Re: "the bank will only work with contractors [..] of its outsourcer, Resource Solutions"
This whole thing is seriously starting to look like an orchestrated plan to diminish costs...
Starting?
2583 publicly visible posts • joined 31 May 2011
My experience with Google products in government contracting is that they are capable of meeting the contract requirements on a technical level, but they are completely unusable in implementation. We were forced to use Google Office products in place of MS Office on one contract I had the misadventure to work and it was painful on a number of levels. I do not know about cloud services as it is outside my area of expertise, but that has certainly colored my view of all things coming out of the Chocolate Factory.
And that will still rely on the end users keeping their phone secure, not just anti-malware, but physically secure, with a proper unlock passcode\pattern.
Exactly! Running voting through an app introduces at least one more point of failure. This is the opposite of securing things.
By the way, some sites I read suggest that once you are selected/accepted as a member of the Grand Jury, you could be in court a couple of days a week for up to two years! Is that (a) true and if so, (b) nationally or only in some states?
Grand juries are used at various levels of the US justice system (federal, state, county, municipality). The one on which I served was at the county level. We came in one day each month for three months. We only considered felonies unless there were misdemeanors also associated with a given case. I cannot speak to other jurisdictions' rules, but I am sure there is variation among them. I should also mention that the proceedings were nothing like I have seen depicted in popular media, but that is probably not a surprise to most.
I similarly was going to point out that is not how a grand jury works and provide a link to any who actually wanted more details:
https://lmgtfy.com/?q=how+does+a+grand+jury+work
Having performed my civic duty in serving on one, I can say the experience I had was various officers of the state (police, fire marshal, etc) presented evidence and asked permission to proceed with an indictment. It is intended to be a check on the state by its citizens. While we allowed most cases to proceed, we did not do so for all. I fail to see what is bizarre about this concept.
...just how hard WOULD it be for AWS containers to be made 'secure' by default, so that the devs would really have to balls it up to leave them open.
They pretty much are. It takes someone opening them up for this sort of thing to happen. It's more a case of the devs being too lazy or incompetent to provide access properly, instead opting for the Allow-Any approach to security because of ease. The open access also may have been meant as a temporary measure for while the containers were being set up but someone forgot to close the intentionally opened hole.
As the AC noted, language changes. The admittedly few lexicographers I have spoken with take a descriptive rather than prescriptive approach to language. As far as the word of the moment, the first use of "attendee" predates most folks' time on this Earth (first recorded ca. 1935), so it seems a bit late to protest.
It tends to be operated where you have plenty of hydro power because you need to run the plant 24/7 - it really doesn't like cooling down. So, where is the power coming from? Not much available water on the Moon.
Seems that using a molten salt reactor could be used both to refine the products and to generate power. It would still need some water, but it could still function pretty much as a closed system.
...they don't have the passwords, just the hashes, if they are doing it right.
On a practical level, these two are equivalent for the resources a government can throw at the issue. An entity with that level of resources should be able to create rainbow tables for all service providers. Happily (as long as you are not part of one of those entities), this is not the way it works. Hashes are stored locally and different user accounts have different salt applied, which increases the number of combinations needed to be taken into account for rainbow tables to work. They can theoretically still work, but don't provide much benefit.
REF: https://packetlife.net/blog/2008/jul/09/a-bit-more-detail-on-ios-password-hashes/
GnuTzu, you've hit the nail on the head. This is not unique to mobile devices by any stretch. There are lists of approved applications allowed in all USDoD environments (and for other US government agencies) with all others being banned by default. The reporting on this has pretty much missed this both here and in other outlets. Same for users who confuse their government issued devices with personal property or try to pull rank to get what they want because. As long as there are restrictions, there will be people who think they do not apply to them.
...we know he's going to jail.
I assume you are thinking of crosstalk. That's unlikely to be significant enough to be exploitable on a couple of km of separate twisted-pair cables carrying similar digital signals. Even if it is, any "hacking" would require data to be *pushed* from one cable to another, which is not possible even if the crosstalk is ridiculously high.
Yes, I was referring to crosstalk. Yes, it is exploitable and yes I meant only in the sense of a pull. However, there are other means to push commands to an isolated network and having access to a relatively fast and reliable way to pull info makes that aspect much easier if only by dint of having a means to perform footprinting. If you know what to target on the closed network, it makes it that much easier to put something together that will do the job once you gain access.
...these 3 networks shared ducts along the 1/4 mile long production processing plant the air gap approach did mean that it was necessary to lay serial cab;es hundreds of meters between the control room and tanks...
What you describe here is an insecure implementation of an air gapped network. Simply running the cables from different networks beside each other may allow an adversary to pull information across networks.
Well, unplugging from the Internet is just about the most absolute* defense you can have.
Except they've already found out that isn't entirely effective. The article alluded to Stuxnet which was developed specifically to get around such situations.
*Are there degrees of absolute? If so, how are they graded and what are the penultimate and antepenultimate defenses available? What would be more absolute than isolation? Immolation?
You can make fun, until it makes sense.
Now THAT truly is a foregone conclusion. As you rightly imply, this reorganization does not make sense and is worthy of mockery. Why go through all the hassle and expense of doing something of this nature when it has no point in the foreseeable future? This move is purely about ego (speaking of tautology) and adds no value to ... well... anything worthwhile.
You could easily do that by downloading a Linux ISO over torrent and then forgetting about it and seeding for the rest of the month.
I don't believe so. The story was about the amount of data downloaded and not the amount uploaded. You would still generate quite a bit of traffic, but in the opposite direction of what's indicated here.
I wonder if you'll be able to watch videos of Tiananmen square...
I had a conversation with a younger (mid-30s) coworker about the subject. He had never heard of it. The reason it came up was I was there immediately prior and was talking with someone who was a student there at the time, comparing notes. Our education system has failed us massively if this sort of thing is simply ignored.
If you choose to install obvious malware, it's entirely your own fault when it turns out to be malware.
So the people who created the malware and got the gullible unwashed masses to install said malware are not to blame for their actions? How does that work? Blame the victim much?
I am currently on W10 since my old laptop transcended to brick status... I'm waiting for a service pack I have to pay for, that will be Linux time.
GF just moved in and asked me to look at her laptop because it wasn't working well. She said there was a problem with its wireless card not being able to connect to the wifi. It had.... Vista! It's long, long past time for Linux on that system.
...some contractors in key congressional districts get to pocket most of that money...
Saying something is working "as it's supposed to" is not the same thing as "as intended". The system may be working the way the people who designed it intended, but that is definitely not the way it is supposed to be.
enviable is very difrent from enviable
Oddly enough, Chrome views them as the same when I search for them on the page while other applications do not. That looks like a bad implementation to me and makes me wonder if it is open to abuse. Unicode strikes again!