Re: [nlug] Curious
- Original Message - On Mon, Feb 7, 2011 at 4:49 PM, David R. Wilson da...@wwns.com wrote: I am curious if anyone knows of any legitimate claim DHS has to being able to take down web sites by DNS modification? I don't know about you guys, but this is getting a bit old to me: http://www.infowars.com/dhs-seizes-websites-for-merely-linking-to-copyrighted-material/ It was ICE (Immigration and Customs Enforcement), other sites say they teamed with the DOJ. Still why ICE would at all be involved with copyright infringement re websites seems a stretch. Knockoff Gucci bags from China okay that falls under customs, but this? If the sites are domestic, DOJ can go after them directly. But if they are hosted abroad, when accessed by someone domestically, it is importation, and therefore falls under customs. It is kind of like some of the import music scene, if you buy the product abroad and the local licensed importer wants to enforce some license agreement, they can claim your import is a illegal copy in the US because they didn't get paid. Shakey both legally and morally, but it is there. -- Steven Critchfield cri...@basesys.com -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
[nlug] Internet kill switch
Any opinions on an Internet kill switch? http://www.techrepublic.com/blog/security/what-the-experts-think-about-the-viability-of-an-internet-kill-switch/5034?tag=nl.e036 text of Section 1016 of H.R.3162 (USA Patriot Act) http://thomas.loc.gov/cgi-bin/query/F?c107:1:./temp/~c107jJ2pkO:e415432: I am particularly _amused_ by the title of subsection (d): ESTABLISHMENT OF NATIONAL COMPETENCE FOR CRITICAL INFRASTRUCTURE PROTECTION Competence of Federal bureaucracy? Would George Carlin call this an oxymoron? -- Russ Crawford 615/506-4070 -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
definitely.. Which brings the earlier discussion of we need to have a backbone infrastructure telecommunications the government can't regulate On Tue, Feb 8, 2011 at 11:51 AM, Russ Crawford russ.m.crawf...@gmail.com wrote: Any opinions on an Internet kill switch? http://www.techrepublic.com/blog/security/what-the-experts-think-about-the-viability-of-an-internet-kill-switch/5034?tag=nl.e036 text of Section 1016 of H.R.3162 (USA Patriot Act) http://thomas.loc.gov/cgi-bin/query/F?c107:1:./temp/~c107jJ2pkO:e415432: I am particularly _amused_ by the title of subsection (d): ESTABLISHMENT OF NATIONAL COMPETENCE FOR CRITICAL INFRASTRUCTURE PROTECTION Competence of Federal bureaucracy? Would George Carlin call this an oxymoron? -- Russ Crawford 615/506-4070 -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
I have mixed feelings about this. On the one hand, I don't want our government to be able to pull this business that Egypt pulled to quell rebellion by shutting off the Internet in the entire country (which is stupid and didn't work, anyway.) On the other hand, what if we had some kind of massive cyber attack against our country and the best way to contain the damage was to ask individual ISP's to shut down some or all traffic? (the way the CDC might quarantine a virus outbreak in a city by preventing traffic in or out.) A few years ago, I might have considered this kind of cyber attack science fiction but with the very successful attack by Stuxnet http://en.wikipedia.org/wiki/Stuxnet, I don't consider this just a wild idea but a pretty real concern. Chris On Tue, Feb 8, 2011 at 11:51 AM, Russ Crawford russ.m.crawf...@gmail.comwrote: Any opinions on an Internet kill switch? http://www.techrepublic.com/blog/security/what-the-experts-think-about-the-viability-of-an-internet-kill-switch/5034?tag=nl.e036 text of Section 1016 of H.R.3162 (USA Patriot Act) http://thomas.loc.gov/cgi-bin/query/F?c107:1:./temp/~c107jJ2pkO:e415432: I am particularly _amused_ by the title of subsection (d): ESTABLISHMENT OF NATIONAL COMPETENCE FOR CRITICAL INFRASTRUCTURE PROTECTION Competence of Federal bureaucracy? Would George Carlin call this an oxymoron? -- Russ Crawford +16155064070615/506-4070 +16155064070 -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
- Original Message - I have mixed feelings about this. On the one hand, I don't want our government to be able to pull this business that Egypt pulled to quell rebellion by shutting off the Internet in the entire country (which is stupid and didn't work, anyway.) On the other hand, what if we had some kind of massive cyber attack against our country and the best way to contain the damage was to ask individual ISP's to shut down some or all traffic? (the way the CDC might quarantine a virus outbreak in a city by preventing traffic in or out.) A few years ago, I might have considered this kind of cyber attack science fiction but with the very successful attack by Stuxnet http://en.wikipedia.org/wiki/Stuxnet, I don't consider this just a wild idea but a pretty real concern. How about smart people do not put important pieces of hardware on the open internet. How about smart people not use Microsoft or similar top of the market for exploits software to run important pieces of hardware. Then again, how about we make sure we don't become the nanny state and eliminate personal responsibility for ones actions or inactions. -- Steven Critchfield cri...@basesys.com -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
On Feb 8, 2011, at 1:18 PM, Steven S. Critchfield cri...@basesys.com wrote: - Original Message - Then again, how about we make sure we don't become the nanny state and eliminate personal responsibility for ones actions or inactions. -- Steven Critchfield cri...@basesys.com Well said. -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
This is the Internet we're talking about, not smart people ;) There are a lot of systems connected to the Internet (like power grid systems and nuclear power plants) that certainly SHOULDN'T be connected to the Internet but they are... Chris On Tue, Feb 8, 2011 at 12:59 PM, Steven S. Critchfield cri...@basesys.comwrote: - Original Message - I have mixed feelings about this. On the one hand, I don't want our government to be able to pull this business that Egypt pulled to quell rebellion by shutting off the Internet in the entire country (which is stupid and didn't work, anyway.) On the other hand, what if we had some kind of massive cyber attack against our country and the best way to contain the damage was to ask individual ISP's to shut down some or all traffic? (the way the CDC might quarantine a virus outbreak in a city by preventing traffic in or out.) A few years ago, I might have considered this kind of cyber attack science fiction but with the very successful attack by Stuxnet http://en.wikipedia.org/wiki/Stuxnet, I don't consider this just a wild idea but a pretty real concern. How about smart people do not put important pieces of hardware on the open internet. How about smart people not use Microsoft or similar top of the market for exploits software to run important pieces of hardware. Then again, how about we make sure we don't become the nanny state and eliminate personal responsibility for ones actions or inactions. -- Steven Critchfield cri...@basesys.com -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
- Original Message - This is the Internet we're talking about, not smart people ;) There are a lot of systems connected to the Internet (like power grid systems and nuclear power plants) that certainly SHOULDN'T be connected to the Internet but they are... So, if they are connected and successfully attacked, the people who allowed it to be connected should have their but placed in the lineup of those who get dealt the swift kick in the pants for having made that boneheaded choice. It is a reminder that the internet is not the end-all-be-all network. Some non connected networks are good for us. And if you must make it to one of the not connected networks, maybe you should have a good VPN or similar connection into it. Those who have connected critical infrastructure to the internet and introduce serious consequences for it's failure should be prepared to suffer the consequences of their actions. These are the same people who complain about password complexity requirements and still expect the security to be high. -- Steven Critchfield cri...@basesys.com -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
On Tue, Feb 8, 2011 at 2:30 PM, Chris McQuistion cmcquist...@watkins.eduwrote: This is the Internet we're talking about, not smart people ;) Sadly, this is true, and what is scary is the following... Consider everyone you know well and interact with on a daily basis. Now consider that these people are ALL above average intelligence. Yes, everyone. If you are dealing with anyone in IT, they are above average. Everyone in the corporate world is above average (Yes, even that ID10T guy). Everyone in the academic world is above average. (Yes, even them) Everyone you run into in your neighborhood is above average (ok, maybe not EVERYONE here, but over 90%) Then consider the fact that for each of these people who are above average intelligence, there is someone just as far below average intelligence out there to balance out to the average. Be afraid... be very afraid. Andy -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
I thought it was amusing yesterday when I tried to send one of my Congressmen a note about this legislation and how wrong it really is. The web site said my email address was invalid. I guess I am not surprised. Dave On Tue, 2011-02-08 at 11:51 -0600, Russ Crawford wrote: Any opinions on an Internet kill switch? http://www.techrepublic.com/blog/security/what-the-experts-think-about-the-viability-of-an-internet-kill-switch/5034?tag=nl.e036 text of Section 1016 of H.R.3162 (USA Patriot Act) http://thomas.loc.gov/cgi-bin/query/F?c107:1:./temp/~c107jJ2pkO:e415432: I am particularly _amused_ by the title of subsection (d): ESTABLISHMENT OF NATIONAL COMPETENCE FOR CRITICAL INFRASTRUCTURE PROTECTION Competence of Federal bureaucracy? Would George Carlin call this an oxymoron? -- Russ Crawford 615/506-4070 -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
While I agree with your assessment, you have to consider that a serious cyber attack could (and probably would) include multiple vectors and have multiple delivery mechanisms. We can't just blame the guy with a 10 year old Windows XP machine with no firewall. One thing Stuxnet taught us is that machines that AREN'T connected to the Internet can be successfully attacked by using spearphishing and different delivery mechanisms. Stuxnet is considered by some to not even be very advanced. God help us if we get something really advanced created and aimed at us! Chris On Tue, Feb 8, 2011 at 1:18 PM, Steven S. Critchfield cri...@basesys.comwrote: - Original Message - This is the Internet we're talking about, not smart people ;) There are a lot of systems connected to the Internet (like power grid systems and nuclear power plants) that certainly SHOULDN'T be connected to the Internet but they are... So, if they are connected and successfully attacked, the people who allowed it to be connected should have their but placed in the lineup of those who get dealt the swift kick in the pants for having made that boneheaded choice. It is a reminder that the internet is not the end-all-be-all network. Some non connected networks are good for us. And if you must make it to one of the not connected networks, maybe you should have a good VPN or similar connection into it. Those who have connected critical infrastructure to the internet and introduce serious consequences for it's failure should be prepared to suffer the consequences of their actions. These are the same people who complain about password complexity requirements and still expect the security to be high. -- Steven Critchfield cri...@basesys.com -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
Your opinion is contrary. Your argument is invalid. Chris :) On Tue, Feb 8, 2011 at 1:46 PM, David R. Wilson da...@wwns.com wrote: I thought it was amusing yesterday when I tried to send one of my Congressmen a note about this legislation and how wrong it really is. The web site said my email address was invalid. I guess I am not surprised. Dave On Tue, 2011-02-08 at 11:51 -0600, Russ Crawford wrote: Any opinions on an Internet kill switch? http://www.techrepublic.com/blog/security/what-the-experts-think-about-the-viability-of-an-internet-kill-switch/5034?tag=nl.e036 text of Section 1016 of H.R.3162 (USA Patriot Act) http://thomas.loc.gov/cgi-bin/query/F?c107:1:./temp/~c107jJ2pkO:e415432: I am particularly _amused_ by the title of subsection (d): ESTABLISHMENT OF NATIONAL COMPETENCE FOR CRITICAL INFRASTRUCTURE PROTECTION Competence of Federal bureaucracy? Would George Carlin call this an oxymoron? -- Russ Crawford 615/506-4070 +16155064070 -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
Sounds like a good reason to switch support to another politician. Andy On Tue, Feb 8, 2011 at 2:46 PM, David R. Wilson da...@wwns.com wrote: I thought it was amusing yesterday when I tried to send one of my Congressmen a note about this legislation and how wrong it really is. The web site said my email address was invalid. I guess I am not surprised. Dave On Tue, 2011-02-08 at 11:51 -0600, Russ Crawford wrote: Any opinions on an Internet kill switch? http://www.techrepublic.com/blog/security/what-the-experts-think-about-the-viability-of-an-internet-kill-switch/5034?tag=nl.e036 text of Section 1016 of H.R.3162 (USA Patriot Act) http://thomas.loc.gov/cgi-bin/query/F?c107:1:./temp/~c107jJ2pkO:e415432: I am particularly _amused_ by the title of subsection (d): ESTABLISHMENT OF NATIONAL COMPETENCE FOR CRITICAL INFRASTRUCTURE PROTECTION Competence of Federal bureaucracy? Would George Carlin call this an oxymoron? -- Russ Crawford 615/506-4070 -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
On Tuesday 08 February 2011 13:18:41 Steven S. Critchfield wrote: - Original Message - This is the Internet we're talking about, not smart people ;) There are a lot of systems connected to the Internet (like power grid systems and nuclear power plants) that certainly SHOULDN'T be connected to the Internet but they are... So, if they are connected and successfully attacked, the people who allowed it to be connected should have their but placed in the lineup of those who get dealt the swift kick in the pants for having made that boneheaded choice. Yes, but the problem is that we're talking about systems which, if they were to go critical, the guy at fault for hooking it up to the network is very likely already dead, along with several million of the populace. That is why an after-the-fact solution won't work. OTOH, giving the president the power to just blindly shut off the network might also prevent the right person from getting in and defusing the electronic worm. I think we're much better off with the current ambiguous situation, where the president needs to use his powers of persuasion to convince a network operator to shut down a link in the best way possible, rather than the force of law (which usually convinces people to do dumb shit in the name of legal compliance). -- Tilghman -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
Yes, True, but unfortunately that was one of the friendlies. I suspect someone in IT (running one of those closed OSs) had something to do with that. Dave On Tue, 2011-02-08 at 14:57 -0500, Andrew Farnsworth wrote: Sounds like a good reason to switch support to another politician. Andy On Tue, Feb 8, 2011 at 2:46 PM, David R. Wilson da...@wwns.com wrote: I thought it was amusing yesterday when I tried to send one of my Congressmen a note about this legislation and how wrong it really is. The web site said my email address was invalid. I guess I am not surprised. Dave On Tue, 2011-02-08 at 11:51 -0600, Russ Crawford wrote: Any opinions on an Internet kill switch? http://www.techrepublic.com/blog/security/what-the-experts-think-about-the-viability-of-an-internet-kill-switch/5034?tag=nl.e036 text of Section 1016 of H.R.3162 (USA Patriot Act) http://thomas.loc.gov/cgi-bin/query/F?c107:1:./temp/~c107jJ2pkO:e415432: I am particularly _amused_ by the title of subsection (d): ESTABLISHMENT OF NATIONAL COMPETENCE FOR CRITICAL INFRASTRUCTURE PROTECTION Competence of Federal bureaucracy? Would George Carlin call this an oxymoron? -- Russ Crawford 615/506-4070 -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk +unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk +unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
Very good points Tilghman. If there is one thing we can (probably) all agree on, it is that making more laws doesn't necessarily make things better! Chris On Tue, Feb 8, 2011 at 2:03 PM, Tilghman Lesher tilgh...@meg.abyt.eswrote: On Tuesday 08 February 2011 13:18:41 Steven S. Critchfield wrote: - Original Message - This is the Internet we're talking about, not smart people ;) There are a lot of systems connected to the Internet (like power grid systems and nuclear power plants) that certainly SHOULDN'T be connected to the Internet but they are... So, if they are connected and successfully attacked, the people who allowed it to be connected should have their but placed in the lineup of those who get dealt the swift kick in the pants for having made that boneheaded choice. Yes, but the problem is that we're talking about systems which, if they were to go critical, the guy at fault for hooking it up to the network is very likely already dead, along with several million of the populace. That is why an after-the-fact solution won't work. OTOH, giving the president the power to just blindly shut off the network might also prevent the right person from getting in and defusing the electronic worm. I think we're much better off with the current ambiguous situation, where the president needs to use his powers of persuasion to convince a network operator to shut down a link in the best way possible, rather than the force of law (which usually convinces people to do dumb shit in the name of legal compliance). -- Tilghman -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Internet kill switch
On Tue, Feb 8, 2011 at 3:01 PM, Will Drewry w...@gmail.com wrote: On Tue, Feb 8, 2011 at 1:48 PM, Chris McQuistion cmcquist...@watkins.edu wrote: While I agree with your assessment, you have to consider that a serious cyber attack could (and probably would) include multiple vectors and have multiple delivery mechanisms. We can't just blame the guy with a 10 year old Windows XP machine with no firewall. One thing Stuxnet taught us is that machines that AREN'T connected to the Internet can be successfully attacked by using spearphishing and different delivery mechanisms. Stuxnet is considered by some to not even be very advanced. God help us if we get something really advanced created and aimed at us! It also shows that the consumer (and industrial .. thanks stuxnet) computing world right now has a big, soft underbelly. There's no evidence to say that more computers that do industrial control, that are home desktops, that are DoD owned, etc aren't infected with more targeted malware. Nor it there any way to prove that there haven't been manufacturing line code injection into firmware or hosting compromises for widely used software. The more you think about security and privacy with computing, the sadder it'll probably make you. There's certainly nothing our government is going to be able to do in the short term to magically change this. :/ At least with the extra interest in security these days, maybe we'll see some improvement driven by consumers ... right? ;) I've had similar thoughts for years. I finally came to the conclusion that you have to trust that other people will find and alert proper people, and that other coders have at least thought about security and how their code could be attacked and taken appropriate steps. Dell (and other companies) computers are largely if not entirely manufactured in China these days. I've long wondered what would prevent the Chinese government from altering BIOS or other components' code to put a back door, kill switch, worm, etc. in most computers in the world. Most PCs are connected to the internet these days, so it wouldn't take much to activate and coordinate an targeted attack. I finally figured out you have to trust that others have written their code in the most secure way they know, and haven't hidden anything unexpected. Paul Boniol -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
[nlug] Re: Internet kill switch
On Feb 8, 4:40 pm, Paul Boniol paul.bon...@gmail.com wrote: On Tue, Feb 8, 2011 at 3:01 PM, Will Drewry w...@gmail.com wrote: On Tue, Feb 8, 2011 at 1:48 PM, Chris McQuistion cmcquist...@watkins.edu wrote: While I agree with your assessment, you have to consider that a serious cyber attack could (and probably would) include multiple vectors and have multiple delivery mechanisms. We can't just blame the guy with a 10 year old Windows XP machine with no firewall. One thing Stuxnet taught us is that machines that AREN'T connected to the Internet can be successfully attacked by using spearphishing and different delivery mechanisms. Stuxnet is considered by some to not even be very advanced. God help us if we get something really advanced created and aimed at us! It also shows that the consumer (and industrial .. thanks stuxnet) computing world right now has a big, soft underbelly. There's no evidence to say that more computers that do industrial control, that are home desktops, that are DoD owned, etc aren't infected with more targeted malware. Nor it there any way to prove that there haven't been manufacturing line code injection into firmware or hosting compromises for widely used software. The more you think about security and privacy with computing, the sadder it'll probably make you. There's certainly nothing our government is going to be able to do in the short term to magically change this. :/ At least with the extra interest in security these days, maybe we'll see some improvement driven by consumers ... right? ;) I've had similar thoughts for years. I finally came to the conclusion that you have to trust that other people will find and alert proper people, and that other coders have at least thought about security and how their code could be attacked and taken appropriate steps. Dell (and other companies) computers are largely if not entirely manufactured in China these days. I've long wondered what would prevent the Chinese government from altering BIOS or other components' code to put a back door, kill switch, worm, etc. in most computers in the world. Most PCs are connected to the internet these days, so it wouldn't take much to activate and coordinate an targeted attack. I finally figured out you have to trust that others have written their code in the most secure way they know, and haven't hidden anything unexpected. Paul Boniol Sadly as long as the majority fears education and prefers convenience over security, there will be little need for anything advanced. I assume eventually we will have to admit that FOSS is really only for those who values learning, which sad to say, a growing number seem to dislike. Which I mean that FOSS will always be in the background, and it the common practices of FOSS will also be in the background as Norton tries to scare everyone into buying it's next virus called, ironically, Norton Security Suite . That being said, I would support an internet kill switch if and only if, we were able to build a new internet AROUND it, I do believe it has been suggested as of late to fork the internet (see below). We could then make two zones if you will, one for general services and another that keeps everything separate from the Internet, but I admit the call for forking was over net neutrality, and I don't see why we need ISPs in the first place, but I digress. Yes, most PCs are connected to the Internet, and that trend will only continue, should the US enforce a type of Kill Switch, I would imagine it would only serve to annoy all the twitterers and Facebook addicts, plus by the time the government would build and get it set up, the planets will align *twice* and the kill switch will make the President (at the time) cookies while leveling up his farm for him or her on farmville. Also, stuxnet also got to computers that were not connected to the Internet. So perhaps the Kill Switch won't be as effective since we use this model of, look secure but don't BE secure will be more of what the kill switch will do, much like our *favorite* Government department, the DMS. -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
[nlug] Room Scheduling
I checked my e-mail and printouts. I requested MRB-III 1220 from 18:00 to 19:55, through the online form (January 2011 through July 2011). The confirmation came back that we had the room from 18:00 to 20:55 on our meeting days. I did not find any other e-mail concerning our room reservation, though 20:55 is longer than requested. I will check. Paul Boniol -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
Re: [nlug] Room Scheduling
Thanks for checking on this, Paul. Chris On Tue, Feb 8, 2011 at 9:54 PM, Paul Boniol paul.bon...@gmail.com wrote: I checked my e-mail and printouts. I requested MRB-III 1220 from 18:00 to 19:55, through the online form (January 2011 through July 2011). The confirmation came back that we had the room from 18:00 to 20:55 on our meeting days. I did not find any other e-mail concerning our room reservation, though 20:55 is longer than requested. I will check. Paul Boniol -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en