jcd11235

Anyone who meets on a regular basis to watch the Chargers play baseball is an imbecile. From Murder In The First: James Stamphill: How do you think the Yankees will do against the Redskins this year? Henri Young: The Yankees are a baseball team. The Redskins are a football team. Personally, I think the Redskins would kick the shit out of them. Math tutoring available. Only $6! per hour! First lesson: Factorials!

If she put her mind to it, she'd probably make a good Domme. edit to add: I'm in no way trying to imply anything about Nataly's personal preferences. Math tutoring available. Only $6! per hour! First lesson: Factorials!

Yes, it's a reasonable request. Math tutoring available. Only $6! per hour! First lesson: Factorials!

And do you have evidence of this? Please post it. Source 1 Source 2 Source 3 Math tutoring available. Only $6! per hour! First lesson: Factorials!

Right. That doesn't imply that they are on the same network as the computers that they compromise. Typically, they are not. Last I heard, the military did have some Macs in use. That may have changed, however. Nonetheless, it is an example of a botnet that was built without ever exploiting a security fault in the OS. Malware was added to a copy of iWork '09, and the corrupted application was then made available via numerous bittorrent sites. The botnet was built using social engineering. No matter how secure an operating system is, if users are fooled and enter an administrator password to actively install malware, the malware will be installed. Exploiting an application's security fault is very different from exploiting a security fault in an operating system. Nothing against Linux, but from a security standpoint, it isn't OpenBSD. Having said that, most common Linux distributions are relatively easy to keep secure. It is also easy to keep all installed software updated to the latest versions compared to MSW or OS X. I would like to see the government migrate to free, open source software wherever possible, due to lower cost, among other reasons. You keep saying the data doesn't matter - I keep showing where it is. Once again you're changing the subject. Your response has nothing to do with what I said. Once again, I challenge you to show where I claimed OS exploits are no longer threats. On your new subject, you still have not shown how data on the network == data relevant to the network. I would say no, it isn't data on the network. More specifically, it isn't data owned by the users. It's an application that may (or may not) be installed on machines on the network. The application need not be accessed directly to know what versions are installed. That information should be documented elsewhere by the network administrator (at least some operating systems also document versions of software that is installed). Knowing what versions of applications are installed is data about the network. The buggy software is not the malware. It's an attack vector. Additionally the Adobe software doesn't belong to the owner of the network, unless the network belongs to Adobe (which would not meet the definition of network for the purpose of the bill being discussed). It belongs to Adobe. What the bill would do is allow for the application (which could be readily downloaded from Adobe or a number of other sources) to be decompiled so that the source code could be examined, something that is typically forbidden by the EULA with most commercial software. You'll notice that the vulnerability allows a remote attacker to execute arbitrary code. That's a pretty good indication that the arbitrary code need not be (and likely won't be) kept on the network. If the vulnerability were with the OS, then it wouldn't be the Adobe software that needs to updated to prevent the attack; it would be the operating system. If an application requires a certain level of permissions (e.g. admin or root) to run properly, if a bug in that application is exploited, the problem is with the app, not the OS. The operating system works as designed and expected. It's not much different from using social engineering to trick users into installing trojan horses, except it is the application that gets fooled instead of the user. Math tutoring available. Only $6! per hour! First lesson: Factorials!

Interactive websites and web applications. For once, you are correct: I do not scan/log traffic on federal networks. Ah, more of the semantics games - how unsurprising. I didn't want you to be the only one to twist and distort words and sentences in order to interpret them in a manner wholly unintended by their author. When you actually get around to ASKING some, I'll answer. I've already asked some. Check my previous posts in this thread (or read a little farther along in this post). Perhaps you should do some more research, then - virii, malware and botnets ARE exploitations of security faults in the OS. Since you're repeating the same incorrect claim you made previously, I'll ask the same question again: What specific security fault in OS X was exploited to create the Mac based botnet recently? Malware can exploit security flaws in operating systems, but that is not the only way they are installed on computers. Browser based exploits, compromised websites believed (by users) to be safe, and social engineering are just three other common attack vectors, but there are many others. If OS security fault exploits were the only security risk, the solution would be as simple as switching the operating system of all computers on government networks to OpenBSD. Since OS security fault exploits aren't currently the primary risk, such a migration would not address all of the problems, or even close to it, despite eliminating nearly every security fault in the OS (only two remotely exploitable security faults have been discovered in OpenBSD's default installation in nearly 13 years). Sorry, wrong again. Post 35: An answer to post 34, where you imply they would be uninterested in data residing on the network. Since the top threats DO come from data within the network, my response was appropriate. I was referring to your claim: "… since you say that OS exploits … are no longer threats. I never said any such thing, which you would know if you read my posts before reflexively replying to tell me how wrong I am. You said, "You said that they won't be concerned with data residing on the network - I showed where that is EXACTLY the primary risk." You have thus far failed to show "where that is EXACTLY the primary risk." Math tutoring available. Only $6! per hour! First lesson: Factorials!

I was certified as part of a Combat Lifesaver course I took when I was in the army. IIRC, it was an AHA certification. That was ~15 years ago, and I haven't been recertified. Math tutoring available. Only $6! per hour! First lesson: Factorials!

It can exist within the network, but does not need to be, as you should know if you are as experienced as you claim. Of course, with relevant data concerning the network, it would be easier to determine how security was breached to allow the other data, to which you referred, was able to get onto the network, in the cases in which it actually does. For once, you are correct: I do not scan/log traffic on federal networks. It's pretty funny how you've avoided answering any technical questions posed in the thread, given how much you claim to know. The only technical information you've even provided was a copy & paste job from the SANS Institute (which, interestingly, doesn't list OS exploits in their top ten security risk list, despite your claim of how great a risk OS exploits are). For that matter, you've avoided addressing nearly every point I've made, continually changing the subject and making false claims (e.g. posts 35 & 44). But, hey, feel free to keep patting yourself on the back for being so knowledgeable in the IT field. Math tutoring available. Only $6! per hour! First lesson: Factorials!

The USA is part of society, but it is not part of "the society where we get the word marriage from." The term marriage existed long before the USA existed. Not at all, since you have failed to show that marriage has ever been separate from government. (Note that I don't know if it has or hasn't, just that you haven't logically shown that it has.) Even if we restricted the discussion to the USA, which would serve to avoid answering the question about the origin of the term marriage posed by [jakee], we would still have to examine state and local governments, not just the Constitution, before we could claim that marriage was completely separate from government. I guess you have not read what I posted. I would and have voted against gay marriage just as I would for non-gay marriage if it were placed on the ballot. I have and would vote for gay and non-gay civil unions. I have constantly stated that I don’t think that the government should have the power to tell me who I can spend my life with or who I can assign my benefits to. Yet your vote has served to give the government additional power to tell people who they can or can't assign benefits to. Since mutual friends tell me you're actually a pretty intelligent guy, I'm left to believe that you're attempting to retroactively justify your vote to enshrine discrimination in the Florida state constitution. You have already admitted voting to give the Florida state government precisely such authority. Math tutoring available. Only $6! per hour! First lesson: Factorials!

Right. And being gay is a trait, not a free will choice. Not allowing an unmarried gay person to marry the person he/she loves, while allowing an unmarried straight person to marry the person he/she loves is, by your own definition, discrimination. Math tutoring available. Only $6! per hour! First lesson: Factorials!

That wouldn't be relevant data concerning the network. Relative data would be, for example, which sites are accessible, which sites are blocked, what criteria is used to determine if a site should be blocked or what methods are used to ensure blocked sites are not accessible to people on the network. Without relevant data concerning the network, it would be virtually impossible to understand and evaluate the network's strengths and weaknesses with respect to reliability and security. Let's also not forget that the term network, as used in the bill, has a very limited scope compared to the colloquial definition that most of us are familiar with. Now, to be fair, I don't particularly like the bill's use of the phrase "without regard to any provision of law, regulation, rule, or policy restricting such access[.]" While the intent seems to be fairly obvious, the wording isn't very clear and could be improved. As an example, my sister telecommutes for her job working for a hospital. A few months ago, I was doing some tech support for her, and I needed her to try a different browser to access her. I needed to check something (don't recall exactly what) that required me to see her screen while she was logged in. She was quick to inform me that HIPAA forbid her from allowing me visual access to her screen (specifically the browser window through which she worked) while she was logged in to her employer's network. It didn't matter that I didn't need her to access any patient information. The bill seems to be trying to avoid such legal red tape when evaluating network security, as well as bureaucracy associated with IT policy, university regulations, intellectual property law w/r/t network topography, etc. The bill does not sacrifice liberty. It attempts to address the reality that the US is not currently well prepared to address any serious cyberattack. It doesn't abrogate free speech or allow illegal search and seizure. I can't remember the legal term for it, but there is legal precedent that says if the wording of a law can be read and interpreted in a way that is Constitutional and a way that is unConstitutional, the Constitutional interpretation shall be the correct interpretation. Math tutoring available. Only $6! per hour! First lesson: Factorials!

Rarely. Her job is to apply laws to people, facts, etc. When the SCOTUS issues an opinion, don't they simply interpret the law? Don't they either uphold the judgements of lower courts or kick the case back to the lower courts for those courts to judge the people based on the law as interpreted by the SCOTUS? I think I have to agree with Quade. A Justice of the SCOTUS is there to interpret laws, not judge people. Math tutoring available. Only $6! per hour! First lesson: Factorials!

I'd be happy to address your rant if you post it in a thread in which it could be considered topical. In this one, it isn't. Math tutoring available. Only $6! per hour! First lesson: Factorials!

There you go again, making BS claims about what I do or don't believe. I have not advocated any abrogation of freedom in this thread. Any claim otherwise in nothing more than bullshit. Just because I don't cry like a baby about how my rights are being violated every time a bill is proposed in Congress does not mean I favor abrogation of rights. I simply read the text of bills before passing any judgement. In this case, claims about the bill abrogating rights are not supported by the language of the bill. You can piss on my leg, but you're not going to convince me its rain when there isn't a cloud in the sky. Math tutoring available. Only $6! per hour! First lesson: Factorials!

In only three posts, you changed the topic three times. Let me know if you want to stay on topic long enough to have a discussion. Let *me* know when you can understand the subject matter (as well as natural thread drift) and we'll continue. I understand the subject matter just fine. It is you that seems to avoid any questions posed, such as when I asked where I said that OS exploits were not a threat. Instead of answering, you tried to change the subject to botnets (which do not necessarily exploit security flaws in operating systems). Frankly, if you've been working in comsec, etc. for the government for as long as you claim, the level of knowledge you've demonstrated on network security in this thread is a strong indicator that the government needs to tremendously improve our national cybersecurity strategy, as the proposed bill will help do. Math tutoring available. Only $6! per hour! First lesson: Factorials!

In only three posts, you changed the topic three times. Let me know if you want to stay on topic long enough to have a discussion. Math tutoring available. Only $6! per hour! First lesson: Factorials!

All veiled PA's do is highlight the fact that you're adding nothing constructive to the discussion. Have a nice day.

Bankruptcy helps with debt, but not bills like rent, insurance, food, clothing, etc. Bankruptcy also does very little good in the immediate short term. It is a process that typically takes much longer than the term of the very high interest loans being discussed. Math tutoring available. Only $6! per hour! First lesson: Factorials!

I never said any such thing. Do you even read the posts to which you reply? Do you? Where do you think the malicious websites, malware and botnet software *IS*, perchance - just 'floating around the intertubes' and it's the luck of the draw if it lands on your computer? No - they're on servers. And individual computers. And they are the primary threats to cyber-security at present. Could you please stick to one subject at a time, please? I'm still waiting for you to show where I said that OS exploits are no longer a threat (something I didn't say). However, since you brought up, perhaps you can explain how Mac OS X was exploited to create a botnet. Hint: It was created via social engineering, included in a pirated version of iWork '09. Well, let's look at the bill: SEC. 23. DEFINITIONS. In this Act: (1) ADVISORY PANEL- The term ‘Advisory Panel’ means the Cybersecurity Advisory Panel established or designated under section 3. (2) CYBER- The term ‘cyber’ means-- (A) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and (B) any matter relating to, or involving the use of, computers or computer networks. (3) FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS- The term ‘Federal Government and United States critical infrastructure information systems and networks’ includes-- (A) Federal Government information systems and networks; and (B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks. (4) INTERNET- The term ‘Internet’ has the meaning given that term by section 4(4) of the High-Performance Computing Act of 1991 (15 U.S.C. 5503(4)). (5) NETWORK- The term ‘network’ has the meaning given that term by section 4(5) of such Act (15 U.S.C. 5503(5)). The bill uses the following section of Title 15 of US Code to define network, which I have included for convenience: § 5512. National Research and Education Network (a) Establishment As part of the Program, the National Science Foundation, the Department of Defense, the Department of Energy, the Department of Commerce, the National Aeronautics and Space Administration, and other agencies participating in the Program shall support the establishment of the National Research and Education Network, portions of which shall, to the extent technically feasible, be capable of transmitting data at one gigabit per second or greater by 1996. The Network shall provide for the linkage of research institutions and educational institutions, government, and industry in every State. (b) Access Federal agencies and departments shall work with private network service providers, State and local agencies, libraries, educational institutions and organizations, and others, as appropriate, in order to ensure that the researchers, educators, and students have access, as appropriate, to the Network. The Network is to provide users with appropriate access to high-performance computing systems, electronic information resources, other research facilities, and libraries. The Network shall provide access, to the extent practicable, to electronic information resources maintained by libraries, research facilities, publishers, and affiliated organizations. (c) Network characteristics The Network shall— (1) be developed and deployed with the computer, telecommunications, and information industries; (2) be designed, developed, and operated in collaboration with potential users in government, industry, and research institutions and educational institutions; (3) be designed, developed, and operated in a manner which fosters and maintains competition and private sector investment in high-speed data networking within the telecommunications industry; (4) be designed, developed, and operated in a manner which promotes research and development leading to development of commercial data communications and telecommunications standards, whose development will encourage the establishment of privately operated high-speed commercial networks; (5) be designed and operated so as to ensure the continued application of laws that provide network and information resources security measures, including those that protect copyright and other intellectual property rights, and those that control access to data bases and protect national security; (6) have accounting mechanisms which allow users or groups of users to be charged for their usage of copyrighted materials available over the Network and, where appropriate and technically feasible, for their usage of the Network; (7) ensure the interoperability of Federal and non-Federal computer networks, to the extent appropriate, in a way that allows autonomy for each component network; (8) be developed by purchasing standard commercial transmission and network services from vendors whenever feasible, and by contracting for customized services when not feasible, in order to minimize Federal investment in network hardware; (9) support research and development of networking software and hardware; and (10) serve as a test bed for further research and development of high-capacity and high-speed computing networks and demonstrate how advanced computers, high-capacity and high-speed computing networks, and data bases can improve the national information infrastructure. (d) Defense Advanced Research Projects Agency responsibility As part of the Program, the Department of Defense, through the Defense Advanced Research Projects Agency, shall support research and development of advanced fiber optics technology, switches, and protocols needed to develop the Network. (e) Information services The Director shall assist the President in coordinating the activities of appropriate agencies and departments to promote the development of information services that could be provided over the Network. These services may include the provision of directories of the users and services on computer networks, data bases of unclassified Federal scientific data, training of users of data bases and computer networks, access to commercial information services for users of the Network, and technology to support computer-based collaboration that allows researchers and educators around the Nation to share information and instrumentation. (f) Use of grant funds All Federal agencies and departments are authorized to allow recipients of Federal research grants to use grant moneys to pay for computer networking expenses. (g) Report to Congress Within one year after December 9, 1991, the Director shall report to the Congress on— (1) effective mechanisms for providing operating funds for the maintenance and use of the Network, including user fees, industry support, and continued Federal investment; (2) the future operation and evolution of the Network; (3) how commercial information service providers could be charged for access to the Network, and how Network users could be charged for such commercial information services; (4) the technological feasibility of allowing commercial information service providers to use the Network and other federally funded research networks; (5) how to protect the copyrights of material distributed over the Network; and (6) appropriate policies to ensure the security of resources available on the Network and to protect the privacy of users of networks. Considering how network is defined in the bill, as well as the requirement for the President to designate all "state, local, and nongovernmental information systems and networks in the United States" as "critical infrastructure information systems and networks" before they fall within the scope of the bill, it seems highly unlikely that the government is going to be scanning or logging data on citizens' private computers. Considering further the fact that the bill doesn't provide authorization to access data residing on the networks, concerns of First and Fourth Amendment violations seem wholly unwarranted. Math tutoring available. Only $6! per hour! First lesson: Factorials!

When I lived in Hawaii, double rainbows were pretty common (saw them a few times each week). I did see a triple rainbow once. Math tutoring available. Only $6! per hour! First lesson: Factorials!

If I read it, it would be an indication that I don't trust my SO enough for them to really be all that significant to me. Math tutoring available. Only $6! per hour! First lesson: Factorials!

I never said any such thing. Do you even read the posts to which you reply? Math tutoring available. Only $6! per hour! First lesson: Factorials!

Sounds like it's not your computer. It certainly doesn't use language that can reasonably be interpreted as data residing on the network. Math tutoring available. Only $6! per hour! First lesson: Factorials!

Options that are well and good for those who have them, but it's naïve to think everyone has such options. Not everyone has a car, let alone a nice one. Some people already live in the least expensive apartment they can find. They don't have a "cushy lifestyle." They struggle making ends meet with 2-3 jobs. Math tutoring available. Only $6! per hour! First lesson: Factorials!

That is a red herring. This bill doesn't offer the federal government anything remotely similar to such authority. Math tutoring available. Only $6! per hour! First lesson: Factorials!