"I don't think the report is true, but these crises work for those who want to make fights between people." Kulam Dastagir, 28, a bird seller in Afghanistan
RE: Seeking your Opinon, Are 1/3 of security practices worthless?
Topic: Technology
1:26 pm EST, Feb 18, 2008
Tsudohnimh wrote: Interesting article describing a talk given by "Peter Tippett-- who is vice president of risk intelligence for Verizon Business, chief scientist at ICSA Labs, and the inventor of the program that became Norton AntiVirus -- said that about one third of today's security practices are based on outmoded or outdated concepts that don't apply to today's computing environments."
Tippet uses several analogies concerning outdate vuln research and disclosure and the discarding of hackable technologies. On the surface this sounds good but I'm curious to hear the opinion of some of the security professionals in Memestreams.
Is he entirely off base? Does he make some valid points? Are his analogies far fetched?
I'd love to hear what you think.
Perennially, some self promoter, often a well credentialed and widely respected person, but a self promoter nonetheless, will stand up and claim that everything that everyone in the information security industry is doing is wrong and it all needs to change. These people are frequently discussed here. They usually don't have anything constructive to offer. I do my best to debunk them when they come up but people seem to want to hold onto these things. Its a bit like the fair tax... People want to feel like they are privy to a different perspective which offers easy answers to complicated problems and they don't want to hear that life isn't that simple.
As for this collection of points, you can rest assured that patch management people are more concerned about vulnerabilities that might actually be exploited than they are about issues that are esoteric, and scoring systems like CVSS take this into account. Is he proposing a change to that scoring system? No, we're on to another topic.
I'm not sure that I follow his point about passwords. You have to have them. I've always advocated proactive cracking instead of policies about length because that gets you closer to the actual threat you are combating. Rules about length are just an approximation. Does he explain what he thinks people should do instead? No, we're on to another topic.
I agree with his point about imperfect solutions still being helpful, and the analogy about seatbelts is a good one, but show me a perfect security solution and I'll quit this job, move to France, and learn to bake bread. He goes on to make an aloof reference to "studies" that show that patch management doesn't reduce the risk of exploitation. What studies? There are no such studies!
At the bottom he offers us his silver bullet: "For example, only 8 percent of companies have enabled their routers to do 'default deny' on inbound traffic."
What a silly comment. They do default deny on their firewalls, where the security policy is manageable, rather than on their routers, which aren't designed as packet filters and only offer that feature as an aside. Firewalls, and routers, are in fact the s... [ Read More (0.1k in body) ]
These independents are younger and better educated than the average American. They are pragmatic, anti-ideological and results-oriented, hostile to both Big Labour and Big Government but quite prepared to see the government take an active role in dealing with problems like global warming.
Over the past decade or so, independents have been forced to act like either “soft” Republicans or “soft” Democrats—reluctant conscripts into one or other of America's armies. But in this election the opposite is happening—more and more partisans are thinking and acting like independents.
House Democrats Stand Up To Bush, Refuse to Rubber Stamp Domestic Spying | Threat Level from Wired.com
Topic: Civil Liberties
5:15 am EST, Feb 15, 2008
The Protect America Act, a temporary but expansive warrantless spying bill passed by Congress last summer, will likely expire Saturday at midnight, a casualty of a battle between President Bush and House Democrats over amnesty for phone companies that aided his secret, warrantless spying program and how much of that program should be legalized.
Put people in a crazy situation and people do crazy things
You have no right to a lawyer you have no right to witnesses You don't really know what the charges are And you certainly don't know what the secret evidence is against you
Its not about left or right, its about right and wrong
1. A 30% national sales tax is a workable substitute for all income and payroll taxes in the United States.
2. Global warming is not primarily caused by human activity. In fact, global warming might not even exist.
3. Intelligent design is a viable scientific theory that ought to be taught in biology classes.
4. Even with marginal tax rates at current levels, reducing taxes will increase revenues.
5. Saddam Hussein was behind 9/11.
I would like to compile a similar list for liberals/Democrats.
I didn't like this list, its not particularly fair. I don't think "fairtaxer" is a suitable substitute for Conservatives (although the meme does seem to have infected quite a lot of people). Furthermore, not all Conservatives are religious, and number 5 is just cheap shot. And the offer at the end to compile a list for liberals rings very hollow coming from a liberal commentator. I mean, couldn't you have at least given it a shot before clicking "post" on this blog entry? How much mental effort would it have taken?
For Conservatives I'd suggest the following:
1. Judicial oversight prevents the police from investigating terrorism.
2. Waterboarding is no big deal. Its like a fraternity prank.
3. The impact of human activity on the environment is not important.
4. Unregulated markets will always select the most desirable social outcome.
5. No regulation of late-trimester abortions is possible due to Supreme Court decisions.
For Liberals I'd suggest the following:
1. There is no impending problem with social security and medicare.
2. The Constitution does not protect an individual right to own weapons.
3. If one opposes the decision to invade Iraq it naturally follows that one should support withdrawl from Iraq.
4. The best thing to do for the needy is usually to give them money or free services.
5. Taxation is not theft.
Anyone got any more? Wanna debate me on any of these?? :)
Another company gets funded to develop a feature MemeStreams has...
Topic: MemeStreams
3:50 pm EST, Feb 8, 2008
"Liad Agmon, CEO of Delver, says that the site connects information about a user's social network with Web search results, "so you are searching the Web through the prism of your social graph."
RE: US Customs TSA confiscating laptops - Boing Boing
Topic: Miscellaneous
11:37 pm EST, Feb 7, 2008
k wrote:
Udy, a British citizen, said the agent told her he had "a security concern" with her. "I was basically given the option of handing over my laptop or not getting on that flight," she said.
Oh my god, FUCK that. No more international flights with computers folks. Unless you want your shit gone through. My laptop is infinitely more sensitive and private than my underwear and shit in my bag. There is a zero percent chance I'm letting some fucking guy go through it without a warrant.
If this becomes a common practice for domestic flights, commerce will grind to a halt. Beyond that though, I just won't travel anymore. What complete horseshit.
I guess I'm surprised by your surprise. This matter has been discussed on MemeStreams several times in the past, including by you...
I posted the WaPo article BoingBoing is referencing here.
As the first reference is from 2005, one suspects this was a result of the resounding Republican victory in the 2004 Presidential and Congressional elections. Glad those Republicans are there to defend my freedom from encroachment by the state... Oh wait, except totally the opposite. What a bunch of fucking hypocrits.
Clarity Sought on Electronics Searches - washingtonpost.com
Topic: Civil Liberties
3:10 pm EST, Feb 7, 2008
Today, the Electronic Frontier Foundation and Asian Law Caucus, two civil liberties groups in San Francisco, plan to file a lawsuit to force the government to disclose its policies on border searches, including which rules govern the seizing and copying of the contents of electronic devices. They also want to know the boundaries for asking travelers about their political views, religious practices and other activities potentially protected by the First Amendment. The question of whether border agents have a right to search electronic devices at all without suspicion of a crime is already under review in the federal courts.
