US Defence Department buys Intrusion Detection System.

Gosh, that's leading edge of them.......

'Plead Guilty and cooperate and we'll be nice to you'.

Tough if you're innocent......

Interesting that a former agent of the US Government feels that he's free to comment on an individual who hasnt even come to trial yet. Dont Americans do 'sub judice'?

I hope the Redtops crucify him........

Anyone ever observe that when in the company of people who've taken large amounts of drugs, be that alcohol, weed, or whatever, they become utterly fascinated by each others' conversation and increasingly incomprehensible to anyone else?

Enthusiastic use of Colombian Marching Powder explains the fact that most television for at least ten years has been utter gibberish.....

The monitoring system was only switched off for a month......

And of course that was someone else's fault, wasnt it?

Whats the good of a monitoring system if nobody's monitoring it?

Staggering incompetance....

Congratulations - the first truly sensible post on this topic.

It is of little value to castigate the end users, consider them 'unfit to use a PC', describe them as 'bozos' or whatever. The fact of the matter is that the internet in its current form only exists (and a large number of techies have jobs, including security pros like me) because the use of a PC to conduct business and pleasure is now a mass-market occupation and the mass users have the perfectly legitimate expectation of switching on their machines in the morning and just using them.

Blaming 'the user' is futile and achieves nothing.

So - is blaming the platform of any more value? I'm not a huge fan of Microsoft but after many years of indifference they appear to have finally started to get their act together and its self evident to me that just as Sun Solaris boxes sitting on corporate networks were the prime target in the late '90s, Windows is the prime target now and for the same reason - its the most widely used O/S and the focus of the bad guys' knowledge base.

I think we need to come up with a new paradigm for end-user computing where the user doesnt buy a PC and a basic O/S complete with Admin access, but a pre-configured unit with everything locked down in advance. Back that up with recent proposals that ISPs take steps to isolate machines infected with botnet malware and we might start to get somewhere.

Google is a profit making organisation who provide a search engine. That is the beginning and the end of their area of responsibility. They serve up links to any site - that's what a search engine does.

Any social responsibility is optional.

They are to be commended for this, not bitched at.

I assume that no-one is suggesting that Standards like PCI shouldnt exist?

One of the big flaws in the Standard was always that the requirements for encryption etc were sufficiently wooly as to cause confusion amongst Merchants attempting compliance. Now they're not, so where's the problem?

I do get a bit depressed reading people bitching about how awful everything is and then proceeding to bitch even more when someone tries to improve things.

Speaking as an openly bisexual transgendered person who occasionally campaigns for transgender rights and has been known to smoke the odd bit of weed....

I'm stuffed, basically, arent I?

Do not give a shit about information security or about the security of their customers' information.

I wasted two years of my life watching security recommendations being totally ignored by executive management in spite of their once touted BS7799 registration.

The development of new whizz-bang products rules the roost and recommendations for the development of secure code is routinely bypassed.

I would not trust Orange to hold personal information of any kind in a secure fashion.

My one and only Red Flag story....

There was a television programme some years back which features a Buccaneer bombing run at Red Flag.

Part of it was filmed from inside the control room/tower/whatever it was and in the background you could hear a (female) USAF type giving a very dispassionate commentary to someone down a voice line, while monitoring their progress on a TV monitor.

About half way through you can distinctly hear her say: 'Oh, Jesus Christ, look at those motherf*****rs go!'

My father was once Head of Traffic Division for a medium sized police force. They auctioned their old cars off regularly and jolly good bargains they were too. Before they went to auction, and under his instruction, all badges, lights, sirens, dayglo stripes etc were removed. End of problem - the result is one ratther scruffy white car......

This used to be common practice.

Might I suggest then that the root of this problem (if it is one at all) lies with poor control, bone idleness, and general incompetance from the very people whining about 'threats'?

'How did Mr Deathtoinfidels obtain a police car?'

'We sold it to him, M'lud'

The mind boggles.........

And when you touch down......

(just for the nostalgic old buffers).....

A fair point, well raised.....

Point withdrawn....

(although I still maintain that Civitas have an agenda....)

'If it vibrates, then surely it isn't inanimate.'

Yes but it only vibrates for about 5 minutes.

Then it breaks wind and goes to sleep.

Its ever so realistic......

Is anybody suggesting that people with criminal records associated with child abuse SHOULD be allowed to work with children? Should convicted fraudsters be allowed to work in the finance industry?

Obviously not. Civitas have the cart before the horse.Checking of criminal records is a perfectly legitimate procedure where the criminal record in question has direct bearing on the job applied for.

The atmosphere of suspicion is very real and causes concern, but its NOT the result of proper vetting which is entirely appropriate but the result of media hysteria and lack of common sense within institutions.

And while I'm no fan of Mr Brown and his gang, its worth pointing out that Civitas is a right wing think tank with a vested interest in slagging off Labour governments.....

..to make a pithy comment.

But words fail me.....

Under 'Hmm.... interesting..'

I too would like to see a larger study to include those people who consider themselves to be bisexual...

Also of interest btw is that Dutch research (again a small sample size) showed that the brain structure of male to female transsexuals more closely resembled that of women rather than men.

What's also interesting is that being transgendered does not appear to affect sexuality

There's a paradox there somewhere.....

''How the hell was she hit in the eye? My understanding of underwear is that they go on the lower body and nowhere near your own head. ''

You are assuming that it was the lady in question who was actually wearing them.....

There's more than one way of spicing up the lovelife of middleaged couples....

Allegedly

But when it does......

I note from yesterday's papers that the individual concerned has not been suspended and is back at work.

One reason, I suspect, that our beloved government keeps scoring own goals like this is that accountability is completely lacking.

Firstly he or she should be suspended.

Secondly, if unable to come up with a better excuse than 'I got pissed in the pub after work', he/she should be fired

Thirdly, Jacqui Smith should resign. Supervising one screwup is understandable, supervising two (or more) is not acceptable. She is where the buck stops.....

People moan on and on about how employment legislation means that you cant fire people. But in private industry, idiots like this get dismissed. Its called 'Gross Misconduct'

He's broken US law, then the US have the right to attempt to proscecute.

And to extradite....

However, I wonder when the US are going to work out that intimidating foreign nationals and insisting on ludicrous sentences like 45 years isnt exactly helping their international stature as a civilised nation?

I understand to some degree their obsession with national security but throwing this sort of stuff at some marginally socialised geek having a poke about a badly secured system is ludicrous......

''As an aside - Flying types who swore allegiance to the King/Queen tend to call the kit an "aeroplane" or, if you don't have a classical education, an "aircraft". My father was an aircrew Flt. Lt. in WWII - He got upset about things like that...'

I imagine that Flt Lt Ball calls his a 'kite' ....

Love

Worrals.......

Yes......

That briliant new innovative concept called the mainframe...

Bill will no doubt come round to thinking of that eventually.

But its an interesting speech anyway. Not because Mr Gates is an innovator, but because he isnt. What he is good at is spotting a useful concept and stealing it.

But I do love the idea of inventing the mainframe. Particularly if someone invents RACF to go with it (it being one of the world's two most successful and effective security products ever devised....)

No.

You absolutely not need to keep a CVC under any circumstances.

And under PCI its expressly forbidden......

A few years back (after 9/11) I was on a European flight sitting next to a Muslim gentleman. As the plane started to taxi for takeoff, he produced a copy of the Koran and, hunched over it commenced to mumble what I can only assume were prayers.

I was somewhat alarmed.... but being British and not wishing to 'make a scene' I sat there waiting for something terrrorist'y to happen.

About 5 minutes after take off and the plane was safely above the clouds, he heaved a great sigh of relief and put the Koran away and started to read the paper.

Just an ordinary bloke, shit scared of flying....

Under this loony tunes proposal, he''d probably have wound up with at least nine rounds to the head......

Ridiculous.....

Yes... absolutely. An excellent summary....

Some thoughts on Manga etc....

One feature of Manga-style art is that it is (presumably deliberately) ambiguous. Not only is the age of characters ambiguous, but often their gender is too. Transgender would appear to be a fairly common theme. This ambiguity makes enforcement of any of the suggested legislation a joke.

I am in favour of any legislation that will further the prevention of child abuse. Its the most repellent of crimes and I have personal friends who still carry the scars.

The relationship between 'non-real' pornographic images and actual abuse remains to me unclear and I'm not sure that I actually do support the argument that says such images provide a legitimate outlet for peoples' fantasies and thus reduce real abuse. The jury is still out on that one as far as I'm concerned.

But this IS knee-jerk legislation. Our current government has a track record of gesture politics whereby they 'address' issues by creating unenforcable legislation that makes no real difference. This sort of stuff makes problems worse, not better......

What's 'shoddy' about it?

I'd find it hard to believe that TJX would be vigilant about protecting one area of their network (the bit that holds credit card information) and at the same time be extremely lax in protecting another production network component.

Usually people either protect their networks or they dont. Were I an auditor (which, thank goodness, I'm not) the phrase 'Underlying control weakness' would spring to mind........

The day someone invents a technology that allows me to shove £5 notes into a USB slot on my PC, I'll consider cash as a serious competitor...:)

Back to the topic however,,,

PCI is actually a very useful and pragmatic standard and, if implemented rigourously and with committment, can be of considerable value. I think that the issue of enforcement however is a very real one and we certainly dont seem to be seeing the imposition of serious penalties for non-compliance. Not only are merchants reluctant to step up to the mark (understandably because it costs money) but acquiring banks seem not to be that tough at enforcement either. Add to that the fact that Visa (for example) are owned by the banks and financial institutions that constitute its membership, then you may have some clues as to why merchants arent being penalised as they should be...

But PCI is only a technical standard, and the issue here isnt really about technology, its about an organisation who evidently still have a totally cavalier approach to their customers' data and have paid lip service only to the protection of that information. A perfect example of this is that the employee in question, having raised his concerns with line management, got no response and felt obliged to play whistleblower.

All the technical compliance in the world is no substitute for the genuine management of information security. Had TJX taken security seriously at all, then there should have been processes in place to allow people like him to report securiy breaches and have them acted upon. Its this sort of senior management oversight that Sarbanes - Oxley was intended to assure and where it consistently fails to do so. Sarb-Ox is sadly a complete camel, a knee-jerk reaction to public outcry over Emron and appears to have added little value other than to the stock value of the large consultancies. ISO27001 addresses the requirement quite well but, like PCI, lacks teeth.

The earlier comment regarding UK Health & Safety legislation was a good one. Employers who demonstrate that they have failed in their duty of reasonable care for the welfare of staff are guilty of a criminal offence and, yes, that does mean the prospect of emprisonment for named individuals in positions of responsibility.

Organisations like TJK who continue to play fast and loose with customer information could do with something similar to focus what passes for their minds .......

If this is rampant homophobia or the sort of mimsiness that made the Victorians refer to 'limbs' rather than 'legs',,,,,

And given the fact that my 11 yr old grandson uses 'gay' as a sort of general purpose adjective for people he considers rather feeble (like his older brother), I'm not sure which children these folks are trying to protect from such wicked words

Scammers operating out of China must be either uniquely courageous or uniquely greedy, given the Chinese authorities robust approach to law and order which so often appears to involve a bullet in the back of the head.

A practice I'd normally deplore.

But in this case.......

Arent proposing to grant citizens access to their own health records using (I assume) a simple userid/password combination, complete with handy 'Have you forgotten your password? Allow us to mail it to you' type link .....

Yes or no?

I think I'd rather shoot my fingers off and post the video on Youtube......

(All other comments relating to the relative speed of rollout and that of the the NHS behemoth are perfectly valid. And depressing....)

Do you think HP could be persuaded to buy the Civil Service?

Since they're now in the business of poo collecting.......

>EDS's problem stems from it's poor training structure for staff ...

From what experience I have, EDS's problem stems from the fact that they treat their staff and contractors like scum and rip off their customers....

HP may be buying an infrastructure but making it work would involve ripping the guts out of the organisation and rebuilding its culture.

Which actually sounds like a splendid idea.....

Practice safe hex.....

(I'm here all week, folks...)

I do not consider that a 16 yr old is responsible for his or her actions in the same way that an adult is....

I do however consider that adults with children have a responsibility to ensure that their children act in a reasonably responsible fashion

So why is it that middle class mum and dad let their idiot child to contine to play around on the internet months after the police were involved? Or was that just too much trouble.........

Is absolutely correct both ethically and practically.

Of the various comments posted attacking his position, I cannot resist responding to just one.

@ Sarah

Self serving, incoherent, gibberish. Presumably a fair example of freetard thinking

Your problem is reductionism.

Because other peoples' belief systems do not concur with your definition of 'rational', they are by definition 'delusional'.

I have twisted no points. What I have done is to point out the logical conclusion to your kneejerk bigotry.

You have already stated that you would happily discriminate against those with a religious faith in the job market. You now accuse those with religious faith as delusional. The logical conclusion therefore might be that they are dangerous lunatics who's liberty should be challenged for the good of others.

In a truly rational society the beliefs of others are respected unless they impede the rights of others to belief as they see fit.

You , sir, are not a rationalist

And I have no further interest in corresponding with someone who is obviously a dangerous madman.....

Spot on....

The girl was conned by someone she thought she'd established some sort of trust relationship with. Not the same as clicking on a link from someone you've never heard of.

The security business has to accept that the end user will always do something that appears to us to be mindblowingly dim.

Our job is damage limitation...... live with it.

Utter nonsense

Many Christians accept completely that Darwin was right. Darwin and Christianity are not incompatible for intelligent Christians who consider Genesis to be an analogy.

Interesting that we've now has someone quite clearly stating that persons with religious beliefs should be cleansed from the 'scientific' job market.

So who are the Inquisitors now?

'Theists - accept being on the side of baby-killing barbarians, or stop laying claim to intellectual superiors like Newton'

Simplistic nonsense. This sort of reductionism that dismisses millions of people living on this planet as barbarians is bigotry of the worse sort. Whats next?

Dawkins' very own Nazis........

But so so rational of course.

'' I would take someone with a science background over a religious one for a technical position, yes.

It has nothing to do with doctrine; it is purely about appropriateness. Much as it would not be appropriate to hire someone who could not perform basic addition and subtraction as an accountant, it is not appropriate to hire someone who demonstrably has no skills in evidence analysis and critical thinking for a technical or scientific position. The simple fact they actually believed in creationism would mean they failed the test''

Wow.

First let me say that a belief in a God does not imply creationism (assuming you're using the 'anti-Darwin' sense of the word)

Second - you're saying that a belief in a deity precludes someone from having skills in evidence analysis and critical thinking.

That rather fucks Isaac Newton for a start then .....

Let me take it to the next level then

Would you feel justified in ensuring that all religious believers employed in the scientific or technical arena should be dismissed from their posts due to their obvious unsuitability?

You do realise where you're going here, dont you?

While my first reaction as someone who's struggled with the challenge of sourcing economically viable forensics capability within an in-house team was definitely 'Gissit'.....

It's admissability of evidence that's the issue here.

How do you prove that by inserting a USB device you DIDNT modify the configuration of the machine when its patently demonstrable that you CAN .......