Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

+ - Cybersecurity and the Tylenol Murders

Submitted by HughPickens.com
HughPickens.com writes: Cindy Cohn writes at EFF that when a criminal started lacing Tylenol capsules with cyanide in 1982, Johnson & Johnson quickly sprang into action to ensure consumer safety. It increased its internal production controls, recalled the capsules, offered an exchange for tablets, and within two months started using triple-seal tamper-resistant packaging. Congress ultimately passed an anti-tampering law but the focus of the response from both the private and the public sector was on ensuring that consumers remained safe and secure, rather than on catching the perpetrator. Indeed, the person who did the tampering was never caught.

According to Cohn the story of the Tylenol murders comes to mind as Congress considers the latest cybersecurity and data breach bills. To folks who understand computer security and networks, it's plain that the key problem are our vulnerable infrastructure and weak computer security, much like the vulnerabilities in Johnson & Johnson’s supply chain in the 1980s. As then, the failure to secure our networks, the services we rely upon, and our individual computers makes it easy for bad actors to step in and “poison” our information. The way forward is clear: We need better incentives for companies who store our data to keep it secure. "Yet none of the proposals now in Congress are aimed at actually increasing the safety of our data. Instead, the focus is on “information sharing,” a euphemism for more surveillance of users and networks," writes Cohn. "These bills are not only wrongheaded, they seem to be a cynical ploy to use the very real problems of cybersecurity to advance a surveillance agenda, rather than to actually take steps to make people safer." Congress could step in and encourage real security for users—by creating incentives for greater security, a greater downside for companies that fail to do so and by rewarding those companies who make the effort to develop stronger security. "It's as if the answer for Americans after the Tylenol incident was not to put on tamper-evident seals, or increase the security of the supply chain, but only to require Tylenol to “share” its customer lists with the government and with the folks over at Bayer aspirin," concludes Cohn. "We wouldn’t have stood for such a wrongheaded response in 1982, and we shouldn’t do so now."

Comment: Re:Things change. (Score 1) 344

by 0100010001010011 (#49817147) Attached to: SourceForge and GIMP [Updated]

That is why stories like Gamersgate touch a raw nerve and can't be wished away

Gamergate touched a raw nerve because it was forced down our throats. Most people I know don't care. I personally find both sides to be idiots yelling at each other over different stuff.

It doesn't help that "Gamergate" has no clear definition.

And you can remain completely walled off and just talk about tech.

Comment: A few things (Score 1) 465

1. I would not do the same things second time around, wouldn't be doing full time university and full time work, I would quit the university, do full time not for 5 years as I did but for maybe 4, move onto the contracts then as I did at first, but not do contracts for 10, instead do it for 5 and start my own business 6 years sooner after getting just enough experience anyway.

2. I wouldn't bother buying and fixing and renting/selling properties as I did on the side, that diluted my effort and pulled me back from starting my own real business.

Basically if I could talk to myself 20 years ago, I would tell myself to skip college altogether, work right away (as I basically did anyway, but I did full time studies and full time job, which was unnecessarily difficult). I would make sure to explain to myself how to properly save money from much younger age and tell myself to start the business much earlier.

The Courts

Supreme Court Overturns Conviction For Man Who Posted 'Threatening' Messages On Facebook 134

Posted by Soulskill
from the being-a-jerk-online-is-not-a-crime dept.
schwit1 sends news that the U.S. Supreme Court has ruled 7-2 in favor of Anthony Elonis, a man who wrote a series of angry messages on Facebook. The posts included quotes from rap lyrics containing "violent imagery," and were directed at Elonis's wife, his co-workers, law enforcement, and a kindergarten class. Elonis was charged and convicted under a federal statute that outlaws "any communication containing any threat to kidnap any person or any threat to injure the person of another." The jury in his case was told the standard for judging such a threat was whether a "reasonable person" would interpret it as such. According to the Court's ruling (PDF), that standard was not enough to convict him. They call it "a standard feature of civil liability in tort law inconsistent with the conventional criminal conduct requirement of 'awareness of some wrongdoing.'" The case is notable for being the first Supreme Court ruling about free speech on social media, but the ruling itself was quite narrow.
Classic Games (Games)

1-Pixel Pac-Man 38

Posted by Soulskill
from the point-based-ghostbusting dept.
szczys writes: Retro games just aren't the same since the display technology resolution has exploded. I went the opposite direction and chose a display with less resolution than the original. This reinvention of Pac-Man uses a 32x32 RGB LED module which are made for LED billboards. This makes the player just one pixel. Add in an Atari joystick and we have a winner.This is a great programming challenge. If you've never looked at Pac-Man AI before, it's fascinating and worth your time!

Comment: Re:Radiology (Score 1) 330

What radiologists do today is not what radiologists will do in 20 years. As the pattern

Do you seriously think that medicine is nothing more than a process of matching wall paper?

Yes. My wife is a hospital internist and she says that 80% of her job could be done by someone with less education or automated. Doctors need to spend their time on the other 20%. DeepBlue/Watson is going to replace a large amount of what specialists do because it'll do it better and more accurately.

There will always be a niche for the human brain with 10+ years of post high school education but it won't be doing what doctors are doing now. It'

Comment: Re:Windows Media Center (Score 1) 315

by 0100010001010011 (#49815357) Attached to: Windows 10 Release Date: July 29th

Well. You could get a Networked tuner card like those from SiliconDust.

Or you could do away with them. Rather than fiddling with tuning cards and editing of commercials it's much easier to just use SickBeard/SickRage

My FreeNAS server downloads them in the background and they just show up. As much fun as fiddling with TV Tuner cards sounds I'd just get the 720p rip from a group that does this all the time.

HTPC

The primary purpose of a Home Theater Personal Computer is to run a home theater.

Comment: Re:Xilinx (Score 1) 60

by Svartalf (#49815133) Attached to: Intel To Buy Altera For $16.7 Billion
Biggest problem THERE would be that they'd have to open up the X86 kimono a bit more than they'd really want to do that with NIOS.  I won't be surprised in one way (your meaning of the situation) if they do it and surprised all the same- because they're giving stuff out that can be more readily reverse engineered through the tools, etc. that people would get as a result of that decision.
Security

Malware Attribution: Should We Identify the Crooks Who Deploy It? 77

Posted by Soulskill
from the you-break-it-you-bought-it dept.
Brian Krebs asks: What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it's important to consider attribution insofar as it is knowable, but it's remarkable how seldom companies that regularly publish reports on the latest criminal innovations go the extra mile to add context about the crooks apparently involved in deploying those tools.

Comment: Re:Conflict of interest (Score 1) 60

by Svartalf (#49815101) Attached to: Intel To Buy Altera For $16.7 Billion
Not a conflict of interest.  Just that a competitor just bought your supplier.  Big difference.  It's a problem that you need to find a new supplier.  The drawbacks with FPGAs is that there's nothing other than your sole supplier is just that.  You can't readily or easily swap out the FPGAs like you can SoC's in the ARM or MIPS space- or like RAM or eMMC's.  There's a bit of "standard" and "open" involved with things there.  I consider it necessary evil to be using them because they're not as open or "standardized" as the other stuff- but the moment someone wises up, even though it'll be a race to the bottom like the other plays, they will be the "king" there.

Comment: Re:So, what's the plan? (Score 2) 60

by Svartalf (#49815057) Attached to: Intel To Buy Altera For $16.7 Billion
They're big and slow compared to an ASIC, yes.  But the thing is, they're not big and slow overall- they're reconfigurable and you can dynamically change the logic (Witness Altera's OpenCL offering on the higher-end stuff they offer...  You don't offer that unless you're competitive with GPUs...) on the fly.  They have a place and it's not always custom logic.  It's adaptable custom logic- which ASICs **CANT** do.  CPUs are slow and plodding in many of the tasks you're talking about in that space- and GPUs are cumbersome and painful to use compared to them for that use.

If I have not seen so far it is because I stood in giant's footsteps.

Working...