So 1,800 "cyber-warriors" crash 48,000 machines. Or ... each "cyber-warrior" crashes 27 machines. Yeah. Big threat there.

And crashing 48,000 machines? What is "elite" about that?

This sounds less like "a sophisticated cyber-warfare cell" and more like a few script-kiddies. If you want to cause damage then you search for Excel files and you make a few, random changes to the numbers. Do the same with any database files you can find.

And, lastly, you NEVER crash a machine. You want to maintain control for as long as possible.

So, yeah, it reads like bullshit propaganda. It probably is.

First rule of crowd moderation: flagging as abusive/trolling/offtopic will be used as 'I don't agree'.

Yep. Which is why /. should require that every down-mod be accompanied by a short explanation of WHY it fit "abusive/trolling/offtopic".

Up-mods don't matter. If you want to mod something up then no explanation is necessary since they don't "bury" unpopular opinions.

What kind of people are those going to be who volunteer to do a corporation's job?

That would be those people who already have an agenda that they believe could be furthered by restricting other people's accounts.

Tyranny of the majority.

And that isn't counting hiring people to do that. For just $X a day, you can down-vote post opposing Y and up-vote posts supporting Y. Think about whatever political position you don't like and imagine those people doing that.

Bennett Haselton is an idiot. That's okay.

The fact that Bennett Haselton's idiotic ideas get front page posting on /. is a problem. Why did samzenpus feel that this was worth posting?

Since the AI will probably be a computer ... doesn't the exact nature of the threat come down to what that computer is connected to?

AI + tank is a different issue than AI + colour printer.

You had me at rich.

Know what you want and then go after it.

If you want "rich" then tech probably is not the career path for you.

But seriously...if they got rich by knowing enough tech to found and build a startup, what's your beef with them?

Some did get rich through their technical skills. But more did it through business skills, relationships and such.

So what if it is a rich white frat guy.

Because the rich, white, frat guy will hire his frat brothers instead of you. One of them will be named CTO/CIO and that person will hire a manager and that manager will hire you. They get the stock options and you get a salary.

If you want to be part of that group then you go to that school and you join that frat.

Learn to deal with them and it might get you in the circles of people that are getting wealthier and help you do the same.

And that is the core problem. You see the tech person as lacking something that needs to be improved in order to join the frat brothers.

What do the frat brothers bring to the company?

You are disposable. There will always be another one just like you that they can hire. They can get a dozen resumes with a single call. That's if they don't just get someone on a H1B visa.

I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

Or had those companies outsourced their email?

Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.

Dear Alice, please go to this website and enter your email password and do not ask me why the next time you see me in person because it is a secret.
Sincerely, Bob

The bit of 'spreading life' doesn't make sense.

That's what I thought, also. Even if they were dragging planets with them (is it possible for planets to orbit that fast?) wouldn't the planets have been sterilized by the conditions at the center of whatever galaxies they came from?

Just finding one of them should be cool enough. There's no need to postulate about "life".

I'm beginning to think that many corporations establish online systems without ever doing a serious 3rd party security audit and then penetration testing, plus using whatever real time monitoring tools they can to detect and stop intrusions.

I worked with a company that used TrustWave for their 3rd party pen test. The TrustWave person was ... okay ... but he was only allowed to "test" for 5 work days (Mon-Fri) not counting travel time (no Mon morning or Fri afternoon). Or evenings/nights (take his laptop to his hotel). So, in total, less than 40 hours before declaring the system "secure" enough.

A real cracker could rack up double that in a 3 day weekend. Even with only one compromised machine.

And the "real time monitoring tools" usually only detect the script kiddies. Which is a positive step. Just not enough of one.

I think that the core problem is that "computer security" as a concept is way beyond the cognitive capability of most management types.

It really comes down to YOUR skills in PROTECTING the systems
v
the skills of EVERYONE in the world who can script automatic ATTACKS against those systems.

So right from the beginning YOU are at a disadvantage. Then YOU also have to COMMUNICATE the risks and requirements and costs to management. Every single day that you are NOT cracked (or the crack detected) means that YOU were wrong AGAIN about the risk of not spending $X on sub-system Y.

And management types do understand the concept of "inflating" your budget/status by overstating the real risks/rewards.

I thought we argued on all the downloading stories that an IP is not an identifier?

It is not sufficient for prosecution.

First off, an IP address can be re-assigned. So you'd need an IP address and date/time to be able to link it to a specific ISP account.

Each account can have multiple machines behind it that may or may not belong to that account (depending upon the security of their wireless network for example or whether any have been cracked already).

So an IP address is not sufficient for prosecution BUT it can be a personal privacy issue.

Bennett Haselton spends 1341 words on what should be a 3 sentence summary.

If you want to know whether X accessed the mayor's dropbox (why is the mayor using dropbox in the first place) then you need to
a. get the IP addresses & times that they were used to access it
b. match the IP addresses to ISP user accounts at those times

Now, if the judge does not support you, personally, having access to the IP addresses then the judge can appoint a disinterested 3rd party do handle it. You are only interested in the ISP user accounts and whether those belong to lobbyists.

There! Done! And no need for Bennett Haselton's weird tangent on cracking via web browsers.

That would end abuses quickly and all of a sudden the "shortage" would disappear when it becomes more costly to get and keep an H1B then hire a local.

I think that they'd just demand MORE visas be made available.

And they'd still be claiming a "shortage" because they cannot find the talent they need at the price they want to pay.

This link might work better for you.
http://www.huhcorp.com/

Because nothing says "the future" like having to run scripts to see anything on their page.

Dense urban grids. Self-driving vehicles. Flexible workspaces.

Sentence.

Fragments.

So this was just some slashvertisement to run up Ideo's page count? I'm not waiting for their site to load whatever-it-is that it was trying to load.

Is he saying we might end up in a fight with [China|Russia]?

Because if he is not then we'd be better served spending that money trying to stabilize the mid-east. And re-building our own infrastructure.

In my experience (as a dev team lead and interviewer) foreign workers are generally more educated, more productive and more willing to got the extra mile than the local self-entitled bunch.

Well, unless you secretly work for Google or some such, this is not about you. They're the ones who can afford to attract the best people from around the world.

The other people claiming to be in tech usually mean H-1B visa recipients. And the real reasons to hire them are:

1. They're cheaper than hiring US citizens.

2. They cannot change jobs as easily as US citizens. No matter how many hours you demand that they work.

3. They're easier to dispose of. You just send them back home. No need to worry about wrongful termination suits or such.

If you cannot afford to hire the people with the training necessary then you need to look at your business plan.

Complaining that the local people who will take the job at the pay you're offering lack the education necessary says more about your pay than about the skills of the local people.