Well, even the emergency brake on many modern cars is no longer a pure mechanical device. http://www.audi.com/aola/brand... I think that it's safe to say that the manual brake feature is going to require electronic equipment to be functional.

Exactly. Do I have a problem with Big Tobacco? Yes - because they lie about their products and refuse to disclose the ingredients cointained within their products. Otherwise, I have no problem with multinational companies that want to sell tobacco, cocaine or heroine.

The problem is that a trusted device becomes untrusted as soon as you plug it into a computer not 100% in your control. Bring a USB storage device with you to work? To a friend's house? To *shudder* your parent's computer? What prevents a USB storage device, especially a common model, from having it's firmware overwritten? It's all too easy to have malicious code that moves around as firmware, something that it seems isn't checked by typical AV software.

I will ignore the "proper OS" taunt - it shows a lack of perspective, given that Windows is the most popular OS in use today. Every OS has keyboard shortcuts. Could you disable them? Perhaps but that's besides the point - most people won't. Ubuntu - CTRL+ALT+T = terminal OSX - COMMAND+S+terminal = terminal Windows - windowskey+r+cmd = terminal Those commands only cover around 97-99% of the desktop/laptop market share. Think that's not juicy target?

The problem at hand is that you can take a trustworthy device, plug it into an infected computer and then your trustworthy device becomes compromised and not easily detectably so, infecting your formerly clean PC. So far, no comments on mitigating procedures or OS specific circumstances. Most OSes will automatically load USB devices so in theory this could affect just about every OS whereby a compromised phone decides to become a keyboard and starts typing keystrokes and sending data to a 3rd party. Scary, at least in theory.

This. PCI DSS has a tone of requirements, not the least of which is having a basic firewall. Unfortunately it's all too common having vendors who choose the path of least resistance such as requiring domain administrator credentials to run a service or disabling any firewall services simply because they haven't taken the time to learn a proper security mindset. Just because many vendors are clowns doesn't give this particular vendor any excuse. A perfect example - a large financial information provider that will go unnamed installed a service in our data center for pricing. They delivered 3 PCs, 2 switches and 1 router. None of the equipment was redundant and any single component failure took down the entire system. When asked why they didn't offer 2 routers, 2 switches and use failover - they admitted that they just didn't do it that way. Incompetent comes in all sizes - always object when you can.

I imagine that cable companies have no intention of making CableCards easier to obtain or use. The profits they make on an (HD) DVR + Remote rental every month far exceed the much lower fees for the CableCards. If I were the cable company, I'd make sure it was a PITA to obtain one vs renting a cable box. The best way that TIVO becomes easier for most end users to select is for cable/satellite providers to include it as a DVR rental option - I've heard that some companies do this. Unfortunately, Cablevision (my provider) does not.

While I'm not certain that the risk of death is the cause of the manned space program's demise, this is certainly the reason we haven't planned any manned missions to Mars. There are other branches of the military where the risk of death and the consequences are well accepted. For example, mining, offshore fishing and armed conflict all accept a certain level of risk due to the nature of the job. If politicians and the public accepted the risks then we could easily organize a 1 way trip to Mars with a remote possibility of getting a team back to earth within 10 years, presuming advances in technology and supplies sent via unmanned capsules.

More interesting to me than how the intrusion occurred or how lax Sony's security practices are will be what the public backlash level is like. IT security departments tend to whip up a frenzy with the potential for "end of the company" concerns for data breaches on a regular basis. However, reality is that data loss doesn't always seem to have a particularly negative effect for the company that loses the information. Point in example would be the TJX data loss - http://it.slashdot.org/story/07/03/29/1618239/TJX-Is-Biggest-Data-Breach-Ever. Somehow this hardly seems to have put a dent in corporate profits. TJX's stock is up 100% since 2006 when the breach occurred. http://www.google.com/finance?q=tjx Point being is, if nothing seriously negative happens to Sony then it's no wonder that firms continue to have poor security practices. After all, why bother spending the effort and money to secure data when there is no return on the investment?