So we'll see innovation in other places.
Take Plex for example. When I'm at home, on the wifi my plex client on my android phone downloads any subscribed content from my server. Then I have it in local storage till I watch it, when it's deleted.
Way better then over the LTE anyways, fewer dropouts. Sometimes adversity breeds innovation.
Min
Looking at the comment threads, yes, it appears to be a 'faithful' implementation of the original code's rules, or rather a superset, since it includes the pawn promotion rule and the original did not.
Min
Sure, over an evolutionary timespan. Assuming that the disease in question kill before you can give birth, and that they kill enough of the population to be impactful in an evolutionary sense.
Call me soft though, I'd prefer we solve this problem in something less then an evolutionary timescale. I kinda care about the kids who'd die otherwise.
Min
Hrmm, this might work out well for us non-govt people.
Consider:
NSA: "Apple, you must let us 'review' your code. We'll keep our findings to ourselves, you can't tell anyone"
Apple: "OK"
NSA digs through code, finds exploits, locks them up for future weaponization
China: "Apple, we'd like to "review" your code. We're going to tell the world about it"
Apple: "OK"
NSA: "Crap, now those evyl Chinese will find our exploits. Darn, I guess we'd better tell Apple to fix them after all or the Chinese will be spying on us!
At the end of the day, the best we can hope for is that the various spooks keep each other honest.
Min
Sadly the relevant research shows that while you would like this to be the case, it isn't.
If you'd like to know more, look at the defcon conference videos for the last few years.
Just as a for example, I'll direct you to this article:
http://www.nytimes.com/2011/03...
There was also a talk this last year that went into the architectural design of the car's network, and showed that in most cases there was no device between the head end unit and the sensitive items in a car, and where there was it wasn't a security device, merely a signal management unit, and the presenter expected to be able to jump it. But again, typically if you get access to the bus, you can talk to anything you want. There was also a lovely bonus bit where they showed you could update the to an arbitrary unsigned firmware due to some sloppiness in the process. (if you cut the power at the right time, the recovery process didn't do the appropriate checks. Once they got in and could analyze the python scripts being used, they discovered if you wrote a specific character (I think D but my memory could be playing tricks on me) to the right sector of the CD, it would bypass the signature checks and just update the firmware.
Engineers are generally smart, but they also tend to design to the specifications. If you don't TELL them to consider an attacker in their designs, they don't.
Min
No need to do such extreme damage, when the same effect can be achieved with a simple fuse on the positive voltage line of the port. Suspicious activity? Burn the fuse-- BAM-- port is dead, but easily fixed.
Doesn't protect against other attack avenues that have either been hypothoized or demo'd though. The entertainment unit always seems popular. Trojaned CD in the player, for example or exploit against the bluetooth system. Hey I wonder what happens to that cute bit of software that displays what song the FM station is playing if the station sends YourPawnedxxxxxxxxxx....?
I'm not sure most of the security sector put it together that someone might voluntarily install their own remotely exploitable device into the bus in sufficient numbers to be interesting. Guess we should know better then to underestimate the power of a discount!
(I do agree with the rest of your post btw.)
Min
lol - exactly what I thought. Where's my floppy with OMMM (opus matrix mail masher, fidonet's answer to sendmail!).
Min
Just as a point of interest, there was a talk at Defcon last year where someone built a IPS (intrusion prevention system) for the bus of the car. It turns out that the communication matrix for a car is a very static system. The parts of a car that communicate with each other do so often (e.g. Engine controller and injection system), and predictably. Other parts that don't (e.g. entertainment system, or that ODBII plug from the insurance company and the traction control system) never do. So it's possible to build a device that models the system by listening on the bus and if it suddenly sees new traffic patterns shorts out the bus, leaving you with a less smart, but still on 4 wheels and not careening into oncoming traffic, car.
Seems like something the OEMs should be looking into.
Min
An open network connection at a security conference. That's either a honeypot or a freebie.
This. At the security conference I attend (defcon), assuming you got drunk enough to be dumb enough to connect an open hotspot, you'd be thanking your lucky stars if the worst that happened to you was getting on the wall of sheep (which is essentially the same stunt this guy pulled, with the information projected on a wall for everyone to see). I personally VPN *everything* during that week, and if I have to absolutely connect to a work system, I drive to a random McDs outside of the conference and do my VPNing from there (it's usually faster and more reliable then any network at the conference too, since it's not the prize in a big game of Spy vs Spy).
Min
+1 to CISSP, I had essentially the same experience as the OP, and decided that IS manager tedious. I went and wrote my CISSP, got 'lucky' a couple of times with breach issues and poof, 5 yrs later I'm a Sr Infosec Manager.
While it doesn't have a practical component, I've met very few people who honestly say they left the exam knowing if they passed or failed. Most nerve wracking test I've ever sat for anyways. And most of infosec (absent specialties such as pentest, and even then arguably) is 90% thinking anyways. Very seldom is it important to know what command to type. Much more important to know the theory like the back of your hand.
All that having been said, if you don't like handling people, infosec is likely a poor fit. You'll top out soon if you can't have a coherent argument with someone that doesn't degenerate into "Because I said so".
Min
Min
I've hired people with misdemeanors before.
Be honest about the crime, don't have it be a surprise that I find out during the background check part of the hiring process.
I also know other managers who've done the same. Its tough to find good people. A drug offense 5 yrs ago, with proof of a completed drug treatment program for instance isn't going to stop me from hiring a good IT worker.
Min
Well since the publication date was 2010, I'm not sure we can blame Jean for this one.
I'm very happy that my daughter gets angry and pissed off whenever anyone suggests something is a boy toy or a girl toy tho. (Drive thru at McD's is rough!)
Min
Yep, a call to my corporate legal dept would be my first move in this situation. It's amazing how many situations got deescalated when we got the other party on the phone with my legal dept on the line.
Min
My Wife's response:
"OK that's it, I'm cutting you and the kid off. More for me!!!"
Min
I did YKnet around the same era then, out of Whitehorse. Set up an 8 line dial up pop in Old Crow, using bound analog sat channels.
I also did a stint down in the Eastern Carribean. I remember the bribes, favors, etc required to get a UPS from the dock to our building, and members of our team blocking off the main drag in town while we used the (borrowed) cargo forklift from the docks to lift the UPS up the side of the building. While we were discussing how to get it in the window the forklift driver disappeared, leaving the UPS balancing on top of a power pole. Driver was asleep under the lift. Waiting for the ex-pats to make up their minds.
Cricket games were something else too!
Min
There are two ways to write error-free programs; only the third one works.
