I expect professional spies to _not_ get caught or detected when doing such things. Breaking in is something amateurs can do today, but doing it without leaving evidence is something else.
I have not missed that. The SSDs still work though, I have at least one 840. My claim what just that they seem to be significantly better than the competition, not that they are perfect.
The main problem is that the average user has no idea what can be done with this data. Even CS students are often surprised when you explain some of the implications.
Quite a few small towns in Germany are doing this or have already done this, often with the citizen laying fiber themselves for a substantial reduction in cost. You basically need a (usually small) IT service provider that understands the technology and provides support during establishment and later operations, but other than that it is not really difficult. You just need the people on board. After years of really bad or no Internet, they usually are as soon as they see this will work.
Well, I originally bought OCZ. Today _all_ of 5 OCZ drives I got are stone-dead. After that I moved to Samsung, mostly "Pro". They are all still working fine and some are older now than the first OCZ when it died. So yes, it makes a difference. Incidentally, Samsung had excellent reliability in their spinning drives as well. It seems they just care more about quality and reputation.
That said, I find it sad that you cannot get "high reliability" SSDs where you basically can forget about the risk of them dying. I am talking reliability levels like a typical CPU here. It seems the market for that is just not there.
Indeed. What needs to happen in cases of negligence like this that could not really get any more gross (considering what was to be protected) is that the CEO and the CISO go to prison for a few years. In addition, anybody that has their data stolen should, say, get $500 just by asking for it and the full damage including legal costs if they did suffer more.
Before we have serious consequence for such extreme screw-ups, nothing is going to change.
There are good security researchers out there. These just only rarely get the spotlight because the morons (like the ones here) make everything sound sensational and the press just loves that. The story does not seem to have any content beyond "there are trojaned OpenSSH versions around". Nobody with an actual clue about security cares as that is not a surprise at all.
And that is just it. Linux allows people to shoot themselves in the foot as much as they like. It even makes it easy. But unless you actually do it, you are pretty secure. And in addition, sometimes insecure configurations can have a legitimate purpose, hence they are allowed.
It is malware for the role of "backdoor". As such it does not server to do an initial system compromise, but serves to maintain system access after that. As it does really not have legitimate purposes besides that, it is "malware".
No. Unlike OSes designed for morons like you, Linux does allow you to misconfigure everything as much as you like, because it assumes the system administrator actually knows his/her job.
Bullshit. Digital signatures have no relation to normal signatures with regards to how difficult they are to fake. If done right, digital signatures are completely impossible to forge at this time. If done wrong (e.g. using MD5 or SHA1 as hash), they are still exceedingly hard to forge and only under special circumstances.
That would work. The classical approach to that is "tripwire". Also, just making sure your server is patched and you have good passwords does not let this malware in in the first place. From the article: "Unless Linux owners go out of their way to misconfigure their servers, for convenience's sake, they should be safe from most of these attacks."
Prioritization is critical in any real-world project. You never have the resources or time to make it perfect. You always have some parts that need to be as close to perfect as possible and others that do not. And you have do deal competently with having a shifting situation priority-wise.
Prioritization is something that requires to many guestimates that it can only be learned by experience. Hence I submit that the straight-A people lose their edge and may even be falling behind when experience accumulates and becomes more and more important. Don't get me wrong. I was in the top 2.5% of my CS (MS) graduation year at university. It does say something. But straight-A was impossible in that CS course and it was a very good thing that it was. It did force you to prioritize and learn what comes with it early on. Programs that allow straight-A results are misdesigned and harmful.
Slashdot Mirror
I fear you are right, because nobody will improve their security as a result of this.
I expect professional spies to _not_ get caught or detected when doing such things. Breaking in is something amateurs can do today, but doing it without leaving evidence is something else.
Ah, right! This was on some of the slide-sets leaked from the NSA.
I have not missed that. The SSDs still work though, I have at least one 840. My claim what just that they seem to be significantly better than the competition, not that they are perfect.
Thanks, that is way beyond the data I have!
They have no accountability, they do not get punished whatever misdeeds they do, they have wayyyy too much power. Of course they would do this.
"The best thing is, the targets buy the surveillance devices themselves!" Done remember who said it, but I think it was somebody from the NSA.
He is just regurgitating what the Google PsyOps, aeh, I mean "Marketing", team cooked up.
The main problem is that the average user has no idea what can be done with this data. Even CS students are often surprised when you explain some of the implications.
Quite a few small towns in Germany are doing this or have already done this, often with the citizen laying fiber themselves for a substantial reduction in cost. You basically need a (usually small) IT service provider that understands the technology and provides support during establishment and later operations, but other than that it is not really difficult. You just need the people on board. After years of really bad or no Internet, they usually are as soon as they see this will work.
Well, I originally bought OCZ. Today _all_ of 5 OCZ drives I got are stone-dead. After that I moved to Samsung, mostly "Pro". They are all still working fine and some are older now than the first OCZ when it died. So yes, it makes a difference. Incidentally, Samsung had excellent reliability in their spinning drives as well. It seems they just care more about quality and reputation.
That said, I find it sad that you cannot get "high reliability" SSDs where you basically can forget about the risk of them dying. I am talking reliability levels like a typical CPU here. It seems the market for that is just not there.
Seriously, you do not. You may know the end-result sometimes (head-crash), but the root-cause is usually not clear.
So get over it. It is a new black-box replacing an older black-box.
Go away impostor. You are not APK and you are pathetic.
Indeed. What needs to happen in cases of negligence like this that could not really get any more gross (considering what was to be protected) is that the CEO and the CISO go to prison for a few years. In addition, anybody that has their data stolen should, say, get $500 just by asking for it and the full damage including legal costs if they did suffer more.
Before we have serious consequence for such extreme screw-ups, nothing is going to change.
Ahem, OpenSSH is an OpenBSD project?
There are good security researchers out there. These just only rarely get the spotlight because the morons (like the ones here) make everything sound sensational and the press just loves that. The story does not seem to have any content beyond "there are trojaned OpenSSH versions around". Nobody with an actual clue about security cares as that is not a surprise at all.
And that is just it. Linux allows people to shoot themselves in the foot as much as they like. It even makes it easy. But unless you actually do it, you are pretty secure. And in addition, sometimes insecure configurations can have a legitimate purpose, hence they are allowed.
It is malware for the role of "backdoor". As such it does not server to do an initial system compromise, but serves to maintain system access after that. As it does really not have legitimate purposes besides that, it is "malware".
No. Unlike OSes designed for morons like you, Linux does allow you to misconfigure everything as much as you like, because it assumes the system administrator actually knows his/her job.
Bullshit. Digital signatures have no relation to normal signatures with regards to how difficult they are to fake. If done right, digital signatures are completely impossible to forge at this time. If done wrong (e.g. using MD5 or SHA1 as hash), they are still exceedingly hard to forge and only under special circumstances.
That would work. The classical approach to that is "tripwire". Also, just making sure your server is patched and you have good passwords does not let this malware in in the first place. From the article: "Unless Linux owners go out of their way to misconfigure their servers, for convenience's sake, they should be safe from most of these attacks."
Prioritization is critical in any real-world project. You never have the resources or time to make it perfect. You always have some parts that need to be as close to perfect as possible and others that do not. And you have do deal competently with having a shifting situation priority-wise.
Prioritization is something that requires to many guestimates that it can only be learned by experience. Hence I submit that the straight-A people lose their edge and may even be falling behind when experience accumulates and becomes more and more important. Don't get me wrong. I was in the top 2.5% of my CS (MS) graduation year at university. It does say something. But straight-A was impossible in that CS course and it was a very good thing that it was. It did force you to prioritize and learn what comes with it early on. Programs that allow straight-A results are misdesigned and harmful.
It is stressful and something you do not do of your own free will. No surprise it is generally not healthy.
They did not win yet. The holy grail is forbidding any non-backdoored encryption.
Nothing new. The fascists just have now put into law what they already have been doing for a long time.