I don't mean to challenge whatever white-hat work that Kevin Mitnick is doing, but the phrase does indeed strike me as something a lobbyist (or well, tout) would tell me. Perhaps I'm just cynical.

It's cynical at all. Ecuador isn't really known for being terribly trustworthy.

http://report.globalintegrity.org/Ecuador/2008

My feel is that Mitnick was just brought in as window dressing. I wouldn't even suspect that Mitnick would have to hide anything he finds. It's only the tabulating equipment that he's "securing", not the entire election. There's FAR more to securing elections than some silly computer system that counts things. Election fixing happens out in the polling places where few people are looking, not in some big centralised location where the counting happens.

To actually ensure a fair election requires people monitoring polling places, not a couple guys making sure nobody hax0r3d the machine that does the counting. Mitnick is smart enough to know this, but yet is lending his name to make money. I really have no idea if elections are fair in Ecuador, but you're quite right to be skeptical of Mitnick's role in the whole thing.

It isn't the fault of anyone....

Given enough information, it will always be easy to identify specific individuals with relative certainty.

The situation is avoidable because the research data included too much identifying information. How relevant is the persons age for instance? How relevant is the specific place of birth (City for instance vs region).

There's a way to publish the data with enough uncertainty about who the individual is to make identification impossible, or extremely unlikely. I don't know if that makes it anyone's "fault", but I will say that it's obvious that changes in what data gets associated with the genome record will fix the problem.

  (IIRC TomCat is built on Apache).

Tomcat is an Aparche Software Foundation project, but it really shares about zero code with Apache httpd. Tomcat is a pure Java implementation of a Java Application Server, and thus has no C code embedded in it. There's some kind of native connector for windows, but I wouldn't bet that has anything to do with apache httpd.

Sorry, but I don't take press releases by companies accused of bribery very seriously. Why should I? Do you just automatically believe the guy that said "I didn't do it?". If the police announced the same thing that might be something worth considering as a real source of information.

This headline is really badly written.

No, the headline offers a different perspective than you do. One that from the looks of it is more accurate than yours. A few high levels officials taking bribes, and the words "long established practice" more than add up to this being a systemic problem (and thus something part of Foxconn) rather than some isolated incidents. Neither article mentions anything about Foxconn calling the police about the bribes.

Later reports suggested that the police investigation was looking at several examples of this long-established practice, and that Foxconn had cancelled a contract with a supplier which was suspected of offering bribes.

The flash point is 143 degrees Fahrenheit. So you'd need to get a portion of it near something that produces a lot of heat... like say a generator, or a server.

In total darkness, up 17 flights of stairs, with a flooded basement? Sounds like a recipe for a potentially fatal fire. People's lives are more important than a freaking data center. Sorry, but I don't see this as a heroic story about people trying to keep critical infrastructure running, but as a desperate failure that could easily have turned into a disaster. They never should have gotten to the point where they're continually carrying fuel up stairs. It also sounds like they then decided to pump fuel up a pipe they installed in the stairwell. That doesn't sound terribly safe either, especially when done in a mad rush like I'm sure it was.

Gee.. couldn't have someone planned for this contingency rather than this sort of haphazard, dangerous sounding plan that was thrown together?

You assume hotels think that security is some sort of top priority. It's not. You think that there aren't hundreds of people that could open your hotel room?

If push comes to shove, I guarantee you the preferred solution for 99% of hotels will be simply securing the physical port, and not monkeying around with circuit boards or replacing the whole system entirely. It's just too expensive for too little benefit. Hotel rooms aren't meant to be Fort Knox.

SCADA was supposed to be an industrial control system, where nobody thought "hey... let's suddenly connect this incredibly important system that could literally kill people if it were compromised..... to the internet".

So it shouldn't be surprising the thing is full of vulnerabilities. It wasn't designed to be a secure system from smart and incredibly skilled people trying to attack it. It was designed to be secure through physical security and lack of access in the first place. The problem is that everyone expects data all the time now, even reporting from their industrial processes. So some higher up demands it, and the IT department is forced to connect these systems to the net... opening up a huge amount of problems.

Duh.

  Setting either SAP or Oracle ~properly~ requires expert knowledge, and running either ~properly~ requires expert knowledge.

Except... why does it have to require expert knowledge? It should require expert knowledge to get maximum benefit, like anything else. But just to get the damn thing to run? That should be able to be done by a first level tech. Integrating the thing is a different matter.

Why the hell would you have a software developer installing 'enterprise' software anyway, unless they're some sort of expert in that software type anyway?
Because not everyone works at mega-corp, with super-duper expert just sitting at your disposal who's spent weeks and weeks learning about Oracle and SAP installs with little else on his/her plate. There's lots and lots of people who have to wear multiple hats, and cringe at these freaking installs.

You're basically defending the status quo here, and not doing a particularly good job of it. It doesn't "have to be hard", it just is.

I'm a developer who winds up having to do a lot of backend support and installs, I've been installing various enterprise packages for the last 6 years. The authors experience is VERY familiar to me. It's quite hit or miss, with some of the most expensive ($40,000+) pieces of software giving the most miserable experiences. You spend days trying to fix this or that, and it winds up being some obscure setting somewhere that only a super-expert could ever understand.

What sucks is that we have to put up with this crap. End users wouldn't stand for it.... but yet sometimes I swear IT staff think it's somehow OK, and they either blame themselves, or think they've "learned" something by going through these dumb install problems and jumping through the hoops. I'm tired of it, and it wastes a lot of valuable time. There's some things that can't be avoided, but the majority of the problems I've come across could have provided MUCH better indications of what went wrong, or avoided the problem altogether.

The idea is just completely tangential to what the problem is. The problem isn't that "If we just had a secure little app that could ONLY go to my Bank, everything would be OK". The problem is that the internet is a series of interconnected sites, many of which you discover without even realizing what the site is, compounded by the fact that browsers aren't secure. We all know once the machine is infected from visiting a compromised site, all bets are off.

Drive bys happen because the browser isn't secure, not because people are supposed to have some inherent understanding of what sites are "good" and what sites are "bad". I've worked security in multiple different capacities, and even I can't tell you if a site is going to be "safe" or not. That's because a lot of drivebys are from the 3rd party adware server getting infected. Despite what some totally uninformed IT professionals will tell you, you can't protect yourself by just "knowing where not to click" or "knowing not to click on the fake anti-virus thing". Sadly, I know IT professionals that absolutely SWEAR that this is how people get malware, despite me repeatedly providing them examples of how that's just not that case.

Clearly this should be on the agenda for the new "Cyber Reserves" of the department of Homeland Security.

Good god do I hope you're joking. The last thing we need is the US government involved, especially som quasi-military organization of retired people and contractors that get "activated" in an emergency, all run by the freaking Gestapo.

I'm not even a anti-goverment person who thinks they can't get anything right... but I sure as hell realize that this is an international problem that has to be solved internationally, not by some police force, or extension of it.

This is yet another fine example of Government security doing its usual - leaking like a sieve, in clear violation of Statutory data security requirements. I

Have you SERIOUSLY not paid any attention to the massive, massive amount of data security breaches that have occurred over the last 10+ years? MOST of them are from private industry. How many times did Sony get 0wn3d in 2011.. like 10?

The problem really has nothing to do with "Government security doing its usual", it's a problem across the board. Your reply is complete and utter bullshit for singing out the Government for having shitty security. That's a problem for the entire industry.

About a year and half ago I looked into buying a salvage car that was in a minor accident and repairing it myself. Cars these days have at least 6 air bags + seat belt tensioners, and having 3-4 of them blow is very common in an accident. Replacing the air bags is a MAJOR expense, so I looked into ebay and other sources of air bags. There are/were several sites that sold these bags at greatly reduced prices, in high numbers for all car makers. This didn't make a hell of a lot of sense, as they were even cheaper than junkyards. After a bit of digging I found that counterfeit bags were a problem, and the ebay bags were most likely counterfeit.

I can't of course prove that these bags were counterfeit, but nothing else really made any sense. I actually abandoned my salvage car project after it didn't really make any financial and risk management sense. Real bags from the automaker are very expensive, and then you have to worry about screwing it all up if you DIY. In the end I didn't want to hold myself responsible for a passenger in my car being seriously injured because I wanted to save $1000.