Can we extrapolate and conclude that PINs starting with zero are over half the PINs out there?

Granted, this is unlikely, but it's consistent with the article summary.

No, I didn't RTFA - why do you ask?

Reminds me of something.

Dammit, I hate getting blamed for everything. NaN's, black holes, and now this. Where does it end?

I'd +1 Interesting if I had any points, but since I don't, I'll offer this:

Even if you can buy "gold" for money, can you sell "gold" and get dollars/euros/etc. back out? I think the problem with the gambling laws is getting cash money for winning the game of chance - if it all stays in the game ecosystem, I don't think it counts. I know Entropia has this mechanic, and they seem to have skirted the law, but I don't know how. If you can sell EQ2 in-game money for real money, this is the first I've heard of it.

It's nothing to do with "good" or "evil", it's what you do with the results. If you hack, say, Hamas, and then use that information to your advantage, you are Black Hat. If you hack Hamas, then walk in through their front door with a report of how you owned them (pwned, pwnz0red, whatever) and how they can fix their systems, you are White Hat.

White Hat can be "evil", Black Hat can be "good". Value judgments are independent of the definition - are you there to improve bad security or exploit it?

I hope so. I gave the guy at Babbage's in the mall ten bucks to hold a copy for me. I'll let you know.

Dimensional Analysis for Nerds. Stuff that Matters. (I noticed the same thing.)

Tagged this story "memoryhole".

Nonono, Bioware is a panacaea for problems related to RPGs. Drs. Muzyka and Zeschuk are the cure for what ails Star Wars MMOs. </fanboy>

HGL was your fault? Dammit, Boona. Keep your damn dirty hands off Star Wars: The Old Republic or so help me, I will lead a cadre of basement dwellers to your door with torches and pitchforks.

*This hyperbole is not intended to convey actual threat. Kindly do not prosecute.

I don't know that what you experienced is quite what the article's talking about.

I'm not at DHS-OIG, but in reading their report, it looks to me like it's a pen test or internal vulnerability scan, not an inventory of what patches they have installed. Nessus exists to find actual holes, not just see what patches you had installed compared to FDCC. The report said a Nessus scan found 202 high-risk security holes (as well as 338 medium- and low-risk) in 1085 instances on 174 computers, not just missing patches for systems that aren't actual vulnerabilities.

I'd like to be able to see the report that says exactly what the holes are, but I suspect that that level of detail is probably classified. Given the other findings and recommendations in the report, I'd be inclined to believe that there are real problems and not just a few missing patches.

I hate security theater as much as anybody, but I think this vulnerability scan might be serving a worthwhile purpose.

Commonwealth of Virginia != Department of Homeland Security.

This is an entirely different issue. The Virginia thing was a waste of money and an added frustration which, as anyone who's been to Virginia DMV can tell you, is NOT necessary.

What we're looking at here is the one Cabinet-level department specifically charged with maintaining IT infrastructure getting nailed by their IG for having a security profile slightly better than your average baby's candy protection perimeter.

While it's very difficult to keep out an experienced, dedicated attacker, you could at least shore up the defenses enough to keep the /b/tards and script kiddies out.

It's a streetlight.

Its response is in your inbox, and until you open it, the Cat both approves and disapproves of this development.