If you are working for DoD or any armed service subsidiary, I'm pretty sure the policy is for you to have the drives destroyed before they leave your control, period. You can re-use them internally indefinitely, but at the end, they need to get physically destroyed. The various overwrite processes are usually considered "good enough" to reuse them at lower security levels until then, though.

... are the agencies that overpaid Oracle, probably by (a lot) more than the amount of the settlement. The funds will be returned to the general revenue, and the government programs Oracle ripped off will never be reimbursed. That means Johnny doesn't have as many bullets to shoot at Al Qaeda, because the logistics chain is out the extra money they paid Oracle. It also means that contractor Jane got laid off, because the money to pay her went to Oracle instead.

"Applied security by obscurity" is not a new concept: it is usually referred to as "operational security (OPSEC)," at least in military circles. The author's use of complex notation doesn't change anything, although he seems to imply that it might be appropriate to deliberately analyze and model OPSEC at very high levels of design. The "know your enemy" concept is popular among pundits, but also problematic: while directed profit-motivated attacks and state-sponsored hacking have become popular topics in the press, there are still plenty of work-in-the-dark-do-what-we-can basement hackers out there, who will take delight in breaching your OPSEC just to prove it's possible (the ability to sell their results only adds motivation).

Seems more likely to me that PayPal has succeeded in identifying 1000 overseas botnet clients by IP address.

...because Microsoft already has all of our software money.

If you root the PLC, then you can probably do something like cycle the locks until the solenoids burn out. Given the inherent conflict between safety and security, I wouldn't care to bet whether they'd fail in lockdown or free-for-all mode, or 50/50 either way. Any countermeasure implemented in PLC code instead of hardware (or a semi-autonomous downstream PLC) would be vulnerable to alteration. A well-designed PLC implementation will have only *monitoring* outputs accessible to Internet-connected PCs, while the actual control inputs remain locked up tight in multiple ways.

"3. Management Security Policy [...] c. System and Services Acquisition. In accordance with DOJ IT Security Standard – System and Services Acquisition (SA) Control Family, Components shall: [...] (6) Ensure third-party providers are contractually required to comply with this policy to employ adequate security measures to protect information, applications and/or services outsourced from the Department." [http://www.justice.gov/jmd/publications/doj2640-2f.pdf] I've got a banana peel that says the ManTech contract didn't contain such clauses, nor any means of verification if it did.

This is very convenient, if both you and your condition happen to be covered by Medicare, and you can find health care providers willing to settle for Medicare payments.

"... Canada would become a haven for actual criminals ..." You mean as opposed to war criminals? http://news.yahoo.com/canada-releases-names-suspected-war-criminals-205701047.html

Demonstrating that a scheme is secure would mean proving a negative -- an impossible np-complete problem. That's why it's so difficult to trust *anything*, because even the schemes people think are the most secure today may be broken tomorrow. It may be hard to make a scheme whose insecurity cannot be easily demonstrated, but when it finally is demonstrated, it usually appears to be easy.

[http://www.imdb.com/title/tt0041267/] "... Dr. Ordway (Warner Baxter) attempts to solve a murder in a highly interesting place: a sort of call-in jukebox where bar customers may request a particular record to be played ..." Wow, I guess this concept has precedent. Anyone old enough to remember those services actually existing? Muzak on demand.

Can you say "Paparazzi"? I knew you could.

There are a number of responses above with varying degrees of M$-enlightenment (thalakan's being the most professional); however, it's not entirely true that Windows was designed exclusively for point-and-click administration. That's only true of the GUI shell. Windows was *designed* to be administered by *compiled* code. Preferably C++, which is the only thing that can deal directly with the shitty disaster that is the Win32 codebase without making things worse. Everything else is a shim over the Win32 nightmare, which is still the "core" of the operating system. So, everyone saying "you're just fucked" is in some sense accurate, albeit not precisely correct. The whole OS should have been refactored starting in 2003, when Microsoft pretended to be interested in security. It wasn't, so here we are.

... Turkish government issues a statement denying the event ever happened ...

Maybe (1) http://www.straightdope.com/columns/read/716/what-is-the-true-source-of-the-kennedy-familys-wealth and maybe not (2) http://www.thedailybeast.com/blogs-and-stories/2010-04-26/the-kennedy-bootlegging-myth or as Candace Bergen once put it "twelve arrests, no convictions" [T.R. Baskin] (not that old Joe was ever arrested, mind).