The OS's built-in encryption for many people is not dm-crypt, but BitLocker, a closed source implementation by Microsoft. And we know nothing about it. When is the key present in RAM? Is the key derived on boot up? How is it protected between boots? Is there an escrow key obscurely baked into the trillion bytes stored somewhere on the hard drive? And can it contain deniable drive images in the slack space of a parent drive?

Because the open source TrueCrypt code has been subjected to code reviews, and backdoors have not been found, it's somewhat more trustworthy than the closed source implementation that comes with the expensive versions of Microsoft's OS.

While it's possible (unlikely in these days of PCI) that a POS register could have a direct route to the internet, it's also likely that the registers weren't the only machines in their system that were hacked. It is probable that the criminals found a little-used server in K-Mart's HQ systems, compromised it, and set up what's called a "dump site." The registers are then configured to exfiltrate their data to this internal HQ server, perhaps by periodic FTP, and the hackers had the HQ server send batches of data out to the internet at a later time.

There is a strong protocol, and yes, it includes decontamination sprays. As I understand it the protocol includes a disinfectant spray before taking off the suit, a hand spray after removing the first layer of gloves, then another disinfectant spray after stripping. And the gloves and suit are all supposed to come off inside-out, always turning the the hot side to the inside.

Remember that any suit that can protect the wearer against virus is also impermeable to air. That means the suits heat up. They are sweating profusely as soon as they get their suits on, and they can only remain suited up for less than an hour before roasting in their own juices. When every surface is soaked in sweat, it's impossible to recognize when it's the patient's infectious sweat or your own.

We know the best practical approach is to use a buddy system, and have them help each other. Even so, the first buddy to disrobe is still handling the infectious materials while helping the other to strip, so they still have to be vigilant. Repeat that clothing protocol every other hour for a long work day, week after week, and if the wrong piece of fabric ever accidentally brushes on you any time during the process you may get infected with a disease that has a 60% chance of killing you. Or if this is your first time dealing with an Ebola case, how do you know you've followed the protocol perfectly?

Now, cross the ocean. Place all of that in the context of extreme poverty; chronic suit, glove, equipment, and doctor shortages; wailing and shrieking family members; orphaned babies that may be infected; contaminated water supplies; relentless heat; men who tell rumors that Ebola is a disease from the West that is being spread by doctors and is being used to kill Africans, or that Ebola doesn't exist; populations frightened by the presence of workers in "moon suits" coming to collect their dead relatives; a culture that grieves by touching the bodies of the dead; and the dozens of other deadly diseases that still strike Africans constantly, including malaria, dengue fever, AIDS, hepatitis, typhoid fever, and chronic diarrhea caused by rampant bacterial and protozoal infections. Oh, and attacks on clinics by gunmen.

It's almost as if the disease evolved itself to adapt to collapsing health care systems in impoverished nations.

The problem in these African nations is that the virus' main victims have been predominantly among the few trained health care workers they had.

If you live in the developed world, you don't even think about the doctor:patient ratio, which is probably somewhere around 1:400 in your country. In Liberia, the ratio was about 1:100,000 (back in 2008). That means in this entire country of 4 million people, they had about 40 doctors - about the same as one typical urban American hospital. These are the only people capable of "holding back the infection", as you so glibly put it.

This year alone, Ebola has already killed about 10% of their doctors.

As far as money goes, Liberia already spends more of their money on health care than any other country in the world. As they are one of the poorest nations, they have very little money for anything at all, so this has them completely tapped out.

What good is even a hundred liters of zMapp if there aren't enough doctors to identify and treat the infected?

Be prepared to lose a dollar. The protocol for donning and removing the protective gear is very complex, and very hard to get perfect. When putting the suit on, it's possible to get gaps between the goggles and suit without even knowing it. And when taking it off, a tiny flap of the contaminated suit brushing against a clean surface is almost impossible to detect.

In contrast, Tyvek suits are very hard to tear unless you're doing hard physical labor in a rough environment. Most hospital settings don't have the infectious care nursing staff crawling through piles of dirty rebar or squeezing along rough mortared brick walls.

The principle difference between them is that Jobs was always known to be a huge douche-nozzle. If Musk is similar, at least the stories of it haven't spread as much yet.

"ATTENTION K-MART HACKERS!

We have a special deal for you under the flashing blue screen. Credit card numbers, all you can stuff in a ZIP file. The blue screen will only be there for the next month or so, so hurry on over and check out the checkouts."

Sorry about following up to myself, but I just thought of another resource. The Information Security stackexchange site has several postings you might find of value. Search for CTF: http://security.stackexchange.... and you'll find really helpful sites like http://capture.thefl.ag/

You didn't say how old your students are. If they're still in high school (or younger), consider the CyberPatriot competition. It's a National Youth Cyber Education Program, put on by the Air Force. In the competition, teams are given VM images that have various vulnerable operating systems that they have to keep operational while they keep them secure. The earlier rounds feature a scoring robot; in the later rounds the students face a Red Team.

The entire competition is focused on defense, so there are no points for attack. Teams from around the country compete for a trip to the national finals. Prizes include scholarships for the winning teams.

If you're interested, have a look at https://en.wikipedia.org/wiki/... . Today is the last day to register teams for this year's competition, so you might want to look quickly.

Even if you're not interested in standing up a competitive team, their site provides instructions on how to build practice images, and you can download their scoring bot to see how well your teams fared. http://www.uscyberpatriot.org/...

None of it was awesome.

Perhaps if we banged the rocks together after carefully placing the lawyers' heads between said rocks? Kuh! Kuh! Kuh!

I didn't understand that either. Someone with a machine vision and shelf picking system could name their price instead of settling for a measly $10K. Hell, they could lease just one of those pickers out for $10K/year each, and Amazon would snap them up as fast as they could come off the factory line; as would just about every other warehouse operation in the country.

I'd say "nice try, Amazon", but it doesn't even seem like they're trying. This is just pathetic.

All right, but apart from the easy online payments, electric cars, space program, sanitation, medicine, education, wine, public order, irrigation, roads, the fresh water system and public health, what have the Romans ever done for us?

So we send them with one suit each, no fabric, and no sewing machine? "Oops, it leaked, I guess you die then."

Although it would certainly reduce the cargo space taken up by a "lifetime supply" of food and water.

What makes you think a Tor server can't be hacked? Tor is just a network protocol that masks the source and destination addresses of a connection. It is not magical hack-proof server sauce.

In the case of the Silk Road, the server was hacked to do at least one thing: the law enforcement agency added malicious javascript that caused browsers who connected to their servers to cache that script. Then, when the hapless drug buyer disconnected from Tor, the script remained in their cache, and when they reconnected to a regular network connection, the script phoned home from their real IP address. That's how they identified buyers on the Silk Road. But if they've hacked the server, it is not hard to believe they didn't also determine its real IP address.