, shall conduct a review of the procedures for removing suspect products or services from the information technology networks of the Federal Government.
(2)Report (A)In general Not later than 180 days after the date of the enactment of this Act, Secretary of Defense shall submit to the appropriate congressional committees a report on the review conducted under paragraph (1).
(B)Elements The report under subparagraph (A) shall include the following:
(i)A description of the Federal Government-wide authorities that may be used to prohibit, exclude, or prevent the use of suspect products or services on the information technology networks of the Federal Government, including— (I)the discretionary authorities of agencies to prohibit, exclude, or prevent the use of such products or services; (II)the authorities of a suspension and debarment official to prohibit, exclude, or prevent the use of such products or services; (III)authorities relating to supply chain risk management; (IV)authorities that provide for the continuous monitoring of information technology networks to identify suspect products or services; and (V)the authorities provided under the Federal Information Security Management Act of 2002. (ii)Assessment of any gaps in the authorities described in clause (i), including any gaps in the enforcement of decisions made under such authorities. (iii)An explanation of the capabilities and methodologies used to periodically assess and monitor the information technology networks of the Federal Government for prohibited products or services. (iv)An assessment of the ability of the Federal Government to periodically conduct training and exercises in the use of the authorities described in clause (i)— (I)to identify recommendations for streamlining process; and (II)to identify recommendations for education and training curricula, to be integrated into existing training or certification courses. (v)A description of information sharing mechanisms that may be used to share information about suspect products or services, including mechanisms for the sharing of such information among the Federal Government, industry, the public, and international partners. (vi)Identification of existing tools for business intelligence, application management, and commerce due-diligence that are either in use by elements of the Federal Government, or that are available commercially. (vii)Recommendations for improving the authorities, processes, resourcing, and capabilities of the Federal Government for the purpose of improving the procedures for identifying and removing prohibited products or services from the information technology networks of the Federal Government. (viii)Any other matters the Secretary determines to be appr
The only reason it seems hard is that people who are good at computers, and programming in particular, can often be very literal. The computers are, so after years of explaining everything in excruciating detail to a machine, the natural tendency is to talk about how to do it in excruciating detail to people who ask. Most people who ask donâ(TM)t really care. It is like asking âoehow are youâ and expecting âoefine, thank. And you?â, not âoeI have a raging case of herpes, thanks for asking!â
In the US in particular, questions about occupation are round-about questions about money and status. Thatâ(TM)s it. âoeIâ(TM)m a doctor/lawyerâ means âoei make considerably more than someone who answers highschool teacher.â
Unless someone asks folowup questions thst show an interest in your career, particularly young people who may be trying to figure out what they want to do, just answering the question that was asked and not projecting an actual desire to here about having issues with source code management or when functional programming techniques are appropriate is probably good enough. Then ask the asker and deflect. Let them talk about their job if they want.
Anyone who values their time or their money doesnâ(TM)t stand in line for 20+ minutes waiting to be served dirty water by a hippie. I mean, who really has time to get coffee at a coffee place in the morning? Probably not people with anywhere to be. Coffee trips are nice for a treat when Iâ(TM)m not on my way, or stopping on road trips. Weekday mornings? Not so much
Around 1999-2002... in this post-columbine, post-9/11 world of fear weâ(TM)ve found ourselves in.
But also, as society has grown and the avenues for impersonating strangers have multiplied as more and more people move around a lot rather than live in the same area for generations, there is more to worrt about. And people are bad at estimating risk and blow things out of proportion as it suits them.
But the DJI is an index measuring the value of the stocks in companies followed by the index. It represents a weighted value of what owning shares in those companies is worth (oversimplification is simple). This is like people trading commodities and then running the value of the commodity up even though they have no interest in the actual value or usefulness of the commodity -- similar to the oft-referenced tulip situation in the Netherlands, with the pricing being run up by speculators who bought and sold tulips to other people looking to buy and sell tulip bulbs with none of them having any interest in actually planting the damned things and enjoying the flowers.
I bet itâ(TM)s really Gentoo but they futzed with the compiler optimizations then built it in a cluster so they could finish before the heat death of the universe.
Except youâ(TM)ll find an awful lot of wanna-be Nazis that say the holocaust never happened, or some varying degree thereof. Many will say something like, âoeit never happened. But so what if it didâ. Some think it did and that it was awesome, but that just puts them into conflict with the revisionists in their ranks on that subject.
I think that for most of them, you canâ(TM)t look at it as political ideology any more than you can look at being a Crip as an ideology. Theyâ(TM)re gang members looking for belonging. Skinheads are just a white street gang. They happen to have found a gang that borrows imagery and savagery from a gang that one time got political power, but beyond âoejews bad,â most of them donâ(TM)t seem to really understand any of the philosophical roots of nazism either as political platform or as an esoteric semi-religion. Theyâ(TM)ve almost certainly never read any Italian fascist writings, donâ(TM)t understand the difference between Franco and the Falanage, or falangists and fascists, or why Spain stayed neutral in the war.
Of course, there are some who have done those things and do understand. There are, in any extremist movement or basic street gang, those who are able to manipulate and control people. Most of them are hurt, lost and looking for something and they got picked up by exploitationists who offer them belonging and purpose. But that comes with a massive outgrouping which continues into dehumanization. It isnâ(TM)t so much that the holocaust is what theyâ(TM)re clinging to so much as an extremely exclusive sense of identity. Even if they actually are politically motivated, the major difference between fascism and nazism is that while fascism in-groups the citizen, nazism places ethnic and racial limitiations on citizenship and then seeks to push all the newly-non-citizens out.
Biometrics are not better than a password as a single method of authentication unless your data is worthless.
Passwords can be changed/rotated indefinitely. You only have one face, two eyes and 10 fingers.
Only idiots leave passwords on sticky notes. Literally everybody leaves fingerprints around, unless they donâ(TM)t have finger prints, in which case a finger print reader is useless to them anyway.
How âoeeasyâ it is to get you to give up a password depends on you. How easy it is to force your finger onto a finger print reader, less so.
Biometrics, being a physical characteristic of a person are great for indentification, i.e. as a replacement for a username. Theyâ(TM)re also perfectly reasonable as part of a multi-factor authentication. Iâ(TM)ll combine finger print + the HMAC SHA challenge-response from yubikey or PKI from a smartcard for accessing my laptops for instance.
I believe the point being made is that the current-day US is an empire engaging in colonialism by brain-drain and nothing to do with indentured servitude during pre-revolutionary times
Attribution is extremely difficult, especially if all you have to go on is forensic artifacts which are easily forged. I don't believe any private organization is going to be in a position to arrive at an attribution that would legitimize a hack back situation. That doesn't mean I don't believe in active defense. Beacons in documents, etc. which let you know if/when/where they have been opened is one thing. Launching a cyber assault based on that is another.
Hell, even most governments, short of corroborating SIGINT or HUMINT is going to be hard pressed to do attribution and it would take a lot for me to agree that a kinetic response were justified -- basically a confesion from the perps.
You have to log in, it uses javascript, etc. so they would be able to a) fingerprint you and b) tie you to a (presumably) real identity. It seems to defeat the whole purpose and creates an OPSEC breach for anyone dumb enough to do it
Do they still paywall the stories? Do they allow you to log in? (Thus helping to deanonymize you on other onion sites)?
If they're giving easy text versions of stories, free from paywall, without the annoyance of comments (meta comment bashing comment...) then it may be worthwhile. Otherwise, like FB over Tor they are probably just going to do more harm than good
I know it is fashionable to bust on MS -- always has been here. I will say that from a security standpoint (if not a privacy standpoint, which is related but not the same), they have gotten better. That aside, the fact remains that if you don't do the first 5 of the CIS critical security controls, doing the remaining 15 doesn't really matter. https://www.cisecurity.org/con...
Of course throwing blinkin-light boxes, doing pen tests, etc. is all the "sexy" parts of security, but here's the deal -- MS patched the vuln over a month before WannaCry hit and the crisis could have been averted by asset control and patch management before any signatures were released either for the vulnerability itself, or for specific threats such as WannaCry.
Within a day of ShadowBrokers dumping the haul which contained EternalBlue, nearly everyone in the security field that was paying attention understood that a patch already existed, MS had released it without fanfare as they usually do for this sort of thing, and that due to lack of attribution in the release notes that it was almost certainly NSA working on it with MS once they had reason to believe that EternalBlue was taken and would be burned by SB.
So, yeah "Don't use Microsoft" -- but if you go around not patching RedHat, you're not actually going to be that much better off. Unpatched software is still unpatched software, email has the quality of turning local exploits into remote exploits, and office workers whom you stick on an Ubuntu or RedHat box are still going to click whatever they're going to click. DAC and the Unix permissions model only goes so far, and most sites I've worked at have a tendency to have a "disable SELinux because it's hard and we're lazy" item in their deployment guide.
No one thing is the end-all/be-all of security. Layered defense and understanding that it is a constant arms race wherein blue team isn't likely to prevent a dedicated adversary from gaining a foothold but needs to do what is possible to increase the cost of success and extend operational time for the attacker to increase the likelihood of detection before exfiltration or destruction of data is it.
My laptop doesn't have a microphone or camera specifically so that they aren't physically there for anyone to compromise. The OS and most of my apps live on NVMe. There is a 2TB disk in there, though. So if someone can implant malware that could monitor disk latency caused by vibrations and then reconstruct, to some degree, ambient audio, up to and including conversation then... i guess it means that I have an excuse to upgrade that disk to an SSD and justify it as a surveillance countermeasure. (even though this seems unreliable).
The watch word of the day is "normalization," isn't it? Apple including facial recognition technology helps normalize the idea and numb people to its use in a way thet Microsoft and Samsung apparently weren't because lack of hipster cred. But now that Apple has done it, it will go "mainstream" (i.e., people will realize it is where it was and think that's new. Also will want to add it other places).
There is only a bit of snark there. But frankly, yes, facial recognition technology is more invasive than fingerprint readers because i don't have to touch the phone. It is passive collection technology. And it isn't even necessarily the fact that Apple is using it for login (biometrics should replace user names, not passphrases) or that scan data is held in the SEP. it is that Apple has a chip in the phone that can do reasonably accurate scans at a good rate. Its probably only a matter of time before a Square-like device is made leveraging the ability to provide minority-report like indenrification of shoppers (and then they'll helpfully airplay ads and coupons to people!)
Like I said, some degree of snark there. But if any company can push pervasive biometric identification beyond "z0mg government spying!!" to "this is totally normal and acceptable. I don't remeber a world wherein my face wasn't scanned 300 times a day creating an irrefutable log of my movements and actions throughout the day! Isn't it a totally wonderful and acceptable social norm?!," well that would be Apple.
Apple and Samsung devices and software have been evaluated and validated against FIPS 140-2, Common Criteria and Commercial Solutions for Classified (CSfC) standards and are considered safe enough for use by the US government and others which respect those certifications (such as the 20+ countries in the Common Criteria Recognition Agreement).
Huawei has financial and political ties to the Chinese government, which has a well known history of taking "cyber" action for both political and industrial espionage purposes, in addition to siding with adversarial countries such as Russia, North Korea, etc. on a number of issues.
Therefor, Apple and Samsung are probably better choices from a trustworthiness standpoint. On the other hand, they're largely manufactured and assembled in the PRC and would be targets for the kind of supply-chain-infiltration type hardware implant attack. It'd just be less easy to accomplish than embedding implants or back doors into the hardware of one of their own companies.
The difference is that the cops are already going to physically take your hand , stick it in ink, and force it onto paper if they have arrested you. They're going to go through your possessions and if they find keys, can try them on locks they also find on you.
They can't make you say anything though. In fact, they will specifically advise you of your right NOT to talk.
This is one of the reasons why biometrics make terrible single-factor authentication. If not for yubikey or smartcard as 2fa, I wouldn't use finger print on my laptop. Biometrics are better replacements for usernames than passwords, imo, especially given the limited ability to change most of them, and the fact that anyone who is in physical possession of both you and the device doesn't need your cooperation.
Civ6 on Steam is the only game I have. My laptop has a Xenon w/ 64GB of ECC RAM. The fist disk is 256GB of NVMe, then I have a 2TB disk I use for holding VMWare images, basically.
After about 200 turns, it starts crawling. The other day, I finished a full 500 turn game after a few days poking at it here and there, and when I was done I tried to "exit to desktop" and the whole thing fucking crashed. Of course, Windows 10 Pro wouldn't let me start task manager on the monitor hooked in over the DVI, and I couldn't get it to stay popped over the zombie civ window and so I just said 'fuck it' and rebooted the laptop.
Frankly, the performance on that game has me wanting to just uninstall it. I've probably got my $47 worth of play out if it by now anyway, and it makes my laptop feel as if it'll melt. Not even all that fun anyway -- but the performance is pretty much the worst of anything I've messed with in ages.
First of all, depending on how one carries their cash and how much is needed to complete the transaction, you may need to pull it out into view of others who can then count or estimate how much you have and if you're worth robbing. Obviously, the mugger is going to use other metrics but telegrapgibg how much you have on you just makes it easier for them.
Second, if my cards are stolen, I am not liable for any transactions. If my cash is stolen, it is jist gone.
That said, cash can be very useful to have from time to time. I don't usually have a habit of carrying it anymore but when I do I try to be careful with regards to "flashing" it.
Slashdot Mirror
The fault lies with the contractor who stole classified information, took it home, and put it on a personal computer where he had Kaspersky installed. I have a very hard time believing such actions to NOT be deliberate with the intention that the programs be scanned by Kaspersky, and possibly specifically by Kaspersky. I'm not saying Nghia Hoang Pho, 67, was flipped in his soviet client state homeland and sent to the US with specific pro-Russian instructions, but I mean, come on....
Then civil asset forfeiture is basically marque and reprisal, turning police into privateers. Some how, while seemingly correct, I donâ(TM)t see that argument working out in this day and age. Perhaps we shall see.
Trump didn't issue an order. He signed H.R. 2810, "National Defense Authorization Act for Fiscal Year 2018" into law. That means Congress did it, not Trump. The relevant bit is section 1634, entitled "Prohibition on use of products and services developed or provided by Kaspersky Lab.", which is under Subtitle C, "Cyberspace-related matters".
(a)Prohibition
No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another department, agency, organization, or element of the Federal Government, any hardware, software, or services developed or provided, in whole or in part, by—
(1)Kaspersky Lab (or any successor entity);
(2)any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(3)any entity of which Kaspersky Lab has majority ownership.
(b)Effective date
The prohibition in subsection (a) shall take effect on October 1, 2018.
(c)Review and Report
(1)Review
The Secretary of Defense, in consultation with the Secretary of Energy, the Secretary of Homeland Security, the Attorney General, the Administrator of the General Services Administration, and the Director of National Intelligence, shall conduct a review of the procedures for removing suspect products or services from the information technology networks of the Federal Government.
(2)Report
(A)In general
Not later than 180 days after the date of the enactment of this Act, Secretary of Defense shall submit to the appropriate congressional committees a report on the review conducted under paragraph (1).
(B)Elements
The report under subparagraph (A) shall include the following:
(i)A description of the Federal Government-wide authorities that may be used to prohibit, exclude, or prevent the use of suspect products or services on the information technology networks of the Federal Government, including—
(I)the discretionary authorities of agencies to prohibit, exclude, or prevent the use of such products or services;
(II)the authorities of a suspension and debarment official to prohibit, exclude, or prevent the use of such products or services;
(III)authorities relating to supply chain risk management;
(IV)authorities that provide for the continuous monitoring of information technology networks to identify suspect products or services; and
(V)the authorities provided under the Federal Information Security Management Act of 2002.
(ii)Assessment of any gaps in the authorities described in clause (i), including any gaps in the enforcement of decisions made under such authorities.
(iii)An explanation of the capabilities and methodologies used to periodically assess and monitor the information technology networks of the Federal Government for prohibited products or services.
(iv)An assessment of the ability of the Federal Government to periodically conduct training and exercises in the use of the authorities described in clause (i)—
(I)to identify recommendations for streamlining process; and
(II)to identify recommendations for education and training curricula, to be integrated into existing training or certification courses.
(v)A description of information sharing mechanisms that may be used to share information about suspect products or services, including mechanisms for the sharing of such information among the Federal Government, industry, the public, and international partners.
(vi)Identification of existing tools for business intelligence, application management, and commerce due-diligence that are either in use by elements of the Federal Government, or that are available commercially.
(vii)Recommendations for improving the authorities, processes, resourcing, and capabilities of the Federal Government for the purpose of improving the procedures for identifying and removing prohibited products or services from the information technology networks of the Federal Government.
(viii)Any other matters the Secretary determines to be appr
The only reason it seems hard is that people who are good at computers, and programming in particular, can often be very literal. The computers are, so after years of explaining everything in excruciating detail to a machine, the natural tendency is to talk about how to do it in excruciating detail to people who ask. Most people who ask donâ(TM)t really care. It is like asking âoehow are youâ and expecting âoefine, thank. And you?â, not âoeI have a raging case of herpes, thanks for asking!â
In the US in particular, questions about occupation are round-about questions about money and status. Thatâ(TM)s it. âoeIâ(TM)m a doctor/lawyerâ means âoei make considerably more than someone who answers highschool teacher.â
Unless someone asks folowup questions thst show an interest in your career, particularly young people who may be trying to figure out what they want to do, just answering the question that was asked and not projecting an actual desire to here about having issues with source code management or when functional programming techniques are appropriate is probably good enough. Then ask the asker and deflect. Let them talk about their job if they want.
Anyone who values their time or their money doesnâ(TM)t stand in line for 20+ minutes waiting to be served dirty water by a hippie. I mean, who really has time to get coffee at a coffee place in the morning? Probably not people with anywhere to be. Coffee trips are nice for a treat when Iâ(TM)m not on my way, or stopping on road trips. Weekday mornings? Not so much
Around 1999-2002... in this post-columbine, post-9/11 world of fear weâ(TM)ve found ourselves in.
But also, as society has grown and the avenues for impersonating strangers have multiplied as more and more people move around a lot rather than live in the same area for generations, there is more to worrt about. And people are bad at estimating risk and blow things out of proportion as it suits them.
But the DJI is an index measuring the value of the stocks in companies followed by the index. It represents a weighted value of what owning shares in those companies is worth (oversimplification is simple). This is like people trading commodities and then running the value of the commodity up even though they have no interest in the actual value or usefulness of the commodity -- similar to the oft-referenced tulip situation in the Netherlands, with the pricing being run up by speculators who bought and sold tulips to other people looking to buy and sell tulip bulbs with none of them having any interest in actually planting the damned things and enjoying the flowers.
I bet itâ(TM)s really Gentoo but they futzed with the compiler optimizations then built it in a cluster so they could finish before the heat death of the universe.
Except youâ(TM)ll find an awful lot of wanna-be Nazis that say the holocaust never happened, or some varying degree thereof. Many will say something like, âoeit never happened. But so what if it didâ. Some think it did and that it was awesome, but that just puts them into conflict with the revisionists in their ranks on that subject.
I think that for most of them, you canâ(TM)t look at it as political ideology any more than you can look at being a Crip as an ideology. Theyâ(TM)re gang members looking for belonging. Skinheads are just a white street gang. They happen to have found a gang that borrows imagery and savagery from a gang that one time got political power, but beyond âoejews bad,â most of them donâ(TM)t seem to really understand any of the philosophical roots of nazism either as political platform or as an esoteric semi-religion. Theyâ(TM)ve almost certainly never read any Italian fascist writings, donâ(TM)t understand the difference between Franco and the Falanage, or falangists and fascists, or why Spain stayed neutral in the war.
Of course, there are some who have done those things and do understand. There are, in any extremist movement or basic street gang, those who are able to manipulate and control people. Most of them are hurt, lost and looking for something and they got picked up by exploitationists who offer them belonging and purpose. But that comes with a massive outgrouping which continues into dehumanization. It isnâ(TM)t so much that the holocaust is what theyâ(TM)re clinging to so much as an extremely exclusive sense of identity. Even if they actually are politically motivated, the major difference between fascism and nazism is that while fascism in-groups the citizen, nazism places ethnic and racial limitiations on citizenship and then seeks to push all the newly-non-citizens out.
Biometrics are not better than a password as a single method of authentication unless your data is worthless.
Passwords can be changed/rotated indefinitely. You only have one face, two eyes and 10 fingers.
Only idiots leave passwords on sticky notes. Literally everybody leaves fingerprints around, unless they donâ(TM)t have finger prints, in which case a finger print reader is useless to them anyway.
How âoeeasyâ it is to get you to give up a password depends on you. How easy it is to force your finger onto a finger print reader, less so.
Biometrics, being a physical characteristic of a person are great for indentification, i.e. as a replacement for a username. Theyâ(TM)re also perfectly reasonable as part of a multi-factor authentication. Iâ(TM)ll combine finger print + the HMAC SHA challenge-response from yubikey or PKI from a smartcard for accessing my laptops for instance.
Progressives want the US to be like the Soviet Union, so yes.
I believe the point being made is that the current-day US is an empire engaging in colonialism by brain-drain and nothing to do with indentured servitude during pre-revolutionary times
Attribution is extremely difficult, especially if all you have to go on is forensic artifacts which are easily forged. I don't believe any private organization is going to be in a position to arrive at an attribution that would legitimize a hack back situation. That doesn't mean I don't believe in active defense. Beacons in documents, etc. which let you know if/when/where they have been opened is one thing. Launching a cyber assault based on that is another.
Hell, even most governments, short of corroborating SIGINT or HUMINT is going to be hard pressed to do attribution and it would take a lot for me to agree that a kinetic response were justified -- basically a confesion from the perps.
You have to log in, it uses javascript, etc. so they would be able to a) fingerprint you and b) tie you to a (presumably) real identity. It seems to defeat the whole purpose and creates an OPSEC breach for anyone dumb enough to do it
Do they still paywall the stories? Do they allow you to log in? (Thus helping to deanonymize you on other onion sites)?
If they're giving easy text versions of stories, free from paywall, without the annoyance of comments (meta comment bashing comment...) then it may be worthwhile. Otherwise, like FB over Tor they are probably just going to do more harm than good
I know it is fashionable to bust on MS -- always has been here. I will say that from a security standpoint (if not a privacy standpoint, which is related but not the same), they have gotten better. That aside, the fact remains that if you don't do the first 5 of the CIS critical security controls, doing the remaining 15 doesn't really matter.
https://www.cisecurity.org/con...
Of course throwing blinkin-light boxes, doing pen tests, etc. is all the "sexy" parts of security, but here's the deal -- MS patched the vuln over a month before WannaCry hit and the crisis could have been averted by asset control and patch management before any signatures were released either for the vulnerability itself, or for specific threats such as WannaCry.
Within a day of ShadowBrokers dumping the haul which contained EternalBlue, nearly everyone in the security field that was paying attention understood that a patch already existed, MS had released it without fanfare as they usually do for this sort of thing, and that due to lack of attribution in the release notes that it was almost certainly NSA working on it with MS once they had reason to believe that EternalBlue was taken and would be burned by SB.
So, yeah "Don't use Microsoft" -- but if you go around not patching RedHat, you're not actually going to be that much better off. Unpatched software is still unpatched software, email has the quality of turning local exploits into remote exploits, and office workers whom you stick on an Ubuntu or RedHat box are still going to click whatever they're going to click. DAC and the Unix permissions model only goes so far, and most sites I've worked at have a tendency to have a "disable SELinux because it's hard and we're lazy" item in their deployment guide.
No one thing is the end-all/be-all of security. Layered defense and understanding that it is a constant arms race wherein blue team isn't likely to prevent a dedicated adversary from gaining a foothold but needs to do what is possible to increase the cost of success and extend operational time for the attacker to increase the likelihood of detection before exfiltration or destruction of data is it.
My laptop doesn't have a microphone or camera specifically so that they aren't physically there for anyone to compromise. The OS and most of my apps live on NVMe. There is a 2TB disk in there, though. So if someone can implant malware that could monitor disk latency caused by vibrations and then reconstruct, to some degree, ambient audio, up to and including conversation then... i guess it means that I have an excuse to upgrade that disk to an SSD and justify it as a surveillance countermeasure. (even though this seems unreliable).
The watch word of the day is "normalization," isn't it? Apple including facial recognition technology helps normalize the idea and numb people to its use in a way thet Microsoft and Samsung apparently weren't because lack of hipster cred. But now that Apple has done it, it will go "mainstream" (i.e., people will realize it is where it was and think that's new. Also will want to add it other places).
There is only a bit of snark there. But frankly, yes, facial recognition technology is more invasive than fingerprint readers because i don't have to touch the phone. It is passive collection technology. And it isn't even necessarily the fact that Apple is using it for login (biometrics should replace user names, not passphrases) or that scan data is held in the SEP. it is that Apple has a chip in the phone that can do reasonably accurate scans at a good rate. Its probably only a matter of time before a Square-like device is made leveraging the ability to provide minority-report like indenrification of shoppers (and then they'll helpfully airplay ads and coupons to people!)
Like I said, some degree of snark there. But if any company can push pervasive biometric identification beyond "z0mg government spying!!" to "this is totally normal and acceptable. I don't remeber a world wherein my face wasn't scanned 300 times a day creating an irrefutable log of my movements and actions throughout the day! Isn't it a totally wonderful and acceptable social norm?!," well that would be Apple.
por favor haga lo necesario
Tarsnap
Apple and Samsung devices and software have been evaluated and validated against FIPS 140-2, Common Criteria and Commercial Solutions for Classified (CSfC) standards and are considered safe enough for use by the US government and others which respect those certifications (such as the 20+ countries in the Common Criteria Recognition Agreement).
Huawei has financial and political ties to the Chinese government, which has a well known history of taking "cyber" action for both political and industrial espionage purposes, in addition to siding with adversarial countries such as Russia, North Korea, etc. on a number of issues.
Therefor, Apple and Samsung are probably better choices from a trustworthiness standpoint. On the other hand, they're largely manufactured and assembled in the PRC and would be targets for the kind of supply-chain-infiltration type hardware implant attack. It'd just be less easy to accomplish than embedding implants or back doors into the hardware of one of their own companies.
The difference is that the cops are already going to physically take your hand , stick it in ink, and force it onto paper if they have arrested you. They're going to go through your possessions and if they find keys, can try them on locks they also find on you.
They can't make you say anything though. In fact, they will specifically advise you of your right NOT to talk.
This is one of the reasons why biometrics make terrible single-factor authentication. If not for yubikey or smartcard as 2fa, I wouldn't use finger print on my laptop. Biometrics are better replacements for usernames than passwords, imo, especially given the limited ability to change most of them, and the fact that anyone who is in physical possession of both you and the device doesn't need your cooperation.
Yes. Often specific idiots are allowed to post.
Civ6 on Steam is the only game I have. My laptop has a Xenon w/ 64GB of ECC RAM. The fist disk is 256GB of NVMe, then I have a 2TB disk I use for holding VMWare images, basically.
After about 200 turns, it starts crawling. The other day, I finished a full 500 turn game after a few days poking at it here and there, and when I was done I tried to "exit to desktop" and the whole thing fucking crashed. Of course, Windows 10 Pro wouldn't let me start task manager on the monitor hooked in over the DVI, and I couldn't get it to stay popped over the zombie civ window and so I just said 'fuck it' and rebooted the laptop.
Frankly, the performance on that game has me wanting to just uninstall it. I've probably got my $47 worth of play out if it by now anyway, and it makes my laptop feel as if it'll melt. Not even all that fun anyway -- but the performance is pretty much the worst of anything I've messed with in ages.
First of all, depending on how one carries their cash and how much is needed to complete the transaction, you may need to pull it out into view of others who can then count or estimate how much you have and if you're worth robbing. Obviously, the mugger is going to use other metrics but telegrapgibg how much you have on you just makes it easier for them.
Second, if my cards are stolen, I am not liable for any transactions. If my cash is stolen, it is jist gone.
That said, cash can be very useful to have from time to time. I don't usually have a habit of carrying it anymore but when I do I try to be careful with regards to "flashing" it.