On Wed, 28 Jan 2009 09:46:11 +0900, Peter Evans said:
How the hell does this protect children though?
Umm... when they take naked pictures of themselves to send to their
boy/girl/whateverfriends, their parents can hear the tell-tale shutter
sound and investigate?
I'm sure the logic is
On Fri, 23 Jan 2009 10:58:12 +0900, Peter Evans said:
who still thinks vegemite can be weaponised.
can be? Consider any container of vegemite as object proof..
pgpeEWwsd2kli.pgp
Description: PGP signature
___
Fun and Misc security discussion for OT
On Wed, 14 Jan 2009 13:07:54 +0900, Peter Evans said:
On Tue, Jan 13, 2009 at 06:19:25PM -0800, Rob Thompson wrote:
Peter Evans wrote:
Well, I wonder if it is as anal as vista (which I have, but
to be quite honest, can't be arsed to install) about HDCP and
content encraption.
On Sat, 10 Jan 2009 10:37:04 EST, der Mouse said:
I'm talking thermite.) The only real market I can see is to recover
accidentally overwritten data, and that requires that somehow a drive
had the only copy (unlikely) _and_ got so carelessly treated as to get
overwritten (also unlikely).
On Sat, 10 Jan 2009 14:50:02 PST, nick hatch said:
I'm willing to say that nobody (spooks or otherwise) reads data off a HD
using AFM. It's just not the right tool. If you're worried about it: hit the
case with a hammer hard enough to bend/shatter the platter. A bent platter
would be a
On Wed, 31 Dec 2008 21:58:57 CST, RandallM said:
Symantec is and always will be www.symantec.com, as with other sites. they
are blocked by malware infections (in various ways that I would love to
understand more). If there were server around the globe open with online
scanners and tools that
On Fri, 02 Jan 2009 01:32:12 GMT, Mike Preston said:
the main install. The rescue mode could be hardened with minimal drivers
and firewalled up the yangtse.
One has to wonder - if you know how to harden the box for rescue mode,
why aren't you doing that for *production* so you don't get into a
On Tue, 30 Dec 2008 23:46:16 PST, Paul M. Moriarty said:
Quick everybody, get off Ferg's lawn! :)
http://roflrazzi.com/2008/12/15/celebrity-pictures-bean-lawn/
http://roflrazzi.com/2008/12/29/celebrity-pictures-bean-should-have/
pgp173mZ9oDnE.pgp
Description: PGP signature
On Tue, 30 Dec 2008 18:53:05 EST, Bruce Potter said:
This rabbit hole goes very deep indeed. Here's a study from 1972 that
is still relevant today (unfortunately)
http://seclab.cs.ucdavis.edu/projects/history/papers/ande72a.pdf
On Tue, 30 Dec 2008 16:29:11 PST, Rob, grandpa of Ryan, Trevor, Devon
Hannah said:
First, you need 5 CAs that use MD5 hashes. How many do that?
You got that backwards. They found five, only need one.
Is this attack effective against SHA-1? How much longer would it take?
On Tue, 30 Dec 2008 20:27:07 EST, valdis.kletni...@vt.edu said:
Is this attack effective against SHA-1? How much longer would it take?
http://www.win.tue.nl/hashclash/rogue-ca/
Read 5.3.4 for MD5:
The total complexity of the collision construction can be estimated at 2^51.x
MD5
On Fri, 12 Dec 2008 06:31:36 CST, Gary Warner said:
Because the weather forecast YESTERDAY said there was a Winter Freeze
Warning in effect for this morning, my daughter's school went ahead
YESTERDAY AFTERNOON and announced that school would not start until 9:30
AM (instead of 7:40).
Many
On Thu, 11 Dec 2008 09:20:51 PST, Rob, grandpa of Ryan, Trevor, Devon
Hannah said:
At the request of the Federal Trade Commission, a U.S. district court
has issued a temporary halt to a massive scareware scheme
arrgghhh
Sorry. But I am really getting
On Sat, 06 Dec 2008 22:15:07 PST, Rob, grandpa of Ryan, Trevor, Devon
Hannah said:
Date sent:Wed, 03 Dec 2008 23:27:31 + (GMT)
From: Drsolly [EMAIL PROTECTED]
I still use an IBM keyboard!
The ones they used on the RT and early PC, or the *really* neat ones
On Wed, 03 Dec 2008 12:26:05 PST, Gregory Hicks said:
But sounding the death knell for the device is Gartner analyst Steve
Prentice who said the mouse will no longer be mainstream in three to
five years.
http://catb.org/jargon/html/G/gorilla-arm.html
(And for the record, I am a laptop
On Mon, 24 Nov 2008 15:47:05 +0200, Juha-Matti Laurio said:
Nemertes Research continued to throw cold water on the future of the
Internet this week,
releasing a study projecting that demand for bandwidth on the Web would
exceed its capacity by 2012.
The big unanswered question is what
On Fri, 21 Nov 2008 08:45:35 EST, Jon Kibler said:
I don't really have a problem with this case. Why? Several reasons:
Nor do I. The point is that it certainly undercuts the claim that you can't
connect a computer with removable media to a classified net, when they're
discussing how it may be
On Thu, 20 Nov 2008 05:26:22 MST, Bruce Ediger said:
On Thu, 20 Nov 2008, Juha-Matti Laurio wrote:
Damage caused by cybercrime is estimated at $100 billion annually, said
Kilian Strauss, of the Organization for Security and Cooperation in Europe
(OSCE).
Just the other day, I read that
On Thu, 20 Nov 2008 10:44:25 EST, Trollie Fingers said:
I wonder if other industries allow over hyping their issues to this degree?
You think *this* is over-hyped? Try GW Bush, Colin Powell, UN, Iraq for
over-hyped.
Cybercrime hype is being done by mere pikers in comparison.
On Thu, 20 Nov 2008 13:51:13 CST, Thomas Raef said:
But don't you think cybercrime is much the same?
Don't so many people turn their heads and ignore the pending crisis in
computer security?
pending crisis in computer security, Darfur, Somali pirates, global warming,
civil war in the Congo,
Wow. Major chutzpah and innovation. *Very* major.
http://www.nj.com/hudson/index.ssf/2008/11/cops_jersey_city_senior_holds.html
pgpnmAaM9Qiym.pgp
Description: PGP signature
___
Fun and Misc security discussion for OT posts.
On Thu, 20 Nov 2008 15:05:12 CST, Thomas Raef said:
pending crisis in computer security, Darfur, Somali pirates, global
warming, civil war in the Congo, ...
Feel free to *try* to go for a week and *not* turn your head at a
crisis you hear about. Actually care about every single one. Let me
On Thu, 20 Nov 2008 15:24:15 CST, Thomas Raef said:
What, you don't think that the same political and economic forces that
are part of the root cause of issues in Darfur, Somalia, and the Congo
aren't
*also* part of the reason why Nigerian 419 scams are one of the few
lucrative fields
On Thu, 20 Nov 2008 21:19:52 EST, Jon Kibler said:
2) About the article: No organization that has ANY interest in security
should allow ANY type of removable media on ANY system. No hard drives,
no CD/DVD players or burners, no thumb drives, no MP3 players, etc. To
allow removable media
On Tue, 11 Nov 2008 14:10:49 +0200, Juha-Matti Laurio said:
On each occasion, the cyber attackers accessed the White House computer
system for brief periods,
allowing them enough time to steal information before US computer experts
patched the system.
So *thats* where those millions of
On Sat, 08 Nov 2008 15:10:07 PST, Rob, grandpa of Ryan, Trevor, Devon
Hannah said:
Given my experience trying to get, and use, net access from Lagos, this story
has
me a bit bemused. I wonder where it is going to be located? I wonder what
they
are going to do about (the fairly
On Fri, 07 Nov 2008 14:27:22 +0200, Juha-Matti Laurio said:
Seeping rainwater has threatened the structure of the Grade II listed
Victorian Gothic building
Any of you Brits lurking on the list able to explain what Grade II means?
I'm *guessing* either a label regarding its historical
On Wed, 29 Oct 2008 19:33:59 PDT, Paul Ferguson said:
http://www.icann.org/en/announcements/announcement-2-29oct08-en.htm
Some lawyer just got the down payment on that Mercedes. ;)
pgpj1rkfAIN81.pgp
Description: PGP signature
___
Fun and Misc
On Thu, 23 Oct 2008 21:50:23 EDT, Erik Harrison said:
seriously, why is this even a conversation? patch. its important. you
know why. the devils advocate angle really isn't something anyone
dealing with deploying this patch to reams of systems wants to hear
right now.
The devil's advocate
On Tue, 28 Oct 2008 17:54:33 -0800, Tomas L. Byrnes said:
I know I'm replying to myself, but do all the bank robberies EVER, total
$700B?
The last statistics I remember seeing, the average bank robbery only nets
about $4K to $5K, and some 97% of the perpetrators are apprehended and
convicted,
On Wed, 22 Oct 2008 13:26:30 +1100, quispiam lepidus said:
Also, the unathorized people referred to in the article are children,
who kinda look like they belong in school. I know for a fact that when
I was a teenager I entered quite a few different schools to which I
didn't belong, and never
On Wed, 22 Oct 2008 16:04:53 -0800, Rob, grandpa of Ryan, Trevor, Devon
Hannah said:
Google, in its attempts to do no harm, seems to have enabled a new feature on
Gmail: the email equivalent of a trigger lock ...
Already broken:
http://ars.userfriendly.org/cartoons/?id=20081012mode=classic
On Tue, 21 Oct 2008 22:48:57 +0300, Juha-Matti Laurio said:
The system helps the school prevent unauthorized people from eating in the
canteen
If you have unauthorized people getting far enough into the school to snag
a lunch and not be questioned on it, the fact they're snagging a lunch
is far
On Mon, 20 Oct 2008 09:54:36 +0900, Peter Evans said:
Not quite up to Brazil yet.
Check back in another 25
pgp2m16I2GRsU.pgp
Description: PGP signature
___
Fun and Misc security discussion for OT posts.
On Fri, 17 Oct 2008 17:12:02 -, Paul Vixie said:
The annual Emerging Cyber Threats Report from the Georgia Institute of
Technology Information Security Center (GTISC) in the US has identified
mobile devices as particularly vulnerable platform.
In other news, water is still wet, and
On Tue, 14 Oct 2008 11:45:41 PDT, Paul Ferguson said:
That's news to me -- I'm still getting spam for male enhancement
products. :-)
The biggest operation has 5.3% of the market.
Number 2 is 4.8%, number 3 is 4.6%, and so on.
Nuke the biggest, and you still get 95% of the spam, and you
On Sun, 12 Oct 2008 15:04:16 EDT, Rich Kulawiec said:
I have expended far too much time attempting to refute this nonsense, and
have finally learned to accept the proverb Some ignorance is invincible.
Let's face it, CM Kornbluth was right.
pgpQNKIzR4GPu.pgp
Description: PGP signature
On Fri, 26 Sep 2008 21:15:05 BST, Drsolly said:
How can we tell if it's real research or fake research?
Real research usually doesn't show up as a charge on your credit card.
pgp2aNO7NZTK5.pgp
Description: PGP signature
___
Fun and Misc security
On Tue, 23 Sep 2008 00:05:47 +0300, Juha-Matti Laurio said:
Quoting Mikko Hypp=F6nen:
You're Not Paying Attention
http://www.f-secure.com/weblog/archives/1506.html
Shades of the Knights Who Until Recently Said 'Ni!' ;)
pgp92d1GZ8hxZ.pgp
Description: PGP signature
On Wed, 17 Sep 2008 22:14:06 -, Paul Ferguson said:
There are, however, mirrors. Use your Google foo...
The worms are loose, and will require a much larger can now... :)
pgpEqcZXrzWOO.pgp
Description: PGP signature
___
Fun and Misc security
On Sun, 31 Aug 2008 20:10:16 -, Paul Ferguson said:
Also, According to a report on RIA Novosti, the police say he was shot
accidentally:
He was scheduled to be defenestrated instead?
pgpcRXwM3hui2.pgp
Description: PGP signature
___
Fun and Misc
On Fri, 29 Aug 2008 13:15:08 CDT, Big R said:
Subject: Re: [funsec] OT: wonder what color his coffin would be?
Geez. Think *outside the box*, already. :)
pgpa9q7KHyzZb.pgp
Description: PGP signature
___
Fun and Misc security discussion for OT posts.
On Fri, 29 Aug 2008 14:25:19 CDT, Gadi Evron said:
http://encodor.com/index.php
this is the best tool for quick and thorough encryption. the interface is
plain and simple, encodor supports up to 400 characters, with up to 30
characters the password can be very strong, no sign up is required
On Wed, 27 Aug 2008 02:13:03 CDT, Gadi Evron said:
Maybe so, but they did it live on stage and hijacked defcon. So what if
it's old?
Even if it's old, hijacking the whole network while on stage takes cojones. :)
pgp4JtURr1vhv.pgp
Description: PGP signature
On Mon, 25 Aug 2008 13:21:38 BST, David Harley said:
Instead of being mean to Gadi, we should club together to buy him a keyboard
with an S key.
Actually, what he needs is a space key that fires when he hits it, not
a keystroke or two later...
pgpBcIShJLPB9.pgp
Description: PGP signature
On Fri, 22 Aug 2008 11:51:02 EDT, Larry Seltzer said:
...based on our efforts, we have high confidence
that the intruder was not able to capture the passphrase used to secure
the Fedora package signing key.
^^
number of OpenSSH packages relating only to Red Hat Enterprise
On Fri, 22 Aug 2008 12:25:38 EDT, Larry Seltzer said:
Yes, the fact that Fedora isn't RHEL.
OK, thanks, I see that. Let me get something straight here:
... the intruder was able to sign a small number of OpenSSH packages
relating only to Red Hat Enterprise Linux...
So the suspicion is
On Thu, 14 Aug 2008 17:37:04 EDT, Richard M. Smith said:
conference. At a hearing today, Judge George O'Toole will hear motions to
modify or lift the order. He ought to lift it.
Two things to consider in this case:
1) The TRO wasn't issued until after the actual CD's with the presentation
had
On Sat, 09 Aug 2008 10:29:23 EDT, Richard M. Smith said:
In a posting on his blog
http://tservice.net.ru/%7Es0mbre/blog/devel/networking/dns/2008_08_08.html
, the physicist, Evgeniy Polyakov, wrote that he had fooled the software
that serves as the Internet's telephone book into returning an
On Wed, 30 Jul 2008 22:43:04 PDT, Gregory Hicks said:
But looking, just now, at the headers, I *do* see the IP. (I somehow
blew on by it the first time.) Thanks again!
Don't sweat it, it's the truly rare individual who doesn't require a whack from
a clue-by-four once in a while...
On Thu, 31 Jul 2008 04:27:55 EDT, Kevin McAleavey said:
What's wrong with tree humping? Nobody in here ever got a serious woody?
You're probably gonna want some protection against splinters (at least if you
intend to be able to do this a second time), and I suspect that the average
condom
On Tue, 22 Jul 2008 18:24:50 PDT, Blue Boar said:
ryanlrussell:~ ryanlrussell$ perl -e print ord('g')-ord('f').\\\n\
1
Looks like 1 bit to me.
Right, but look at ord('h')-ord('g'), and the bit representations of those two.
instead of 'minus', you probably want 'xor' ;)
pgpBiZFElfISz.pgp
On Wed, 23 Jul 2008 08:34:15 CDT, Richard M. Smith said:
Here's what a militia is:
The term militia is commonly used today to refer to a military
force composed of ordinary[1] citizens to provide defense,
emergency law enforcement, or paramilitary service, in times
of
On Wed, 23 Jul 2008 12:57:14 PDT, William Lefkovics said:
And if the pen is mightier than the sword, we should also ban writing
instruments.
You'll poke your eye out, kid -- A Christmas Story, slightly paraphrased.
pgpePVMteT4Tr.pgp
Description: PGP signature
On Tue, 22 Jul 2008 14:55:31 CDT, Richard M. Smith said:
In the US (population c. 298.5m) there were an estimated 16,137 homicides in
2004 (FBI, 2006a) - a rate of about 5.4 per 100,000. Of these, 10,654 were
carried out with guns (FBI, 2006b).
How many people died in car crashes in 2004?
On Tue, 22 Jul 2008 15:24:06 PDT, Tomas L. Byrnes said:
More effectively than the one who picks up a meatcleaver in the UK.
If the guy's got a meat cleaver, I can probably hum the first few bars
of Gimme Three Steps by Lynyrd Skynyrd, and have a reasonably good chance
if I make it out the door,
On Tue, 22 Jul 2008 16:21:13 PDT, Tomas L. Byrnes said:
The most fundamental power, the 4th check and balance built into our
Constitution, the right of ultimate sanction (revolution) against a
tyrant, and the means to execute it (firearms) are explicitly codified
into our system of government
On Tue, 22 Jul 2008 17:19:19 PDT, Daniel H. Renner said:
Actually, that would be one byte Alex... :-D
Go look up the ascii codes for the two characters in question, convert to
binary, and ponder. :)
pgpRSV97pddj0.pgp
Description: PGP signature
___
On Tue, 22 Jul 2008 17:50:12 PDT, Tomas L. Byrnes said:
I was referring to me having the 9mm, versus having to pick up a knife.
Right, at which point you're the guy I'm trying to dodge :)
pgpFT8jBXljr6.pgp
Description: PGP signature
___
Fun and Misc
On Sat, 19 Jul 2008 23:25:55 EDT, Richard M. Smith said:
A: Because it messes up the order in which people normally read text.
OK, we'll try it your way. This morning's Roanoke Times lead story, converted
to top-posting, where the references appear before the referents:
The wreck closed all
On Sat, 19 Jul 2008 13:58:37 EDT, Richard M. Smith said:
I went back and re-read what you typed, and realized that there's a semantic
gap here. (Are you wondering what I'm talking about yet? Right, you are,
because you haven't seen the referent yet. That's the point here. Keep
reading...)
On Mon, 21 Jul 2008 14:58:17 +1200, Nick FitzGerald said:
This being disagreement or simplicity?
A better boolean operator there might be and, or maybe even xor.
One of them will have a truth table that approximates reality better
than the or operator.
pgpmZWYK1rYxC.pgp
Description: PGP
On Sat, 19 Jul 2008 13:58:37 EDT, Richard M. Smith said:
What's wrong with top posting?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
pgpWUbjbLjEdZ.pgp
On Thu, 17 Jul 2008 18:05:39 EDT, Richard M. Smith said:
So under HA, a Web browser can only show ASCII text files. After all, HTML
itself is a programming language with intermingled code (ie., HTML tags) and
data (text).
BZZT! Wrong, but thank you for playing. :)
The actual *hardware* may
On Fri, 18 Jul 2008 11:14:52 EDT, Young, Keith said:
There is no FBI research to support the 70% Lie. Probably
never has been and never will be. No one can cite the original
research because it doesn't exist. It is myth. It is urban legend.
And how do you expect the FBI to produce
On Fri, 18 Jul 2008 14:26:34 EDT, The Security Community said:
And yet the 70% Lie goes on... here's another one for the Hall of
Shame, published hours ago... same claim, no proof... this NEVER
stops...
http://www.itworld.com/opinion/53670/beware-hacker-next-door
Beware the hacker next
On Fri, 18 Jul 2008 14:51:59 EDT, The Security Community said:
If it bothers you *that* much, why don't you drop Calum and/or the ITWorld
editorial staff a note about it?
The comment is at the bottom of the page.
Calum has been inducted into the 70 Percenters Hall of Shame.
see
On Fri, 18 Jul 2008 15:22:56 EDT, The Security Community said:
Again, CyberArk != FBI and 47 != 70.
You missed the point - if 47% are doing things that are quite possibly ECPA
offenses, they could *easily* total 70% of *all* the incidents *all by
themselves*.
Assume 5 sysadmins at a company.
On Mon, 14 Jul 2008 10:13:35 +0900, Peter Evans said:
[1] Of course, the moment they know their days are numbered, they will
outlive you.
Or they go ahead and die, but keep on running anyhow, as undead embedded
systems.
That's the *really* dangerous state - you can't even rely on pulling the
On Thu, 10 Jul 2008 17:44:35 -0800, Rob, grandpa of Ryan, Trevor, Devon
Hannah said:
In order to enhance the security of air travel and to help manage illegal
immigration, the Department of Homeland Security (DHS) has solicited a
proposal from a Canadian security company to develop a
On Wed, 09 Jul 2008 09:41:20 BST, [EMAIL PROTECTED] said:
Every foreigner would be knocked out with a different drugged to ensure
full cooperation while routinely questioned about their secrets and
political opinion
Why restrict it to foreigners?
pgpTvJEKeGEmA.pgp
Description: PGP signature
On Wed, 09 Jul 2008 11:44:04 EDT, John LaCour said:
Sometimes it just amazes me how these stories evolve. Let me start off
by saying that the Department of Homeland Security's Science
Technology Directorate nor TSA have been pursuing shock bracelets for
airline passengers as alleged by the
On Fri, 20 Jun 2008 18:45:26 -, Jon O. said:
them for what they were doing. I get the feeling that these retroactive
things
are laws being put in place to protect when we all end up finding out what
was going
on here and file all kinds of suits.
You're new here, aren't you? :)
On Wed, 21 May 2008 07:18:44 CDT, Dennis Henderson said:
In the US, anything considered taking action or necessary violates some
civil or constitutional right or is leaked out by some conscientious
objector. It would seem some organizations care more about keeping their
phone calls private
On Wed, 21 May 2008 17:27:13 EDT, Wes Deviers said:
The problem, and the entire political debacle behind illegal wiretapping,
was what happens when one, or both, of the known/suspected operatives with
known phone numbers are inside the US? What if you have to get the warrent
issued by a
On Tue, 20 May 2008 18:54:26 CDT, Richard M. Smith said:
Schlage adds wireless remote to door-lock line
Schlage is building wireless automated technology into its family of
door-lock products with a Web-enabled device that allows customers to use
any device with a browser to power and monitor
On Tue, 20 May 2008 22:37:24 CDT, Gadi Evron said:
That's the lovely thing about living in Israel, the security services
are too preoccupied with trying to prevent the next terrorist attack to
remotely care about us security hacktivists.
See, that's the big difference - *your* security
On Wed, 14 May 2008 13:53:11 -, Paul Vixie said:
[EMAIL PROTECTED] writes:
This is earliest mention of that phrase i could find.
In March 2000, I was already attributing the soft and chewy concept
to Marcus Ranum, so he must have come up with it even earlier.
in 1992, marcus
On Tue, 13 May 2008 13:55:27 +0200, Predrag Ivanovic said:
On Tue, 13 May 2008 05:22:19 + (GMT)
This is earliest mention of that phrase i could find.
In March 2000, I was already attributing the soft and chewy concept
to Marcus Ranum, so he must have come up with it even earlier.
(For
On Thu, 01 May 2008 16:27:39 +0900, Peter Evans said:
I use a train, almost certainly it's nuclear powered.
Of course, you live someplace that they started seeing the importance
of building usable train systems some 60-70 years ago. We're screwed
until the year 2068 at that rate... :)
On Tue, 29 Apr 2008 09:45:30 CDT, Randy Has Candy said:
From: Blue Boar [EMAIL PROTECTED]
They're not mutually-exclusive. You can have a
VirusTrojanWormSpywareExploitRootkitBot if you want.
Oh great. Now you did it. You had to tell'em. You had to let it out of the
bag! Great!
Fortunately
On Wed, 30 Apr 2008 04:19:50 -, Paul Ferguson said:
Wikinews has learned that a United States Department of Justice (DOJ) IP
Address has been blocked on Wikipedia after making edits to an article
which were considered vandalism.
We have always been at war with...
For bonus points - if we
On Wed, 23 Apr 2008 23:23:58 PDT, Dragos Ruiu said:
On 23-Apr-08, at 9:47 PM, Peter Evans wrote:
The other option is to have exploding laptops. ^_^!
It worked for Mission Impossible didn't it?
One presumes they might not like those on planes.
It isn't like it's difficult to sneak
On Tue, 22 Apr 2008 14:36:59 PDT, Blue Boar said:
Possibly more of a bad name. I don't see anything inherently evil in
distributed front-end proxies. Doubtful how workable it is, though.
Am I misreading the fine article, or are they saying it's harder for
a botnet to DDoS a server if it's
On Tue, 22 Apr 2008 22:22:40 -, Paul Ferguson said:
Am I misreading the fine article, or are they saying it's harder for
a botnet to DDoS a server if it's load-balanced across a shitload of
front-end servers, preferably geographically diverse?
Similar in nature to how an Akamai-zed
Yow. Make a typo, end up dead.
http://gizmodo.com/382026/a-cellphones-missing-dot-kills-two-people-puts-three-more-in-jail
pgpfX8aYyBdtB.pgp
Description: PGP signature
___
Fun and Misc security discussion for OT posts.
On Fri, 18 Apr 2008 09:52:23 +1200, Nick FitzGerald said:
That's overkill -- thorough-going implementation of the security bit:
http://www.ietf.org/rfc/rfc3514.txt
You should have seen the look on Steve Bellovin's face when I got to tell
him that a friend of mine (who worked at Comcast at
On Thu, 17 Apr 2008 12:39:01 CDT, RandallMan said:
Have been refreshing myself on CEH and CISSP studies. Looking over the OSI
model I noticed that all layers have been hacked! Perhaps its time for
another layer:
THE SECURE LAYER-LAYER 8. Perhaps this would fit true with a layered
approach to
On Thu, 17 Apr 2008 20:49:08 -, Paul Ferguson said:
Wow. I hope this starts a shit storm. :-)
If the President admitting to war crimes (in the form of knowingly
aiding and abetting the torture of people) didn't start a shit storm, why
do you think there's any chance of somebody's cablemodem
On Mon, 14 Apr 2008 20:13:07 CDT, RandallMan said:
Don't you hate when you send the socks out to be washed and one
disappears in to a black hole somewhere never to return? Seems like
there is a similiiar situation with the internet. We seem to have
black holes where information is possibly
On Sat, 12 Apr 2008 15:49:06 PDT, Blue Boar said:
But no, no fundamental rework of the message-passing mechanism. Maybe in
Windows 7, where they are threatening to break compatibility with Win32.
And in other news, Beelzebub is reportedly training hard for the ice skating
event at the next
On Sun, 30 Mar 2008 15:14:58 EDT, Alex Eckelberry said:
OK, I'll bite.
How *do* you beta test an airport terminal, or other creation that is
too large/unique to build/deploy a test copy of?
pgpM5Msn1Vxlk.pgp
Description: PGP signature
___
Fun and
On Fri, 28 Mar 2008 09:54:00 EDT, Richard M. Smith said:
In a press release, TJX, of Framingham, Mass., said it disagreed with the
allegations in the FTC complaint, noting that prior to the breach, the
company's data security was similar to that of many major retailers.
I've never heard
On Sat, 22 Mar 2008 06:57:16 EDT, Larry Seltzer said:
All of the data? As far as e-mail goes it appears they had a crappy plan
to back it up (burning PSTs to CD-ROM), but I'm sure all official data
was stored on servers. I wouldn't waste a backup on the remaining
garbage on a hard disk.
On Tue, 18 Mar 2008 06:28:43 CDT, you said:
Once you realize an ATM is not a corporate desktop, is not connected
to the Internet, performs a very specific function, and lives on an
isolated network
Which is why, when Nachi was toasting the public network, a lot of bank's
ATM networks also
On Mon, 17 Mar 2008 12:31:10 CDT, Gadi Evron said:
I know what I'm doing tonight.
Question of the day - who has less Irish in them, Gadi or me? :)
pgpKYXIm9PeRo.pgp
Description: PGP signature
___
Fun and Misc security discussion for OT posts.
On Mon, 17 Mar 2008 17:01:36 EDT, Richard M. Smith said:
Hannaford became aware of the breach Feb. 27. Investigators later
discovered that the data breach began on Dec. 7; it wasn't contained until
March 10, said Carol Eleazer, Hannaford's vice president of marketing in
Scarborough.
Let's
On Tue, 18 Mar 2008 00:02:57 EDT, der Mouse said:
Only to the extent that they choose to stick themselves with them. If
banks were to grow balls enough to start issuing RFPs specifying no
Microsoft operating systems, I'm sure there would be suppliers happy to
cooperate.
Anybody care to send
On Thu, 13 Mar 2008 01:05:19 EDT, David Kennedy CISSP said:
“The risks to patients now are very low, but I worry that they
could increase in the future,
Give the man a tinfoil hat. Good for asteroids too. Odds at
the moment seem comparable. Please excuse me a moment while I
go get a
On Fri, 14 Mar 2008 16:53:01 CDT, John C. A. Bambenek, GCIH, CISSP said:
Since when did the requirement of 100% success become the bar that must be
crossed for any policy? If you really believed 100% effectiveness was
required before anything was initiated, we'd have to give up on information
401 - 500 of 719 matches
Mail list logo
