Vming doent help, install patches, have intrusion prevention and early detection, have a measurement and hardening practice, have an AV and firewall, dont run as Admin, or root, don't let your kids or admins install applications willy nilly, dont allow servers to browse the internet, dont play games on the same computer as your banking. But the best single piece of advice is to physically segregate your banking from all other activities and Keep all your off line files encrypted by password and key. Think PGP virtual disk, or true crypt volume, NOT full volume bit locker type encryption. Worth less crap for on line security.
But nothing and no security measure will surpass "You should have known better 20 20 hind sight attack."
Using a live CD? really? How secure is that CD, who made it, who if anyone vetted it? why do you trust it, may be it IS the attack, how would you know? Security is more about being informed and making yourself a hard target and measuring your security posture. Primarily by not doing stupid things you know are wrong, you will and can skip being seen by most of the attack surface which is looking for you.
Not true at all. All that is is cross site request forgery protection. Wont help you a single bit if the attacker substitutes his or her self as a payee and substitutes your remaining balance as the amount.
It Also would not help you if the transaction reponse page was a fake and the attacker collected a week's worth of your ITANS, how often does the average Germal banking customer call thier Bank? If the bank delivers electronic statments then, you will never see one showing fraud, and if they deliver physical monthly statments, an attacker can collect and use nearly 30 days of ITANS before you have a clue your screwed.
Have a nice day now knowing your just as screwable as an other Banking customer:)
I have no idea why this wasn't implemented from the start. It seems like one of the most basic of "security" measures.
Ya think? How about as a basic first security measure Google and Apple reach out to one of the following companies and commissioned work to add objective C and the Droid platform java and C++ validators to one or more of the code scanning platforms below. Companies are circa 2008
Ounce labs analyzer IBM app scan source analyzer Fortify 360 analyzer Vericode service KlocWork analyzer And thousands of companies that specialize in manual and automated source code reviews
And why they would allow adding arbitrary apps to thier respective app stores without having to present a certified scan from one of the above tools can only be attributed to some combination of apathy, stupidity, greed or just dammed effective marketing.
Just have to shrug and roll my eyes every time I see a proud iPhone or Droid user gloat in carnal innocent malware bliss.
Next thing your going to say admins regularly drop the enterprise pants down around the enterprise ankles and no one notices.
Lets get into an example. What if an eTailer hosted by DelusionWireless business builds out a Next Gen website. Lets say DelusionWireless admins open the un patched, non hardened site infrastructure to the net. How is the impact different between Natted IPV4 and IPv6, example scenarios.
For IPv4, Well for one thing another mistake involving port forwarding would have to be made, Port forwarding changes are from A defined external and usually static IP to a single Internal IP. The Admins would be beaten for the change without change control and left to heal no real risk as the only IP's forwarded were semi trusted people in the first place.
In the IPv6, example any random yahoo who happens on the virgin bent over infrastructure can breech every device, assuming the IPv6 addresses are sequential or discoverable from the first IP. The pending lawsuit's result in the Admins getting Fired then beaten and flogged.(or they cover it up and dodge a bullet)
Yea that's basically the difference for the Admin ankles scenario.
The much more likely scenario is an intruder already inside or insider changes the firewall config. Now in this case to have internal devices initiate shells to the hackers network is traditionally done by exploiting listening ports for running services. Mitigating controls include patch management. In the case of IPv4 natted example the enterprise wide attack can only happen from the inside, and requires clawing through each devices exploitable hole.
In the IPV6 example, the attacker will be well served in mapping the infrastructure first then dropping the firewall and attacking every device simultaneously from the internet.
This is really going to drastically reduce the time to complete cluster fucked from hours to minutes after the infrastructure is mapped and the attack primed.
Also going to reduce the attackers exposed fingerprint for 97% of the intended impact impact.
In English, this means once a breech is in progress, a companies only hope will be to air gap its self from the internet in less than 300 milliseconds or later be forced later to rebuild every device in the environment after about 5 minutes of the attack.
Huge and different impact potential.
the Now the intruder dropping the firewall from the inside based on compromising a machine
One has to wonder why Google exposed the issue they way they did. Question: Why doesn't some one just disassemble the code in question and reveal the alleged logic i.e. IF google then replicate search data. Now that would have legs.
Facts speak louder than speculation and correlation is not proof causation. All Goggle is done is show a correlation.
Sniffing all web traffic in a BHO is a trust boundary violation endemic in the design of the windows OS. Microsoft gadgets also run as regular un sand boxed programs, they also can / could be breaching this trust boundary. For that matter so do Google gadgets. So the real issue is sand boxing and the real diversion is why do the two biggest search providers deliver silence with respect to sand boxing. Answer is, they both benefit from it. Dont crap on the goose that lays the golden eggs syndrome, the user be dammed.
The Google accusation by implication (without factual evidence) is that Microsoft designed the Bing bar to sniff users search traffic. Any one check the bing bar eula? In the Microsoft world, without the EULA explicitly stating traffic would be monitored, a design like that would never pass an informed higher level MS internal review. Including the Ms ACE Team review. the SWI TRACK review, Privacy review or Ms legal
In my opinion, If it weren't in the public eye so much, I'd imagine the company which actually wrote the Bing bar code for Microsoft would be drawn and quartered but wont, due to being in possession of the normal highly detailed marketing design documents which one might suspect and might even show normally explicit detailed Microsoft design intent.
But the real reason is they both like playing and peeing in the same pool. Get a real sandbox design into the browser and around the browser and this is a non issue.
So all Google is really doing is pointing out a windows design flaw with no one asking if it could happen in Chrome OS.
snapshot taken when Comment count was at: 179 3 Comments Total Modded down: 1 comment that was Sarcastic Fox & Pro Apple, 2 Comments that were Anti Apple & Anti Fox 3 Comments Total Modded up: 1 comment that was Pro Apple Pro Fox, 2 comments Pro Apple Anti Fox.
2 hours and 4 comments later (@ 184 comments 12:30 EST), Moderators had worked a little more bias in.
The facts speak for themselves and are interesting. It seems, calling anyone evil is a no no unless you call out Apple in a positive light and calling any one evil or stupid is a no no unless you call out Fox in a negative light.
I think his point was, that due to actions by the "Man" approximately 6% of 1,342,100,000 Chinese might seek redress from local Chinese Blizzard/Activision support.
Using your number Nominal support being 2000 personal to address the average volume in the Wow Commiseration Chat rooms.
The game has 9 million "subscribers". Blizzard's Chinese partner, the9, stated on May 22nd that over 7.5 million of the 9 million total are Chinese accounts. Although it's likely that a couple million Chinese accounts regularly lapse.
So upwards of 83% 1660 of 2000 of customer service agents may receive a severe spike in support calls when their Chinese over lords start to clamp down.
This will effectively DOS all support.
So, like, how are they going to enforce a law that isn't accepted by the various online gaming companies EULA when they aren't based in china??
Well, according to the article, folks will be invited to register the family org chart presumably with IP address or router Mac address info. From this point its trivial to implement blocking to any unregistered IP to a known gaming host service provider.
The fact that the game host is not in China is not even a small tiny relevance in the blocking equation. Blocking does not happen at the application layer, so where the host is, is not relevant.
With the family now registered with the local authorities, the local authorities can make visits and mentor little Li and Mei to train in appropriate sanctioned activities, like hacking over long hours gold farming.
Ask Google if China violated thier EULA recently. I don't recall China asking permission before they routed 15% of back bone Internet routes to Chinese servers that were some how able to not get DDOS'ed and quite prepared in advance to suck up and not get hit by %70 - %80 of world wide data for an incredible 18 minutes.
China is a county which recently demonstrate its readiness and capability to take the fire-hose of world data what they likely need now is more command management and control its young hacker community to quickly exploit perishable data.
You can bet, the next time they make that pr similar configuration error, they will ready to exploit much much much more of the data.
So, like, how are they going to enforce a law that isn't accepted by the various online gaming companies EULA when they aren't based in china??
Seems like a fairly trivial task of eventually just blocking those who haven't yet voluntarily associated source IP's or border MAC addresses with the required family org chart overlords. FOCO's for short.
The in or out of country game service providers are just not an issue or a even a minor factor in the blocking equation.
I would also like to point out that this IS the logic and structures and processes needed to do what Egypt did but without blacking out the whole country, with this infrastructure in place it would take a keystroke or two just black out and track only the rabble rousers.
and they can ensure Johney is into whatever "they" consider appropriate. Like hacking the US instead of playing WoW for epic artifacts.
One also has to wonder if this will temper or be used as a data mining tool recruiting into the Chinese hacking community.
Think about how easy it will now be to contact Johney Chan's parents to grant scholarships into the fold now that they can map IP's to so easily.
Very subtle way to bring hacking under management.
By that logic, who needs change control, who needs antivirus, who needs configuration management, who needs segregation of duties, who needs to patch, who needs to do regular recurring scans, who needs to harden and threat model the environment?
Once an attacker has compromised a system is their are trivial ways of getting around all these depth in defense security controls.
I think you have the Chicken confused with the Egg.
Lost track of the cart before the horse?
Secure your servers with bubblegum?
Do you even measure to know if your systems are compromised? It seems as though the premise "Once an attacker has compromised a system is their are trivial ways of X" might be a bit short sighted.
media whores and pimps are nothing new to/. Reminded me of another time when the foot was up someone elses ass,
http://en.wikipedia.org/wiki/Slashdot
"Some controversy erupted on March 9, 2001 after an Anonymous Coward posted the full text of Scientology's "Operating Thetan Level Three" (OT III) document in a comment attached to a Slashdot article. The Church of Scientology demanded that Slashdot remove the document under the Digital Millennium Copyright Act. A week later, in a long article, Slashdot editors explained their decision to remove the page while providing links and information on how to get the document from other sources.[13] That article, posted on March 16, 2001, is still one of the ten most visited stories on the site, with just over 350,000 hits.[12]
The defensiveness by the moderators always seems to for force / couch position Assange in posts as the underdog ( and not as the Traitor Taliban supporter he is).
Lets try to understand that in 2001 the suppression was about religion and cash flow not about illegally obtained documents where callousness to redact names has a clear obvious measurement of death to those the named in the documents. This blistering laziness and slothfulness of course would be supported by most engineers (were all lazy bastards at heart right?) however in Asanges case HE puts at substantially higher risk the troops fighting against terror and Sharia Law http://en.wikipedia.org/wiki/Sharia_law
In case any one has doubt how unfriendly these people are to the press, freedom and the west consider
This is the normal operating procedure for thoes targeted by the FOA's Friends of Assange
3) Support of everything Islam http://www.foxnews.com/politics/2010/08/17/ground-zero-church-archdiocese-says-officials-forgot/
4) Despised New York Governor David Paterson puts his foot into it. The man who's party hates him draws another target on him regarding him being Anti Islamic http://www.msnbc.msn.com/id/38740806/ns/politics-more_politics/
The friend of my enemy is Assange. Asange could only be thought of as good friend to Islam Sharia terrorists and those who plan to turn a handsome profit from the coming war. Yes were at war now, but you aint seen nothing yet with the likes of Asange running free loose and supported by his army of media pimps.
We've seem to forgotten 911 and forgotten you can not come to a mediated peace with folks who think of you as nothing better than a dog to be stoned to death.
Folks who expressed no outrage at 911 and call us too thin skinned for wanting named redacted, or a mosque to go elsewhere, or not supporting the corruption and perversion of our government to debt and phobias delusional psychosis about bei
Clearly regulators, lobbyists, need to justify next years offshore porn budget.
I suspect the offshore porn satellites are high speed low drag with less bandwidth restrictions than local on shore ISP's.
Skip to the [back to serious] to mod this up. What is below is comment on the original poster. Supported by more than 600 independent organizations (including the INS, DEA, FBI, CIA, NSA) and sheltered from liberal political bias and privacy hysteria by being associated the context of a military spending bill in order to deliver on the promise that freedom is not free but requires eternal vigilance, the Real ID Act has received heavy praise from concerned citizens and state government agencies. Despite the fact that relatively pathetic and ineffective improvements to driver's license security have lagged behind the times for 20 years, the bill has been structured constitutional law experts in the Intelligence Reform and Terrorism Prevention departments of the federal government to guard individual rights while surpassing the protections and recommendations of the 9/11 Commission Report by passing a relatively cheap and at a personal level, noninvasive law.
I posted the above because I felt it wise to illustrate the mindless bias and lack of constructive though of the original poster. The original flame bait post was pure political spin without out regard to rational considerations of the opinions of other or any sort of attempt to elicit intelligent conversation.
I know a troll sir and you are one ugly green skinned regenerating long nosed smelly poster. What a flame bait/. article if I ever saw one.
[Back to serious,] Getting a license is required; every license will expire, the broken process we have now might as well be replaced with an effective and uniformly implemented one, so get ready to have your identity checked or head for the border of your illegal entrance. The financial sector is the fuel terrorists live by and on. Terrorists being propped up by illegal money transfers are 100% against this bill. In order to dry up terrorism / money laundering, we must dry out the funds of terrorists. Current non repudiation legal requirements in place make a valid ID with a reasonable level of surety a requirement.
Maybe the editors of the XML specification and the 10 years of work that happened prior to the patent application might take exception. The spec: http://www.w3.org/TR/REC-xml The Editors of the Spec Tim Bray, Textuality and Netscape Jean Paoli, Microsoft C. M. Sperberg-McQueen, W3C Eve Maler, Sun Microsystems, Inc. - Second Edition François Yergeau - Third Edition
I dont know the situations of th eother editors, I am thakfull for their work and contributions and for Mr. Bray recent comments regarding this blatent thenft attempt of IP. I'd like to see these folks comment other than Tim who already has.
-- Is IP theft via patent a crime? or just socially stupid?
Some day soon the internet and successors will be nothing more than a huge pile of steaming crap thanks to unrestrained stupidity outlined in TFA. Well soon enough, they will have their own DNS roots, we will have a fractured net. Two tier 1 providers down. The net is simply reflecting the dysfunctional family or morons who have come to 'believe' they run it. -- Bah. Let it all burn.
It is obvious you have not been in or seen the normal equipment and data cables Verizon offers in store as a free service for normal transfers of contact info from phone to phone. They do have a large collection of data cables and simply may have neglected the data cable for the win CE to non CE environment transfer process. To their credit they must have 60+ cables on site. I am not aware of any transfer program to do this, perhaps none exists. My point is that Verizon built up and rolled out the phone and according to how Verizon normally rolls out a phone, should have developed a comprehensive coverage similar to every other phone. This is a small quip. Verizon's normal phone transfer service can accomplish this from nearly another phone to any other phone for free. I give Verizon high marks for the transfer service they offer on non CE phones.
I own a V710, and Beside the FA's observation that lameware nerfed Bluetooth functionality, my main complaint is that people can not hear me when I use the device. The complaint was personally confirmed as a common grief experienced by V710 Verizon phone users. The solution which did not work was to reset the phone using the stencil. Glad I'll be able to get something for the piece of junk. I stopped using the phone about 6 months ago due the bad microphone sound quality. I would pick the 3rd option on the claim form. I hope they offer a phone of equivalent function and price/value. The first claim form option was for $25 which in no way near covers the $430 cost of the junk phone. Another complaint is that when I purchased a replacement, Verizon had no way of transferring Contact phone #'s to another phone. -- Avian flu dosen't kill people, people kill people.
Slashdot Mirror
Man in the middle no no, you mean buffer overflow, Like this critical exploit from from 2005? http://www.eweek.com/c/a/Security/VMWare-Virtual-Machine-Security-Flaw-Very-Serious/
Or the 300 exploits starting on this page ? http://www.securityfocus.com/cgi-bin/index.cgi?o=0&l=30&c=12&op=display_list&vendor=VMWare&version=&title=ESX%20Server&CVE=
Vming doent help, install patches, have intrusion prevention and early detection, have a measurement and hardening practice, have an AV and firewall, dont run as Admin, or root, don't let your kids or admins install applications willy nilly, dont allow servers to browse the internet, dont play games on the same computer as your banking.
But the best single piece of advice is to physically segregate your banking from all other activities and Keep all your off line files encrypted by password and key. Think PGP virtual disk, or true crypt volume, NOT full volume bit locker type encryption. Worth less crap for on line security.
But nothing and no security measure will surpass "You should have known better 20 20 hind sight attack."
Using a live CD? really? How secure is that CD, who made it, who if anyone vetted it? why do you trust it, may be it IS the attack, how would you know? Security is more about being informed and making yourself a hard target and measuring your security posture. Primarily by not doing stupid things you know are wrong, you will and can skip being seen by most of the attack surface which is looking for you.
Not true at all. All that is is cross site request forgery protection. Wont help you a single bit if the attacker substitutes his or her self as a payee and substitutes your remaining balance as the amount.
It Also would not help you if the transaction reponse page was a fake and the attacker collected a week's worth of your ITANS, how often does the average Germal banking customer call thier Bank? If the bank delivers electronic statments then, you will never see one showing fraud, and if they deliver physical monthly statments, an attacker can collect and use nearly 30 days of ITANS before you have a clue your screwed.
Have a nice day now knowing your just as screwable as an other Banking customer :)
You do realize Windows 7 smart phone do include power point. Right?
Thinking once a month, show up to provide mobile EMP service would jusst do the trick.
Well when you have to put the phone in a balloon and swallow to start the process it kinda doesn't matter whats in the balloon now does it.
I have no idea why this wasn't implemented from the start. It seems like one of the most basic of "security" measures.
Ya think?
How about as a basic first security measure Google and Apple reach out to one of the following companies and commissioned work to add objective C and the Droid platform java and C++ validators to one or more of the code scanning platforms below. Companies are circa 2008
Ounce labs analyzer
IBM app scan source analyzer
Fortify 360 analyzer
Vericode service
KlocWork analyzer
And thousands of companies that specialize in manual and automated source code reviews
And why they would allow adding arbitrary apps to thier respective app stores without having to present a certified scan from one of the above tools can only be attributed to some combination of apathy, stupidity, greed or just dammed effective marketing.
Just have to shrug and roll my eyes every time I see a proud iPhone or Droid user gloat in carnal innocent malware bliss.
Next thing your going to say admins regularly drop the enterprise pants down around the enterprise ankles and no one notices.
Lets get into an example.
What if an eTailer hosted by DelusionWireless business builds out a Next Gen website. Lets say DelusionWireless admins open the un patched, non hardened site infrastructure to the net. How is the impact different between Natted IPV4 and IPv6, example scenarios.
For IPv4, Well for one thing another mistake involving port forwarding would have to be made, Port forwarding changes are from A defined external and usually static IP to a single Internal IP. The Admins would be beaten for the change without change control and left to heal no real risk as the only IP's forwarded were semi trusted people in the first place.
In the IPv6, example any random yahoo who happens on the virgin bent over infrastructure can breech every device, assuming the IPv6 addresses are sequential or discoverable from the first IP. The pending lawsuit's result in the Admins getting Fired then beaten and flogged.(or they cover it up and dodge a bullet)
Yea that's basically the difference for the Admin ankles scenario.
The much more likely scenario is an intruder already inside or insider changes the firewall config.
Now in this case to have internal devices initiate shells to the hackers network is traditionally done by exploiting listening ports for running services. Mitigating controls include patch management.
In the case of IPv4 natted example the enterprise wide attack can only happen from the inside, and requires clawing through each devices exploitable hole.
In the IPV6 example, the attacker will be well served in mapping the infrastructure first then dropping the firewall and attacking every device simultaneously from the internet.
This is really going to drastically reduce the time to complete cluster fucked from hours to minutes after the infrastructure is mapped and the attack primed.
Also going to reduce the attackers exposed fingerprint for 97% of the intended impact impact.
In English, this means once a breech is in progress, a companies only hope will be to air gap its self from the internet in less than 300 milliseconds or later be forced later to rebuild every device in the environment after about 5 minutes of the attack.
Huge and different impact potential.
the Now the intruder dropping the firewall from the inside based on compromising a machine
Now that's irony. ROFL. Thanks I needed a laugh
it is the USERS data and NOT Google's
One has to wonder why Google exposed the issue they way they did. Question: Why doesn't some one just disassemble the code in question and reveal the alleged logic i.e. IF google then replicate search data. Now that would have legs.
Facts speak louder than speculation and correlation is not proof causation. All Goggle is done is show a correlation.
Sniffing all web traffic in a BHO is a trust boundary violation endemic in the design of the windows OS. Microsoft gadgets also run as regular un sand boxed programs, they also can / could be breaching this trust boundary. For that matter so do Google gadgets. So the real issue is sand boxing and the real diversion is why do the two biggest search providers deliver silence with respect to sand boxing. Answer is, they both benefit from it. Dont crap on the goose that lays the golden eggs syndrome, the user be dammed.
The Google accusation by implication (without factual evidence) is that Microsoft designed the Bing bar to sniff users search traffic. Any one check the bing bar eula? In the Microsoft world, without the EULA explicitly stating traffic would be monitored, a design like that would never pass an informed higher level MS internal review. Including the Ms ACE Team review. the SWI TRACK review, Privacy review or Ms legal
In my opinion, If it weren't in the public eye so much, I'd imagine the company which actually wrote the Bing bar code for Microsoft would be drawn and quartered but wont, due to being in possession of the normal highly detailed marketing design documents which one might suspect and might even show normally explicit detailed Microsoft design intent.
But the real reason is they both like playing and peeing in the same pool. Get a real sandbox design into the browser and around the browser and this is a non issue.
So all Google is really doing is pointing out a windows design flaw with no one asking if it could happen in Chrome OS.
Perfect Story for an Analysis of /. Moderator Bias
snapshot taken when Comment count was at: 179
3 Comments Total Modded down: 1 comment that was Sarcastic Fox & Pro Apple, 2 Comments that were Anti Apple & Anti Fox
3 Comments Total Modded up: 1 comment that was Pro Apple Pro Fox, 2 comments Pro Apple Anti Fox.
2 hours and 4 comments later (@ 184 comments 12:30 EST), Moderators had worked a little more bias in.
Modded down to zero for
Calling both Apple and Fox Evil http://apple.slashdot.org/comments.pl?sid=1977656&cid=35086178
Modded up to 5 for Calling both Apple and Fox Evil http://apple.slashdot.org/comments.pl?sid=1977656&cid=35083156
Criteria:
Score: 0, -1 logged in
Score: -1 Anonymous
Count of 5 with Score: 5
Any Score flamebait
Out of scope
Score 1 - 4 Logged in
Score 0 – 4 Anonymous
Measurement:
Pro Apple and Pro Fox
0 comments with - Score: 0, -1 logged in
0 comments with - Score: -1 Anonymous
1 comment with - Score: 5
http://apple.slashdot.org/comments.pl?sid=1977656&cid=35083372
Pro Apple and against Fox
0 comments with - Score: 0, -1 logged in
0 comments with - Score: -1 Anonymous
2 comments with - Score: 5
http://apple.slashdot.org/comments.pl?sid=1977656&cid=35083680
http://apple.slashdot.org/comments.pl?sid=1977656&cid=35083112
Flamebait - Pro Apple and Sarcastic ambiguous towards Fox
1 comment with - Score: 0, -1 logged in
http://apple.slashdot.org/comments.pl?sid=1977656&cid=35083468
Against Apple and Pro Fox
0 comments with - Score: 0, -1 logged in
0 comments with - Score: -1 Anonymous
0 comments with - Score: 5
Against Apple and against Fox
2 comments with - Score: 0, -1 logged in
http://apple.slashdot.org/comments.pl?sid=1977656&cid=35084546
http://apple.slashdot.org/comments.pl?sid=1977656&cid=35084990
The facts speak for themselves and are interesting. It seems, calling anyone evil is a no no unless you call out Apple in a positive light and calling any one evil or stupid is a no no unless you call out Fox in a negative light.
Doh Was planning to update the 6% with a real number before submitting and forgot.
What % is 7 million of 1,342,100,000.
Obviously a very small percentage.
Just forgot to do the % replace, my bad.
I think his point was, that due to actions by the "Man" approximately 6% of 1,342,100,000 Chinese might seek redress from local Chinese Blizzard/Activision support.
Using your number Nominal support being 2000 personal to address the average volume in the Wow Commiseration Chat rooms.
The game has 9 million "subscribers". Blizzard's Chinese partner, the9, stated on May 22nd that over 7.5 million of the 9 million total are Chinese accounts.
Although it's likely that a couple million Chinese accounts regularly lapse.
So upwards of 83% 1660 of 2000 of customer service agents may receive a severe spike in support calls when their Chinese over lords start to clamp down.
This will effectively DOS all support.
References
http://en.wikipedia.org/wiki/List_of_countries_by_population
http://en.wikipedia.org/wiki/World_of_Warcraft
http://askville.amazon.com/Americans-play-World-Warcraft-daily-basis/AnswerViewer.do?requestId=19244488
Thank god bearded Dwarf women and sheep are out of scope.
So, like, how are they going to enforce a law that isn't accepted by the various online gaming companies EULA when they aren't based in china??
Well, according to the article, folks will be invited to register the family org chart presumably with IP address or router Mac address info. From this point its trivial to implement blocking to any unregistered IP to a known gaming host service provider.
The fact that the game host is not in China is not even a small tiny relevance in the blocking equation. Blocking does not happen at the application layer, so where the host is, is not relevant.
With the family now registered with the local authorities, the local authorities can make visits and mentor little Li and Mei to train in appropriate sanctioned activities, like hacking over long hours gold farming.
Ask Google if China violated thier EULA recently. I don't recall China asking permission before they routed 15% of back bone Internet routes to Chinese servers that were some how able to not get DDOS'ed and quite prepared in advance to suck up and not get hit by %70 - %80 of world wide data for an incredible 18 minutes. China is a county which recently demonstrate its readiness and capability to take the fire-hose of world data what they likely need now is more command management and control its young hacker community to quickly exploit perishable data.
You can bet, the next time they make that pr similar configuration error, they will ready to exploit much much much more of the data.
So, like, how are they going to enforce a law that isn't accepted by the various online gaming companies EULA when they aren't based in china??
Seems like a fairly trivial task of eventually just blocking those who haven't yet voluntarily associated source IP's or border MAC addresses with the required family org chart overlords. FOCO's for short.
The in or out of country game service providers are just not an issue or a even a minor factor in the blocking equation.
I would also like to point out that this IS the logic and structures and processes needed to do what Egypt did but without blacking out the whole country, with this infrastructure in place it would take a keystroke or two just black out and track only the rabble rousers.
and they can ensure Johney is into whatever "they" consider appropriate. Like hacking the US instead of playing WoW for epic artifacts.
This has to be a double wammy for WoW.
One also has to wonder if this will temper or be used as a data mining tool recruiting into the Chinese hacking community.
Think about how easy it will now be to contact Johney Chan's parents to grant scholarships into the fold now that they can map IP's to so easily.
Very subtle way to bring hacking under management.
By that logic, who needs change control, who needs antivirus, who needs configuration management, who needs segregation of duties, who needs to patch, who needs to do regular recurring scans, who needs to harden and threat model the environment?
Once an attacker has compromised a system is their are trivial ways of getting around all these depth in defense security controls.
I think you have the Chicken confused with the Egg.
Lost track of the cart before the horse?
Secure your servers with bubblegum?
Do you even measure to know if your systems are compromised? It seems as though the premise "Once an attacker has compromised a system is their are trivial ways of X" might be a bit short sighted.
"Some controversy erupted on March 9, 2001 after an Anonymous Coward posted the full text of Scientology's "Operating Thetan Level Three" (OT III) document in a comment attached to a Slashdot article. The Church of Scientology demanded that Slashdot remove the document under the Digital Millennium Copyright Act. A week later, in a long article, Slashdot editors explained their decision to remove the page while providing links and information on how to get the document from other sources.[13] That article, posted on March 16, 2001, is still one of the ten most visited stories on the site, with just over 350,000 hits.[12]
The defensiveness by the moderators always seems to for force / couch position Assange in posts as the underdog ( and not as the Traitor Taliban supporter he is).
Lets try to understand that in 2001 the suppression was about religion and cash flow not about illegally obtained documents where callousness to redact names has a clear obvious measurement of death to those the named in the documents. This blistering laziness and slothfulness of course would be supported by most engineers (were all lazy bastards at heart right?) however in Asanges case HE puts at substantially higher risk the troops fighting against terror and Sharia Law http://en.wikipedia.org/wiki/Sharia_law In case any one has doubt how unfriendly these people are to the press, freedom and the west consider
1) News of today's Taliban Sharia Murder objective http://www.foxnews.com/world/2010/08/17/killed-attack-iraqi-army/?test=latestnews
2) The 275,000 mostly relevant hits on Google for "sharia+stoning" http://www.google.com/search?q=sharia+stoning&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Woman In the death stoning queue for tomorrow http://scj.msnbc.com/id/38146472/ns/38149201
Couple confirmed stoned to death on 8/16 http://www.foxnews.com/world/2010/08/16/taliban-stone-couple-adultery-afghanistan/
This is the normal operating procedure for thoes targeted by the FOA's Friends of Assange
3) Support of everything Islam http://www.foxnews.com/politics/2010/08/17/ground-zero-church-archdiocese-says-officials-forgot/
4) Despised New York Governor David Paterson puts his foot into it. The man who's party hates him draws another target on him regarding him being Anti Islamic http://www.msnbc.msn.com/id/38740806/ns/politics-more_politics/
The friend of my enemy is Assange. Asange could only be thought of as good friend to Islam Sharia terrorists and those who plan to turn a handsome profit from the coming war. Yes were at war now, but you aint seen nothing yet with the likes of Asange running free loose and supported by his army of media pimps.
We've seem to forgotten 911 and forgotten you can not come to a mediated peace with folks who think of you as nothing better than a dog to be stoned to death. Folks who expressed no outrage at 911 and call us too thin skinned for wanting named redacted, or a mosque to go elsewhere, or not supporting the corruption and perversion of our government to debt and phobias delusional psychosis about bei
Good to see Bill focus. Three cheers for a remarkable career and his personal culling of the chaos in his life related to Microsoft.
Clearly regulators, lobbyists, need to justify next years offshore porn budget. I suspect the offshore porn satellites are high speed low drag with less bandwidth restrictions than local on shore ISP's.
Skip to the [back to serious] to mod this up. What is below is comment on the original poster.
/. article if I ever saw one.
Supported by more than 600 independent organizations (including the INS, DEA, FBI, CIA, NSA) and sheltered from liberal political bias and privacy hysteria by being associated the context of a military spending bill in order to deliver on the promise that freedom is not free but requires eternal vigilance, the Real ID Act has received heavy praise from concerned citizens and state government agencies. Despite the fact that relatively pathetic and ineffective improvements to driver's license security have lagged behind the times for 20 years, the bill has been structured constitutional law experts in the Intelligence Reform and Terrorism Prevention departments of the federal government to guard individual rights while surpassing the protections and recommendations of the 9/11 Commission Report by passing a relatively cheap and at a personal level, noninvasive law.
I posted the above because I felt it wise to illustrate the mindless bias and lack of constructive though of the original poster. The original flame bait post was pure political spin without out regard to rational considerations of the opinions of other or any sort of attempt to elicit intelligent conversation.
I know a troll sir and you are one ugly green skinned regenerating long nosed smelly poster. What a flame bait
[Back to serious,]
Getting a license is required; every license will expire, the broken process we have now might as well be replaced with an effective and uniformly implemented one, so get ready to have your identity checked or head for the border of your illegal entrance.
The financial sector is the fuel terrorists live by and on. Terrorists being propped up by illegal money transfers are 100% against this bill.
In order to dry up terrorism / money laundering, we must dry out the funds of terrorists. Current non repudiation legal requirements in place make a valid ID with a reasonable level of surety a requirement.
Maybe the editors of the XML specification and the 10 years of work that happened prior to the patent application might take exception.
The spec: http://www.w3.org/TR/REC-xml
The Editors of the Spec
Tim Bray, Textuality and Netscape
Jean Paoli, Microsoft
C. M. Sperberg-McQueen, W3C
Eve Maler, Sun Microsystems, Inc. - Second Edition
François Yergeau - Third Edition
I dont know the situations of th eother editors, I am thakfull for their work and contributions and for Mr. Bray recent comments regarding this blatent thenft attempt of IP.
I'd like to see these folks comment other than Tim who already has.
--
Is IP theft via patent a crime? or just socially stupid?
Some day soon the internet and successors will be nothing more than a huge pile of steaming crap thanks to unrestrained stupidity outlined in TFA.
Well soon enough, they will have their own DNS roots, we will have a fractured net. Two tier 1 providers down.
The net is simply reflecting the dysfunctional family or morons who have come to 'believe' they run it.
--
Bah. Let it all burn.
It is obvious you have not been in or seen the normal equipment and data cables Verizon offers in store as a free service for normal transfers of contact info from phone to phone.
They do have a large collection of data cables and simply may have neglected the data cable for the win CE to non CE environment transfer process.
To their credit they must have 60+ cables on site.
I am not aware of any transfer program to do this, perhaps none exists.
My point is that Verizon built up and rolled out the phone and according to how Verizon normally rolls out a phone, should have developed a comprehensive coverage similar to every other phone. This is a small quip.
Verizon's normal phone transfer service can accomplish this from nearly another phone to any other phone for free.
I give Verizon high marks for the transfer service they offer on non CE phones.
I own a V710, and Beside the FA's observation that lameware nerfed Bluetooth functionality, my main complaint is that people can not hear me when I use the device.
The complaint was personally confirmed as a common grief experienced by V710 Verizon phone users.
The solution which did not work was to reset the phone using the stencil.
Glad I'll be able to get something for the piece of junk.
I stopped using the phone about 6 months ago due the bad microphone sound quality.
I would pick the 3rd option on the claim form. I hope they offer a phone of equivalent function and price/value.
The first claim form option was for $25 which in no way near covers the $430 cost of the junk phone.
Another complaint is that when I purchased a replacement, Verizon had no way of transferring Contact phone #'s to another phone.
--
Avian flu dosen't kill people, people kill people.