Do you think that the Bush administration somehow controls the FBI and tells them that they can't prosecute a company for this?
Well, yes, I do. Both directly, in that the FBI reports to the Department of Justice, which is part of the executive branch, which reports to the president, and indirectly, in that the FBI's resources are currently targeted to the Meaningless War On Terror, which has dramatically reduced resources available for investigating actual Real Crimes Against Americans (tm).
I'd love to think that Media Sentry is going to get spanked and that the FBI is going to be the paddle, but I think it's unlikely.
I doubt that legal action will stand up, unless it's for negligence, in which case it will just be a civil action. From the information presented above, this sounds like a bug, rather than an intentional act.
What -is- probably illegal is Media Defender's intentional vandalization of R3's servers. The original faking planting of seeds was intentional, done through exploiting a flaw in R3's systems, and could easily be expalined as intending to harm R3. That ought to be chargable.
Yeah, but the US has higher rates of death by people killed by knives than most other countries. We have higher rates of assault (often with cars) than other countries. We are unfortunately, a pretty violent country, with or without guns.
If you look at the situation holistically, it's not clear that guns are a primary cause of the violence. Gun ownership rates are highest in the rural areas, while gun violence rates are highest in the urban areas. This book, has some very interesting, and fairly rigorous statistical analysis.
Many students of the situation note that the gun violence didn't rise in the US, until the war on drugs ramped up. A large amount of gun violence is directly related to drug commerce.
But you have to admit, using flash frees up a hand. The loss of, as you put it, a sense of accomplishment is perhaps made up for by the increased possibilities.
While that's a pain in the ass, it's a different thing. What you are referring to is probably the servicing of your mortgage, which is the business process of collecting your payment and reducing your balance. The actual owners of the mortgage may well be a completely separate group.
The servicing business, and the pain in the ass to the consumers that it causes, is not tightly related to the recent problems, which are around the creation of the loan in the beginning, when the house is purchased. The servicing business is just data processing, and is a bloodily competitive business, which is good for the consumer. Unfortunately, you and I aren't the consumer, the holders of the mortgage are.
I agree, I wouldn't send anything out over unencrypted wireless, but I'm still skeptical on the rabid concern on over the internet transmission. In the subjects you cite, none of them were sniffing packets on the public net. The wall of shame is just people setting up unencrypted wireless points, and Hannaford's problem was that somebody had smurfed the point of sale servers or terminals. FTA:
Hannaford disclosed in mid-March that unknown intruders had planted malicious software on the point-of-sale systems at some 294 stores. That malware let the attackers capture card numbers and expiration dates as the data was en route from the point-of-sale terminals to authorize transactions from shoppers.
But I suspect that we violently agree that the usual, easy, points of attack are in the endpoints. I guess I'd include the local wireless link in that grouping.
I see companies going to ridiculous lengths on endless policies and procedures, while tripping over themselves on obvious execution. I work with banks and other financial institutions. I came across an SFTP server recently that was configured so that every user could cd up out of their directory and see other users' directories. They couldn't navigate into those directories, so, everything is safe, right? Well, the user I was working with, it turned out, had the password for his account sent to the same value as the username. This was assigned by the central user administration team, in a fortune 500 company. I did a quick test, and, sho' nuff, other users had the password the same as the username as well. (note: we got them to fix that, pronto) In the same company, their double secret access control system has a max password length of 8 characters, [A-Z0-9]. That's right, no lower case. This is used to control access to PCI systems. They have a max failed attempt lockout policy, but it wasn't turned on on the system we were working on.
I like Bruce Schneier's thinking on this: a few measures, well implemented, are superior to an endless array of measures that are sloppily managed.
If it were me, I wouldn't even be worried about FTP for a one time transfer. When was the last time , or the first time, you heard of someone sniffing sensitive data in mid transmission? The vast majority of compromise issues are due to compromise of files on a machine somewhere. You should be concerned about the work environment of the consultant, and procedures there, far more than how you get data to the consultant. Ad hoc work environments are usually far more lax in their controls than a production environment. HR departments are (in my experience) far less knowledgeable about how to protect data than IT types. This is where your risk lies.
We use an SFTP server for transmission of financial data, and I don't lose a bit of sleep over it. You are at much higher risk for either your HR department or the consultant doing something stupid with the source or result files on their network. Your need is just to make sure that it doesn't happen on your watch.
I would be more concerned about making sure that the HR folks and the consultant cleaned up their work files afterword.
Which is the fundamental issue here. The ratings, or rather, the underlying risk models depended on some assumptions about the data, that past trends will continue. In a bubble situation, which I think is how history will view the real estate situation, the trends are not reliable indicators. It's a black swan problem .
I'm no MBA but I would imagine that the rating of any composite security should be the lowest rating of the most risky component.
Nor are you a statistician (which I'm not either, BTW, but I slept in a Holiday Inn Express last night...). Not dissing you, BTW.
The risk of a portfolio is dependent on the individual components' correlation with each other, as well as their individual risk. You can make a fairly safe portfolio out of relatively risky investments, IF the individual investments are not correlated in their behavior. If you have stocks and bonds in your portfolio, for example, this reduces portfolio risk because prices of stocks and bonds tend to not track each other tightly. Something that trashes the stock market overall may not impact the bond market as much, thus the variability in the overall portfolio is reduced.
This assumption of lack of correlation is what is causing the house of cards to tumble. Risk packagers assumed that there would be no fundamental common fall to the subprime housing market, and priced risk accordingly, which caused interest rates to be too low for the associated risk, which caused over-purchase of the loans. Everyone could have been completely honest, and we would still have this problem.
From my limited understanding of the problem, there are several fun things going on in this situation, any one of which are troublesome:
1) the real estate bubble as a whole, where we lost sight of what a piece of property can really be worth. Regardless of how pretty the house is, the price has to be something that can be paid for out of the income stream of the owner. This was enabled by
2) the mispricing of loans by the industry, in part due the flawed risk assessment, and in part by the complete breakdown of law and morality in the mortgage brokering business, well described elsewhere. These two factors made it cheaper for marginal borrowers to get into property that they couldn't afford, and in that deal (this is subtle) the ultimate lendors endangered themselves because they made loans at an interest rate which did not properly compensate them for the risk they took on. This was enabled by
3) the growth of the securitization of the mortgages into portfolio securities. This was and is I think a good idea, as it allows flow of capital into housing loans from sources that wouldn't otherwise easily be able to supply it. However, apparently the risk modeling that was used to price these was flawed, well before the aforementioned bug surfaced. That meant that these loans were mispriced, as I mentioned before. Since the price was too low, people overpurchased the product. Several somebodies, somewhere, didn't factor in the risk of the bubble in the prices mentioned in one, and what a price collapse would do. That fundamental risk, and the resultant mispricing of the loans is what is bringing the house of cards down. That risk makes this bug trivial in comparison. IMCLTHO
And you should be aware that she previously admitted it, in public, to the media. Other participants have corroborated the story. There is no reasonable doubt, in my mind, that she did the harassment.
That is an interesting question. High school bullies engage in behavior that, if they were adults, would be chargeable as assault and battery, harrassment, and stalking. Yet in high school they get a free pass. In my own experience, it contributed to years of fear and depression, and I certainly feel it -should- be criminal. It was chosen behavior, intended to cause harm, that did cause harm, as it's primary aim. I think that's a useful contrast to the example you offer of someone two-timing their boyfriend.
I don't know what the answer is, but it's an important question.
So you are applauding that a young girl (in this case the daughter of the woman in question) be forced from school (and quite possibly due to the financial problems her family suffers be denied a chance to attend college if she's apt), ostracized by her entire community, and very likely suffer profound emotional damage.
The young girl in this case was a willing participant to the fraud and abuse. She's certainly a victim of the mother as well, as a competent parent would have prevented the whole situation, but the daughter's hands are not clean in this matter.
You're correct on this. She and her family have been generally shunned by their community as a result of this. I think that sucks for the family, but I also think it's exactly the right punishment for the crime. Rather than dragging this into the courts, the local community has demonstrated that this is unacceptable behavior. This reinforces the mores of the community that purposefully tormenting a teenager is wrong, even if there isn't a law against it.
I feel sorry for the family members, and hope they disown this evil bitch and leave her to rot in the mess she created for herself.
If rumor got out that the NSA had active plans for this, we'd all put our armchair hacker hats on and be posting ways to make it better.
If you were the NSA, and you wanted to do something like this, wouldn't you want it to be labeled an Air Force program, so that people wouldn't treat it seriously?
Because most of those come out of a relatively few access points into the internet, which could be masked for. Part of the power of a botnet is the diverse sourcing.
I tell them that working in software is kind of like what George Bush, Sr, once said about the Vice Presidency: "It pays well, it's indoor work, and there is no heavy lifting."
Yeah, you're right on that. I don't think much of those, either. On the one about all those folks up on Mount Olympus, or the turtle with the world on his back, or...
Because they revealed that he was divinely instructed needed to nail everything with tits in his little group, of course. Can't have that kind of information visible to just everyone, you know.
Why, you've outed me. Did you bother to check out the reference? I didn't think so. Might challenge your cloistered world view.
Your touchiness on the subject is, however, interesting. There are abundant independent newspaper accounts and court records of the LDS clan's trevails in the early days, and of Joseph Smith's run-ins with the law. He was a conman and a thief, who became a prophet when he figured out that the pay was better, and he could get laid more often.
When a known con man comes up with a tale of the likes of an angel named Moroni (couldn't he have picked a better name?) and set of golden tablets in a mystical language, that only the conman can read (after some divine inspiration, of course) that simply boggles the mind and is contradicted by every shred of archealogical evidence known to man, intelligent folks look elsewhere for guidance. I don't wish to mock anyone's beliefs, but the Book of Morman requires some pretty strong dope to take seriously. I wish you guys would share.
Joseph Smith's background is pretty well documented. See this for a good writeup. He was a con man and a thief, who (one can reasonably conjecture from the documented history) came up with a polygamist philosophy because he was also one randy goat.
Sorry, that's not true. Consider the case where you sue for unpaid wages. You don't have a 'loss' before the judgement, you have an absence of income. Once you recover the income through your judgement, it's income like anything else.
In the case of suing for damage to your automobile in an accident, the amount of the recovery that is attributable to repair/replacement costs is not income, but damages for lost income would be. The first piece is compensation for a damage, the second is compensation for foregone income. Once you are compensated for foregone income, it's taxable.
There are complicated rules about this. In the case of the MAFIIA, they probably get to net our their attorney and court costs, and likely are able to end up with a net loss out of it. But the recoveries I am quite sure are revenue and taxable when collected.
Slashdot Mirror
Nice work. Thanks for taking the effort.
Do you think that the Bush administration somehow controls the FBI and tells them that they can't prosecute a company for this?
Well, yes, I do. Both directly, in that the FBI reports to the Department of Justice, which is part of the executive branch, which reports to the president, and indirectly, in that the FBI's resources are currently targeted to the Meaningless War On Terror, which has dramatically reduced resources available for investigating actual Real Crimes Against Americans (tm).
I'd love to think that Media Sentry is going to get spanked and that the FBI is going to be the paddle, but I think it's unlikely.
I doubt that legal action will stand up, unless it's for negligence, in which case it will just be a civil action. From the information presented above, this sounds like a bug, rather than an intentional act.
What -is- probably illegal is Media Defender's intentional vandalization of R3's servers. The original faking planting of seeds was intentional, done through exploiting a flaw in R3's systems, and could easily be expalined as intending to harm R3. That ought to be chargable.
Tell that to the folks over at Google. I hear they run a few lines of Python.
Yeah, but the US has higher rates of death by people killed by knives than most other countries. We have higher rates of assault (often with cars) than other countries. We are unfortunately, a pretty violent country, with or without guns.
If you look at the situation holistically, it's not clear that guns are a primary cause of the violence. Gun ownership rates are highest in the rural areas, while gun violence rates are highest in the urban areas. This book, has some very interesting, and fairly rigorous statistical analysis.
Many students of the situation note that the gun violence didn't rise in the US, until the war on drugs ramped up. A large amount of gun violence is directly related to drug commerce.
But you have to admit, using flash frees up a hand. The loss of, as you put it, a sense of accomplishment is perhaps made up for by the increased possibilities.
While that's a pain in the ass, it's a different thing. What you are referring to is probably the servicing of your mortgage, which is the business process of collecting your payment and reducing your balance. The actual owners of the mortgage may well be a completely separate group.
The servicing business, and the pain in the ass to the consumers that it causes, is not tightly related to the recent problems, which are around the creation of the loan in the beginning, when the house is purchased. The servicing business is just data processing, and is a bloodily competitive business, which is good for the consumer. Unfortunately, you and I aren't the consumer, the holders of the mortgage are.
I agree, I wouldn't send anything out over unencrypted wireless, but I'm still skeptical on the rabid concern on over the internet transmission. In the subjects you cite, none of them were sniffing packets on the public net. The wall of shame is just people setting up unencrypted wireless points, and Hannaford's problem was that somebody had smurfed the point of sale servers or terminals. FTA:
Hannaford disclosed in mid-March that unknown intruders had planted malicious software on the point-of-sale systems at some 294 stores. That malware let the attackers capture card numbers and expiration dates as the data was en route from the point-of-sale terminals to authorize transactions from shoppers.
But I suspect that we violently agree that the usual, easy, points of attack are in the endpoints. I guess I'd include the local wireless link in that grouping.
I see companies going to ridiculous lengths on endless policies and procedures, while tripping over themselves on obvious execution. I work with banks and other financial institutions. I came across an SFTP server recently that was configured so that every user could cd up out of their directory and see other users' directories. They couldn't navigate into those directories, so, everything is safe, right? Well, the user I was working with, it turned out, had the password for his account sent to the same value as the username. This was assigned by the central user administration team, in a fortune 500 company. I did a quick test, and, sho' nuff, other users had the password the same as the username as well. (note: we got them to fix that, pronto) In the same company, their double secret access control system has a max password length of 8 characters, [A-Z0-9]. That's right, no lower case. This is used to control access to PCI systems. They have a max failed attempt lockout policy, but it wasn't turned on on the system we were working on.
I like Bruce Schneier's thinking on this: a few measures, well implemented, are superior to an endless array of measures that are sloppily managed.
If it were me, I wouldn't even be worried about FTP for a one time transfer. When was the last time , or the first time, you heard of someone sniffing sensitive data in mid transmission? The vast majority of compromise issues are due to compromise of files on a machine somewhere. You should be concerned about the work environment of the consultant, and procedures there, far more than how you get data to the consultant. Ad hoc work environments are usually far more lax in their controls than a production environment. HR departments are (in my experience) far less knowledgeable about how to protect data than IT types. This is where your risk lies.
We use an SFTP server for transmission of financial data, and I don't lose a bit of sleep over it. You are at much higher risk for either your HR department or the consultant doing something stupid with the source or result files on their network. Your need is just to make sure that it doesn't happen on your watch.
I would be more concerned about making sure that the HR folks and the consultant cleaned up their work files afterword.
and the hard data supported the ratings.
Which is the fundamental issue here. The ratings, or rather, the underlying risk models depended on some assumptions about the data, that past trends will continue. In a bubble situation, which I think is how history will view the real estate situation, the trends are not reliable indicators. It's a black swan problem .
I'm no MBA but I would imagine that the rating of any composite
security should be the lowest rating of the most risky component.
Nor are you a statistician (which I'm not either, BTW, but I slept in a Holiday Inn Express last night...). Not dissing you, BTW.
The risk of a portfolio is dependent on the individual components' correlation with each other, as well as their individual risk. You can make a fairly safe portfolio out of relatively risky investments, IF the individual investments are not correlated in their behavior. If you have stocks and bonds in your portfolio, for example, this reduces portfolio risk because prices of stocks and bonds tend to not track each other tightly. Something that trashes the stock market overall may not impact the bond market as much, thus the variability in the overall portfolio is reduced.
This assumption of lack of correlation is what is causing the house of cards to tumble. Risk packagers assumed that there would be no fundamental common fall to the subprime housing market, and priced risk accordingly, which caused interest rates to be too low for the associated risk, which caused over-purchase of the loans. Everyone could have been completely honest, and we would still have this problem.
From my limited understanding of the problem, there are several fun things going on in this situation, any one of which are troublesome:
1) the real estate bubble as a whole, where we lost sight of what a piece of property can really be worth. Regardless of how pretty the house is, the price has to be something that can be paid for out of the income stream of the owner. This was enabled by
2) the mispricing of loans by the industry, in part due the flawed risk assessment, and in part by the complete breakdown of law and morality in the mortgage brokering business, well described elsewhere. These two factors made it cheaper for marginal borrowers to get into property that they couldn't afford, and in that deal (this is subtle) the ultimate lendors endangered themselves because they made loans at an interest rate which did not properly compensate them for the risk they took on. This was enabled by
3) the growth of the securitization of the mortgages into portfolio securities. This was and is I think a good idea, as it allows flow of capital into housing loans from sources that wouldn't otherwise easily be able to supply it. However, apparently the risk modeling that was used to price these was flawed, well before the aforementioned bug surfaced. That meant that these loans were mispriced, as I mentioned before. Since the price was too low, people overpurchased the product. Several somebodies, somewhere, didn't factor in the risk of the bubble in the prices mentioned in one, and what a price collapse would do. That fundamental risk, and the resultant mispricing of the loans is what is bringing the house of cards down. That risk makes this bug trivial in comparison. IMCLTHO
And you should be aware that she previously admitted it, in public, to the media. Other participants have corroborated the story. There is no reasonable doubt, in my mind, that she did the harassment.
That is an interesting question. High school bullies engage in behavior that, if they were adults, would be chargeable as assault and battery, harrassment, and stalking. Yet in high school they get a free pass. In my own experience, it contributed to years of fear and depression, and I certainly feel it -should- be criminal. It was chosen behavior, intended to cause harm, that did cause harm, as it's primary aim. I think that's a useful contrast to the example you offer of someone two-timing their boyfriend.
I don't know what the answer is, but it's an important question.
So you are applauding that a young girl (in this case the daughter of the woman in question) be forced from school (and quite possibly due to the financial problems her family suffers be denied a chance to attend college if she's apt), ostracized by her entire community, and very likely suffer profound emotional damage.
The young girl in this case was a willing participant to the fraud and abuse. She's certainly a victim of the mother as well, as a competent parent would have prevented the whole situation, but the daughter's hands are not clean in this matter.
You're correct on this. She and her family have been generally shunned by their community as a result of this. I think that sucks for the family, but I also think it's exactly the right punishment for the crime. Rather than dragging this into the courts, the local community has demonstrated that this is unacceptable behavior. This reinforces the mores of the community that purposefully tormenting a teenager is wrong, even if there isn't a law against it.
I feel sorry for the family members, and hope they disown this evil bitch and leave her to rot in the mess she created for herself.
If rumor got out that the NSA had active plans for this, we'd all put our armchair hacker hats on and be posting ways to make it better.
If you were the NSA, and you wanted to do something like this, wouldn't you want it to be labeled an Air Force program, so that people wouldn't treat it seriously?
Because most of those come out of a relatively few access points into the internet, which could be masked for. Part of the power of a botnet is the diverse sourcing.
I tell them that working in software is kind of like what George Bush, Sr, once said about the Vice Presidency: "It pays well, it's indoor work, and there is no heavy lifting."
Yeah, you're right on that. I don't think much of those, either. On the one about all those folks up on Mount Olympus, or the turtle with the world on his back, or...
Now, about that dope?
Because they revealed that he was divinely instructed needed to nail everything with tits in his little group, of course. Can't have that kind of information visible to just everyone, you know.
Why, you've outed me. Did you bother to check out the reference? I didn't think so. Might challenge your cloistered world view.
Your touchiness on the subject is, however, interesting. There are abundant independent newspaper accounts and court records of the LDS clan's trevails in the early days, and of Joseph Smith's run-ins with the law. He was a conman and a thief, who became a prophet when he figured out that the pay was better, and he could get laid more often.
When a known con man comes up with a tale of the likes of an angel named Moroni (couldn't he have picked a better name?) and set of golden tablets in a mystical language, that only the conman can read (after some divine inspiration, of course) that simply boggles the mind and is contradicted by every shred of archealogical evidence known to man, intelligent folks look elsewhere for guidance. I don't wish to mock anyone's beliefs, but the Book of Morman requires some pretty strong dope to take seriously. I wish you guys would share.
Hm-m-m. Responds to cited source with ad hominum attack. Persuasive? I think not.
Joseph Smith's background is pretty well documented. See this for a good writeup. He was a con man and a thief, who (one can reasonably conjecture from the documented history) came up with a polygamist philosophy because he was also one randy goat.
I was saying that what she could have done with the cube wouldn't have felt as good.
Sorry, that's not true. Consider the case where you sue for unpaid wages. You don't have a 'loss' before the judgement, you have an absence of income. Once you recover the income through your judgement, it's income like anything else.
In the case of suing for damage to your automobile in an accident, the amount of the recovery that is attributable to repair/replacement costs is not income, but damages for lost income would be. The first piece is compensation for a damage, the second is compensation for foregone income. Once you are compensated for foregone income, it's taxable.
There are complicated rules about this. In the case of the MAFIIA, they probably get to net our their attorney and court costs, and likely are able to end up with a net loss out of it. But the recoveries I am quite sure are revenue and taxable when collected.