405 posts • joined 19 May 2010
Yes, that is true. It's also true that such things come out as soon as a trial starts giving the accused a chance to review whether the warrant was legally issued and that the police properly executed it while restricting themselves to the items contained within it. This is to prevent fishing expeditions. (" Well Judge, we thought there was kiddie porn but it turns out that we found a spoon with spaghetti sauce on it that we think might be meth instead...")
The problem comes in from the FISC and FISA court's. They have no oversight. Worse they can do things such as force companies to provide any and all information they have for any and all of their clients. Apparently this is a common occurrence. For example, in 2013 FISC forced Verizon to provide all call detail records to the NSA on an ongoing and daily basis. Although believed to be true for a long time, we only know the details because of Snowden.
These courts commonly exceed what is normally allowed by the law. Further the various agencies such as the FBI routinely hide, or even flat out lie about where and how they came by their information, sealing it behind words such as "State Secrets" so that the accused has zero ability to mount a defense.
Besides calling attention to the daily spying on citizens whose only "crime" is to be alive, the only other thing a regular citizen can do is to ensure such spying isn't effective. Which means, at the very least, encrypted communications where possible. Because such things are usually beyond an average citizens ability to set up, encryption by default has to be the way to go.
The problem isn't those who are guilty. The problem is that the term "guilty" can (and does) change just as easily as the political landscape. The current administration has pursued political targets using the IRS, which is doing a bang up job trying to avoid congress. Meanwhile prior administrations have take similar actions or worse.
I do not want to be in a position where I wake up one day and am jailed for political reasons. That is the province of 3rd world countries and banana republics. It is not what the Land of the Free is founded on.
Disparate home automation systems talking to each other? Lol
I'd be happy if my samsung tv remote could control my samsung DVD player. Or if the DVD player remote could control the tv. Or if my samsung tv remote could control the volume on the samsung speaker. Three products from the same company, all bought at the same time and none of them work well together. Heck just playing DVDs often results in sound that is completely out of sync with the video whose only resolution is to unplug everything and hope it works on the next try. My wife has asked multiple times if we could just bring the old crap back: at least it generall worked well.
So dealing with home automation incompatibilities? No thank you. Let's stick with just gettin the simple crap working together. I swear I'd buy a tv and DVD player made by apple even at their high prices just because I'd know it would work right.
Which leads me to this: let's stop using the word "standard". None of those things mentioned are real standards. They are specifications. Of which various companies pick and choose which ones to use and what parts to implement. A standard would be something like the nozzle used to out gas in your car. Pick a gas station they're all the same because it's standardized.
Microsoft is laughing
You just know that the Microsoft CEO is quite literally rolling on the floor and laughing his head off about now.
Unix/Linux more secure? ha!
Re: The hammers are hitting the fan.. or are about to.
"Did the CIO know?"
It's the CIO's job to know about things like this. Specifically he should know who his company has contracts with, what they cost, etc. If he didn't then he is too dumb to continue in a job at that level. If he did, but did nothing about it, then he is too dumb to continue in a job at that level....
Point is: Incompetence indicated either way so his head should roll.
Re: I repeat my comment from the last article on this subject:
No. That's just how the blame game works.
An interesting twist would have been those same "security bods" going to media outlets, twitter, etc to tell the world how HomeDepot was a ticking time bomb and was not interested in fixing it.
So because he wants to sell more 4k and, eventually 8k televisions he thinks we ought to pay more for our internet.
Don't worry. The models will be retroactively changed to fit the picture.
Heck, I'd be happy if they got some better picture of those "rocks". Like the one that looks like a skull or the engine looking thing from the initial landing.
Bad Virus Updates vs Viruses
Isn't it time for someone to do a study that shows the number of computers killed by bad virus scanner updates vs the things they are supposed to be protecting us from?
It seems to me that we see more articles talking about virus scanners killing computers than we do viruses causing issues.
Re: Unexpected consequences...?
Somehow I think carrying out an effective DDOS against Google and FB would be a tad difficult.
Also, I get the feeling that tools like this could be used for FAR more than just seeing if a group is considering performing a DDOS. Corporate people could use it just to monitor how they, or their products, are being spoken about...
Security by Obscurity...
Security by Obscurity fails again.
Shouldn't they have a training class on this by now?
I don't think the researchers went quite far enough in their "research". Counting google hits for search terms isn't good enough.
First up: not everyone updates their iOS immediately upon release. I don't have exact numbers but I don't know a single person who does it within the first month.
That said everyone I know experiences this slow down. It happens shorty after a new iphone is released and lasts for a few weeks. Then everything goes back to normal. This is without upgrading the apps or iOS on the afflicted devices. I think apple ( or the providers ) slows some services down, whether intentionally or not remains to be seen. Honestly, as I don't watch ads and never visit the apple site the way I know a new iphone is being released is when my phone starts slowing down.
As far as how they do it: these phones communicate with iCloud a LOT; far more than you would guess - and that doesn't show up on your phone usage bill. It would be trivial for someone like AT&T or Apple to slow down the traffic to those service points. Not enough to piss people off, but certainly enough to make them wonder if it isn't time to upgrade the phone....
I propose that the PCI group just go ahead and disband. It's pretty worthless as it stands.
I'm pretty sure that the only reason for trade shows anymore is as an excuse for people to not be at work.
You know that DDG is based in the US? That it has to comply with US laws? You know, ones like "Do what the NSA says and you're not allowed to ever acknowledge it." Like, oh just pulling a random one here: tracking all your users and sending that data directly to a TLA (three letter agency)?
Please stop drinking the kool-aid and pay attention.
Re: I'm so confused
Yep, you are really confused with how business works.
Netflix has demonstrated that their data is being slowed down by various ISPs. To combat this they are doing two things. First, they are trying to get net neutrality signed which would prevent ISPs from intentionally screwing with traffic based on source. (It's common, easy to demonstrate and completely denied by the lying bastard ISPs) Second, they are signing deals with ISPs that will prioritize their traffic.
In other words they are trying to get the legal framework put in place so they don't have to sign these deals. While knowing that getting the laws passed is going to take quite a bit of time they are doing the only other thing they can for their customers which is to pay the bridge trolls.
Microsoft has a serious problem with staying on course while delivering fundamental functionality that shouldn't even be a question mark. Having issues playing audio is beyond stupid.
Does Microsoft know how to hire people that can manage and work in large teams? Or is it that they don't know how to hire programmers anymore? Seems like their development teams have been on a downward slide for a decade.
Re: put your hand in your pocket, synology
Regardless of who is at fault, seems like a small price to pay for a NAS company in order to bail out your clients.
It would certainly leverage a tremendous amount of good will.... At least until you became a target again. Hmm. No wonder we don't *normally* negotiate with terrorists.
Probably easier to get a hold of than the phone company as well.
I think some of you, article writer included, are looking at this the wrong way.
A command economy doesn't need to account for left hand screws being different in different towns. That way lies madness. Instead a command economy says THIS is the screw for the people.
When you are trying to align everyone into a short list of goals then a command economy is perfect. For example, fighting WWII. However, if you are trying to empower people to live their own lives in the way they see fit, then a command economy is the worst possible thing as it removes personal choice.
Trying to shoehorn the idea of personal choice into a command economy is just moronic.
Re: Ask a policeman
I'm not sure I would call cops the "executive arm" of the justice system. They are the enforcers. If it looks like a crime is going on then it's their job to arrest (and/or shoot [depending on your country of residence]) everyone involved. Then they let the prosecutors (or whatever you call them) deal with it.
"Sedition" isn't as catchy a phrase as "terrorism". I'm not convinced most people would know what sedition even is.
Wrong culprit identified
At what point do we stop blaming a bug which PATCHES HAVE BEEN RELEASED FOR and start blaming the idiotic network admins who fail to apply said patches?
The title of this story should be: "Dereliction of duty by Network Admins implicated in US hospital megahack"
They said the attacks occurred between April and June. The patches were released on April 7. I'll grant them 3 days to do emergency testing and patch their systems (which is way too much). That leaves approximately 80 days of time in which these attacks should have been stopped cold.
Re: Are there ANY success stories?
I disagree. Having a third party design the software is usually a bad idea.
The answer is to make sure that any given project doesn't exceed about 6 months worth of work, a year at the absolute most. As each piece is completed, let the consultants bid for the next piece while everyone, including the public, has total access to the source code. When sending in their proposal each company should be allowed to identify an area the want to recode along with the reasons for it.
That would solve a majority of this.
Re: Postmortem shows killing shot could not have been delivered from behind.
Excellent right up.
Re: Anonymous Fools ...
The problem is I'm not sure which store I'm supposed to loot from and burn down. What's the racial identity of the anon member that posted the wrong name?
As you can tell I'm ill informed but trying to make sure I hit the right target - probably means I'd be a lousy rioter. Maybe I should just stay home.
Re: CaptainDaFt Meh
I agree with the sentiment, but what qualifies as a proper journal report?
Re: Ahh, vigilante "justice"
Oh, I don't know, probably because it's highly likely to have occurred. People get death threats for just posting contrary views on the net. I'd bet my house that death threats, yes more than one, were sent shortly after a target was identified.
Unfortunately that's the jacked up world we live in. Anonymous had no business releasing that info. Especially considering it was wrong and very easily identified as such.
I bet they were using LINQ. That stuff is garbage.
Nations spend hundreds of millions, and in some cases billions, of dollars to secure their networks.
At what point does it make financial sense to code your own operating system and application suite that instead of using consumer grade crap?
None of the current vendors have shown that device and network security is the most important item. For anyone that thinks network security isn't possible: you're delusional because it is. What isn't possible is leaving it up to entities that base decisions on how much it costs them to clean up afterwards.
Sounds to me like they are doing DPI and playing with how to throttle certain traffic. They should probably call verizon and time warner to get some help
Expand / Refine / Sustain
In the timeline, it's the Expand, Refine and Sustain parts that worry me. Well that and the part on the right that looks a bit incomplete.
I suspect they are hiding "Phase 5" which is when they take over the world.
This is all about liability.
If I enter a PIN code and that code is stolen ( incredibly likely given the complete lack of security for most retailers ) then it is far easier for a thief to drain my bank account (debit card). Which can cause a lot of issues.
If I choose to do a signature and the card number is stolen, then it's all on the bank(s) to figure out what's going on and the money doesn't leave my account.
I just can't see a situation in which using a PIN code is a worthwhile idea.
I honestly don't see how TGI is still in business. The food is horrible, why do people subject themselves to that garbage. If it was horrible AND cheap then I might be able to understand.. but it's not.
Re: even if he did...
Did you run a background check on the individual to make sure they haven't already bought 10 hammers?
What did you do to ensure that they haven't been accused of participating in a violent crime in the past?
Did the individual say anything you thought was suspicious?
If the answers to the above questions aren't satisfactory then, yes, you have committed a crime.
Re: pretty big peg
Please do tell.
" Internet Explorer will begin alerting users when web pages try to launch ActiveX controls that are considered out-of-date and potentially insecure."
All ActiveX controls will be blocked by default? Woot!
"Microsoft will maintain the list of verboten ActiveX controls itself and will update it as new versions are released or new vulnerabilities are uncovered."
Oh... So typical Microsoft crap. They have a good idea and, as usual, barely implement the important bits.
Wouldn't it be better if we just disconnected that entire country from the Internet already?
Re: I only wish....
Sounds like you are working in a place whose only real answer is to fire IT administration. I'd leave
Re: So how do current versions get installed?
This is what I was wondering as well.
Who cares if updates are hard to detect. It still requires a program on the infected computer to receive and process the image correctly. THAT should be detectable; evidenced by the fact they say 350k computers are compromised.
Re: Maybe they have the wrong concept?
If you don't know the myriad of ways that something can be taken down and, more importantly, the principals of how those ways work, then you will never understand how to put up a defense. Period.
Yes, there are lots of ways to configure networks and "secure" applications. There are even plenty of industry "standards" for what you should do. What's lacking are people who understand WHY those standards exist. If you know WHY, then you can make an informed decision on how to lock things down while understanding the areas that are just completely missed.
The whole Touch Screen paradigm is not for normal desktop use.
The top applications for a regular computer is email, word processing and web browsing. Two of those require lots of keyboard input. Although the last one doesn't, holding my arms in the air all day just isn't worth it. Never mind that most of us have dual monitors and probably have a dozen applications running... So, what's the solution? Simple: have an interface that works well with keyboard and mouse control... Win7 did this.
I worked on touch screen apps in the mid 90s, there is a purpose, but it's not general computer use. If you have one application, whose operation is limited to a small set of actions then touch screens are perfect. Beyond that: waste of money.
Finally, whoever thought that a single OS INTERFACE across mobile, desktop and server usage was a good idea should be flogged. That wasn't what developers wanted. We wanted a single OS under the covers so that we didn't have to know 3 different APIs to build programs. They missed the entire point. Again.
Re: Verdict decided then
Let's say it was caught on the neighbors video camera. And let's say the Police then broke into the neighbors house and took the video. No search warrant, no notification to the owner. The owner comes home to see his door smashed down.
Now, should that evidence be admissible? No because it was not properly obtained. The entire point of those "technicalities" is to ensure that those enforcing the law are behaving correctly. If it was admissible then the police could, at any point, decide to break down your door and search your house just looking for something to charge you with. There is a reason these rules and laws are in place.
In a society ruled by law it is imperative that the ones sworn to uphold it are held to at least the same standards as everyone else. If the agencies responsible for collecting the data they are prosecuting him with have ignored, broken or even just "bent" the laws then the entire case needs to be thrown out.
I don't care what this guy did. If our society is hell bent on prosecuting people without following the rules then we don't have much of a society.
Instead of comparing the update schedule of an entire operating system to java, it would probably be better to compare the update schedule of the .net framework. I'm pretty sure there is an order of magnitude difference between them.
Another day, another java problem. ho hum.
Isn't this the sort of thing the regulators are supposed to fix?
Why is it important to the story that she was unemployed?
Lots of people are unemployed, that doesn't mean that you should be afraid of them.
Re: The simple answer is usually the obvious one
And here I thought it was the Minutemen just screwing with us...
( http://en.wikipedia.org/wiki/A_Matter_of_Minutes )
I don't see how this will go over well with the public.
Just mentioning the word "Axis" and most movie goers at this point will have no clue what you are talking about. Throw in a setting of an alternate reality in the 60s and I think the public won't know what to make of it.
- +Comment Anti-Facebook Ello: Here's why we're still in beta. SPAMGASM!
- Vid+Pics Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
- Analysis Windows 10: One for the suits, right Microsoft? Or so one THOUGHT
- Xbox hackers snared US ARMY APACHE GUNSHIP ware - Feds
- George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests