It really would take more than "one malicious teenager" to do this. The level of complexity in Stuxnet is truly awe inspiring.
132 posts • joined 16 Jun 2009
while doing most of their business
That is exactly what they are doing. Buying and selling beans and building a brand are the most important elements of Starbucks business. They are the elements that incur the biggest risk. The location they perform those tasks are where they pay the tax.
Just because people fail to grasp how a business does business does not mean a company is somehow gaming the system.
Somone think of the broadcast domain!
If you collapse these layers you end up with a massive broadcast domain and so you will be smashing your access to core links with ARP packets and the like. A really bad use of those links.
This article is just terrible. Has the guy who wrote it every seen cat 5 cable?
Re: On a slightly different tack
Why would you? The folks doing the guarding would then have to be transported to and from the grounds at a time when public transport is being stretched to the limits, there is no parking at the grounds and you have not been able to hire a coach in London during Olympic fortnight for the last 4 years. Hiring around the East End is the only option, which means you are fishing from a very shallow pool.
Re: The curious thing about all this..
Although thinking about it if I honestly make a false representation I am free. So if I say "I don't think this is true but if it was would you lower the price" I am not committing fraud. So if I make my Libor return and "say we know this is not the correct figure but it is close because by its very nature it is a flawed calculation" is that still fraud.
Re: The curious thing about all this..
Well technically they could have done. But they had to do when they agreed the deal. Caveat Emptor surely?
Why choose to base my deal on something that relies on the honesty and integrity of those who may have a vested interest in manipulating it. It is not right if they do then manipulate it but I can hardly claim that I have no choice in doing the deal.
Re: The curious thing about all this..
Isn't the analogy more like when you went to buy a car you said to the sales guy that a competitor was doing it cheaper and so convinced them to drop their sales price a bit. The fact that nobody had offered it to you cheaper is besides the point. It is not fraudulent to say that someone else is doing a better deal than they are.
My employer network has just under 5k people Yammering. We are pretty good a self policing to make sure nothing too sensitive is posted.
I have had clients who wanted to block it and another who has excess of 10k users.
I don't think either have opted to pay for the enhanced features so really not sure that the Freemium model works well enough to validate a $1bn price tag.
Yes because films like "The Accused" are equally objectifying, is it just because of the media that message must be puerile?
If the game is marketed towards adults then I don't see why it should not have a grown up theme like abuse and how that may affect someone's decision making and the horrific effects these events can have. I am sure Cheryl Araujo would be thrilled that her terrible experiences were made into a critically acclaimed and moving film to pander to dateless 15 year olds.
Until I have heard that there is a complete version I will refrain from commenting in such a "someone thing of the children" type way. Even if I fear you may be sadly right in the end.
Re: DNS Flux
You do know that it is possible to use a registrar that is outside your local vicinity right? Also that there are things like credit card fraud so the person of record on the 1000s of domains may not actually be the perpetrator?
It is one of the reasons that RIPA and Patriot act are pretty much useless in this regard.
Pretty simple you programmatically create more almost random strings as domain names and automatically register them as your bot farm switches between them.
You register these domains under false names with less than stellar domain registries and keep the records pointing at a number of servers you have already compromised and can retrieve your information from at leisure. You access them through a string of other proxies and a tor network and hey presto you can go about these things relatively undetected. Especially if some of the hosts are in jurisdictions that don't play nice with western governments when they are investigating.
See here for what other internet randoms say about it: http://en.wikipedia.org/wiki/Fast_flux
Re: Turning off servers at 6:30?
I have never understood this attitude. If I want to respond to emails when I am not at work why shouldn't I? I feel like working 20 hours a day who are you to tell me not to?
I would rather be measured on results than the time I work to deliver them. The fact that my employer allows me to work in a way that suits me rather than shoehorning everything into 8hrs from 9-5 means in my mind they are doing something very right.
If others want to work less hard, take holidays and relax that is fine, but they will be left in my wake as I produce more so they had better not complain about that as well. Why should I drop to the lowest common denominator's level of productivity?
Re: Huge attack!
"However, more scary in either case would be that UK2 have links to the Internet through people who don't remove spoofed addresses." That is the Internet isn't it?
How would you know that an address was spoofed? As long as it was not RGC1918 or from an unassigned block it could be legitimate.
Re: Why have rules - we still get Enron, Bank implosions, and more
Utter, utter Bollocks. All SOx is saying firms should do is understand what their business is and have some assurance that the figures they present to the market are accurate.
What has cost a load of money is idiots like you massively inflating the requirements and so allowing charlatans to make a massive amount of money on the FUD surrounding it.
Also the source of the report is "based on first-hand evidence collected during paid external forensic investigations conducted by Verizon from 2004 to 2011". Companies who think a phone company are best placed to help with a breach are also most likely to be the low hanging fruit a bunch of opportunists like Annonymous would go for.
You cannot correctly extrapolate from this data set to the conclusions without massive assumptions.
Re: Re: Is SCADA particularly difficult?
The problem is there is no barrier to entry to becoming an expert on sewage systems, power generation or one of many other SCADA scenarios other than intelligence and motivation to learn. If you are planning on launching a proper nation state vs nation state military action you normally have these both in spades.
The assertion that we only therefore have to care about malicious insiders should be suffix with a coda of “or anyone else able and willing to gain a similar level of knowledge”. Which suddenly increases the threat actors from a few people per site to well funded intelligence agencies with an appetite to launch these types of attack.
So the threat of damage in a cyber war is low apart from the threat of those capable of actually starting a cyber war.
Re: Typical example
You have a better chance doing it with the right COTS stuff properly configured and well managed than you do starting out and doing it all through home brew kit.
If however you mean deploying stuff because it has a shiney brochure and the salesman told me it would make me sure you are probably correct; it will never work.
Unless of course the launch of the cruise missile is broadcast live on CNN then they are observed by at least three people.
The point is of coursehat if people bricked themselves over Tomahawk launches as they do over ICBMs they may well pay more attention to them, for some reason ICBMs seem to capture the imagination more.
Have you ever watched Jeopardy? The point is that Alex gives you the answer and you have to give him the question.
The point is the answer to the question "what is Chicago?" is not "Its largest airport was named for a World War II hero; its second largest, for a World War II battle"
If the jeopardy question was "A city whose largest airport was named for a World War II hero; its second largest, for a World War II battle" then the question might be "What is Chicago?".