I doubt it was simply a text message and more likely a chain of events that ended with the text message.
Maybe this is a case of mistaken identity but I can bet someone with that name must have been on some sort of watch list for doing questionable activities or associating with questionable people. I doubt we will ever know the full story.
If this is a serious project, you should definitely consider getting a security pro involved to conduct a proper risk assessment. This will give you a good idea of what will be required to meet security expectations throughout the entire life cycle of your system.
Physical security, Network security, Policy/Legal requirements etc will likely require to be assessed if not already done.
20/20 vision? Incredible shape? This is slashdot, that means none of us qualify.
TFA is not entirely accurate. If you look at the actual job posting, they say "Must be correctable to 20/20". This means you can wear glasses or have an eye surgery to meet 20/20.
If you read about the actual history and accuracy of polygraphs, you will find that they are not "lie detectors" at all, but merely tools of intimidation. (I could cite many, many sources. While not authoritative, the Penn & Teller show "Bullshit" has a very informative episode on the matter. And yes, the show is called "Bullshit" for a reason. Polygraphs are bullshit.)
Polygraphs are used as tools for intimidation in order to interrogate. By themselves, they are worthless. They are security theater, much like the TSA. I really hate to see our country run by people who believe in (or pull) this kind of BS.
Sure polygraphs are far from perfection but is your normal job interview perfect at assessing if you are the best candidate for the job? Is a 2 hours exam best way to assess your technical skills? Or reference checks? To me its just another step in what is a subjective process anyway.
I am not. I remember when the Taliban hacked into the Predator drones over Afghanistan and were receiving the video down-link due to the lack of encryption:(
The predator was not hacked into.The stream was unencrypted which made it an easy target for passive listening.
There is certainly a great number of important details we are missing in this story but as much as I would like to defend this guy it appears to me he clearly stepped the line if he indeed tested with 568 statements. Your analogy in this case is not accurate as he didn't had to access 568 different accounts to prove his point. A better analogy could be something like this. If you find a way to access all hotel rooms without proper keys, do you have to physically open 568 rooms to prove the owner that you know how to bypass his door security?
I don't know the law in Australia but it is possible that this institution will now have to contact each affected account and inform owners about this unauthorized access even if the offending party had no malicious intentions. That is not good for your PR and will cost them $$$.
Without having more details it is difficult to say more but it looks to me like both sides could have handled this in a better manner.
The real money is in the black market of 0days. That is where Intelligence agencies and criminals compete for new vulnerabilities and are willing to throw some major money depending on the severity. If you are fortunate to find a critical 0day - think remote exploitation in a popular OS/application without user interaction then you may pocket 6 or even 7 figures for a single bug.
White hat reporting is mainly done as a hobby and/or advertisement of your personal skills or your company and is not really meant to be a full time job.
Lets assume for a second this voice stress analyser can actually detect deception at a very high rate (it can't). What prevents someone from pre-recording all answers from themselves or someone else at the time when they are telling the truth then play when required?
I suspect results of this stress analyser have no or very little bearing in the final outcome. This is all smoke and mirrors with hopes that those who believe in lie detectors wont attempt to apply.
I guess the idea is that if you do not want to login to your fb account from an untrusted computer, you wont be inclined to logging into your email account from this same machine.
“If they don’t reconsider we will reverse their decision.”
What is likely to happen is that the CRTC will go back to the drawing board and will propose another solution. Perhaps they will make some concessions or perhaps they will find a more subtle way of screwing the little guy.
Also when politicians get involved, you have to wonder whats the hidden agenda. There is a looming threat of a new election in Canada and being on the side of the population will get them a few much needed extra votes. Should they get what they want, which is a majority, I say watch out.
I'm certainly happy that something is being done but I don't expect the fight to be over.
If there is something I've learned from TV/movies is that Kazakhstan is the third largest exporter of Human "Pubiss". Step aside Wall Street, I know where my money will be invested next.
Very Nice.
Slashdot Mirror
sky watches You!
These pills are supposed to put you to sleep, waking up again was never promised.
You do not need permission, facebook has a Bug Bounty program with (vaguely?) defined rules of engagement that pays money.
I doubt it was simply a text message and more likely a chain of events that ended with the text message. Maybe this is a case of mistaken identity but I can bet someone with that name must have been on some sort of watch list for doing questionable activities or associating with questionable people. I doubt we will ever know the full story.
Somewhere in TOS there is likely a clause which allows the telecos to "share" your private information with anyone willing to pay for it.
+1 for multiple layers.
If this is a serious project, you should definitely consider getting a security pro involved to conduct a proper risk assessment. This will give you a good idea of what will be required to meet security expectations throughout the entire life cycle of your system.
Physical security, Network security, Policy/Legal requirements etc will likely require to be assessed if not already done.
20/20 vision? Incredible shape? This is slashdot, that means none of us qualify.
TFA is not entirely accurate. If you look at the actual job posting, they say "Must be correctable to 20/20". This means you can wear glasses or have an eye surgery to meet 20/20.
Actual polygraph questions are Yes/No only.
If you read about the actual history and accuracy of polygraphs, you will find that they are not "lie detectors" at all, but merely tools of intimidation. (I could cite many, many sources. While not authoritative, the Penn & Teller show "Bullshit" has a very informative episode on the matter. And yes, the show is called "Bullshit" for a reason. Polygraphs are bullshit.) Polygraphs are used as tools for intimidation in order to interrogate. By themselves, they are worthless. They are security theater, much like the TSA. I really hate to see our country run by people who believe in (or pull) this kind of BS.
Sure polygraphs are far from perfection but is your normal job interview perfect at assessing if you are the best candidate for the job? Is a 2 hours exam best way to assess your technical skills? Or reference checks? To me its just another step in what is a subjective process anyway.
What use would the CIA have for honest staff?
You have to be honest to the organization but lie to everyone else.
I am not. I remember when the Taliban hacked into the Predator drones over Afghanistan and were receiving the video down-link due to the lack of encryption :(
The predator was not hacked into.The stream was unencrypted which made it an easy target for passive listening.
Dunno why they don't just use flashbulbs.
"Smile! You're under arrest!"
Does give a whole new meaning to Legally Blind, Blind Justice and Shedding a little light on the Crime.
No one wants to see a British smile.
I'm sure someone will figure out a way to reflect (mirror?) back to the source.
1. Create a fake facebook page impersonating a top RIAA exec. 2. Visit this page. 3. Wait and profit!
There is certainly a great number of important details we are missing in this story but as much as I would like to defend this guy it appears to me he clearly stepped the line if he indeed tested with 568 statements. Your analogy in this case is not accurate as he didn't had to access 568 different accounts to prove his point. A better analogy could be something like this. If you find a way to access all hotel rooms without proper keys, do you have to physically open 568 rooms to prove the owner that you know how to bypass his door security? I don't know the law in Australia but it is possible that this institution will now have to contact each affected account and inform owners about this unauthorized access even if the offending party had no malicious intentions. That is not good for your PR and will cost them $$$. Without having more details it is difficult to say more but it looks to me like both sides could have handled this in a better manner.
The PDF has a sentence which hints that he may have submitted a proof of concept that accessed approx 568 statements.
The real money is in the black market of 0days. That is where Intelligence agencies and criminals compete for new vulnerabilities and are willing to throw some major money depending on the severity. If you are fortunate to find a critical 0day - think remote exploitation in a popular OS/application without user interaction then you may pocket 6 or even 7 figures for a single bug. White hat reporting is mainly done as a hobby and/or advertisement of your personal skills or your company and is not really meant to be a full time job.
"Researchers Design Mammary-Strengthening Implant" Unfortunately my brain can only make one association with the word Implant.
Lets assume for a second this voice stress analyser can actually detect deception at a very high rate (it can't). What prevents someone from pre-recording all answers from themselves or someone else at the time when they are telling the truth then play when required? I suspect results of this stress analyser have no or very little bearing in the final outcome. This is all smoke and mirrors with hopes that those who believe in lie detectors wont attempt to apply.
I guess the idea is that if you do not want to login to your fb account from an untrusted computer, you wont be inclined to logging into your email account from this same machine.
financial institutions rob you
“If they don’t reconsider we will reverse their decision.” What is likely to happen is that the CRTC will go back to the drawing board and will propose another solution. Perhaps they will make some concessions or perhaps they will find a more subtle way of screwing the little guy. Also when politicians get involved, you have to wonder whats the hidden agenda. There is a looming threat of a new election in Canada and being on the side of the population will get them a few much needed extra votes. Should they get what they want, which is a majority, I say watch out. I'm certainly happy that something is being done but I don't expect the fight to be over.
The article fails to say that you have to press the fingerprint identification every 108 minutes or else it will self-destruct.
both reveal some interesting things but may hide the essential."
If there is something I've learned from TV/movies is that Kazakhstan is the third largest exporter of Human "Pubiss". Step aside Wall Street, I know where my money will be invested next. Very Nice.