Bill Gates called it, way back in 2004. And Bill Gates is never wrong about ANYTHING. So it's pretty obvious that whatever we've all been receiving in our inboxes since 2006 that looks like spam isn't. Probably, we're all just overwhelmed by all of the legitimate emails we're getting from our many, many friends nowadays, who really are just trying to tell us about some aweS0me dea1z on r0lexxes, and we just can't decide which of the incredible bargains to choose from. And it's actually Google and Yahoo's fault for not having deprecated their spam filters, even though spam now is a thing of the past (trying to make MS look bad, of course). So they keep catching your friends' emails as spam. But it can't be spam, because it's 2010 already. And Bill Gates said.

You went from the above in your original post, to whistleblower employees playing Spy vs. Spy in your latest. I humored your first reply by pointing out ways that you can actually layer your security to prevent most data protection breaches, instead of resigning yourself to the fact that users prefer to make their passwords "password", and it's not like there's anything you can do about that... But come on, you're kind of changing the subject here... I specifically said that nothing is 100% effective. I realize that cognitive marvels can memorize things. Or write them down on a notepad. I wasn't talking about that, but then neither were you initially.

Whether you want to acknowledge it or not, in many, many cases and environments, the weakest link is absolutely the sysadmin, who throws up his hands in the midst of his end-users, and does nothing. Rather than the end-users themselves, the vast majority of whom are more likely to click on a random executable than to want to sell the secret formula of New Coke to the highest bidder.

I couldn't disagree with you more. Most of the point of IT security is to make it harder for anyone to exploit the user, that user included... so hard that it isn't worth the effort.

If the sysadmin fails to implement counter-measures, it's he who is the weakest link. Because whatever its true effectiveness is, there's ALWAYS a counter-measure. I can think of an industry-standard counter to every single scenario you and others have alluded to here; you had to downshift into a pretty specific hypothetical about someone who willfully chooses to leak data, in order to support your original assertion. It doesn't make it any less misguided to let the sysadmin asleep in the corner off the hook.

Feel free to give yourself the last word here.

No measure or countermeasure is ever 100%, but in your disgruntled employee scenario, if you know what the confidential information is, you could use some mix of Rights Management Software... as well as the blocking of file types (say, .png, .jpg, .gif screenshots) from exiting the internal network... as well as preventing USB drive access, etc... and a lock on the computer case. So now the disgruntled employee would have to walk out the door with the computer in order to realistically take the confidential info with him/her. Again, it might not be 100%, but depending on how many 9's you need to put next to your certainty that no confidential data can leave the network, and how much the business is willing to pay to implement it, you can have a fair amount of data protection. You're definitely not helpless to the whims and malice of your users.

In a sense, though, the weakest link is actually the sysadmin, who isn't enforcing appropriate password complexity, length, age, etc... As well as, in a corporate context, not locking-down the network and machine and user profile, so that keylogging executables aren't so much of a problem. Even if the business and/or customers complain about "impact", there's always a way to win the argument for establishing and enforcing IT policies that make sense. You have to be willing to save users from themselves.

Quoting: "Internet service providers should have authority to block subscribers from sharing music and other files without permission of the copyright owner, the RIAA said."

I don't think highway operators in this country have ever been compelled or encouraged to stop grand theft auto, or interstate smuggling of stolen goods... Or that phone companies have been expected to prevent con artists from swindling people out of their money to buy "beach-side" Florida swamp land. Et cetera. This would appear to be unprecedented.

Quote from the article:

"I thought it was the phone -- 'Maybe this phone is just weird and does magical, horrible things and I have to get rid of it...'"

...Anybody know where I can find the sysrq key on it? :)

What exactly would need to be ripped out and replaced? Certainly not the physical layer, which deals in 1s and 0s. Nor the routers, which can route, for instance, IP and IPX. Nor hosts, which can have both an IPv4 and IPv6 address, and which also resolve, for example, DNS and WINS names. Protocols are deprecated as they outlive their usefulness. Hardly anything ever has to be ripped out to be replaced by something else.

I did not know that... Reading slashdot without the scores is like looking at a whole new world. Thanks for the tip. :)

Feel free not to quote numbers then, and just declare to everyone your "feelings" about things instead. And leave the numbers to people who are actually interested in facts and accuracy, not just in overstating those numbers to win arguments or make vague points about "oil-rich" countries, or Google, or whatever. I, for one, am definitely more interested in looking at the actual data than someone's exaggerated estimations of it. And I think I'm probably in good company on /. with such a disposition. But by all means, continue replying to posts with the hope of getting modded up as "interesting". As opposed to "informative". Which is different. As they say, it takes all kinds, the Datas, the Kirks, all welcome. :)

Nowhere in the links provided is "almost 30%" a number. From the above wikipedia source, "The 2006 American Community Survey conducted by the United States Census Bureau found that 19.5 percent of the population had attended college but had no degree, 7.4 percent held an associate's degree, 17.1 percent held a bachelor's degree, and 9.9 percent held a graduate or professional degree." Even if you decide to sum bachelor's degrees and graduate or professional degrees (since it's entirely feasible that the Census Bureau considers the latter to be a subset of the former), you still come away with 27%. If the country had 300 million people as of 2006, you just overestimated by 9 million residents. And 23% (Arab states) versus 27% (US?) is a mere 4% difference.

I'm not entirely sure what the poster's point was in comparing somewhat inflated/rounded-up numbers of US college graduates with other global regions, and how that makes them dime-a-dozen or whatever, but the actual percentages sourced appear to be closer than they were editorialized to be, in any event.