A picture of a beer can in someone's hand does not prove it contained anything,
much less
beer. I have sometimes left glasses of things like apple juice with a bit of
ice cream
foam on top in church (when the organist needed a drink) or spoken of such. I
also recall
a lot of guys when I was in
Mind IANAL; however it is I think a bailment even though the bailee is
also engaged to act as a delivery agent. Point is that the item remains
someone's property at all times, with what seem to me fairly well
defined expectations around who has what rights to it.
This does not disappear when
It’s a bailment if I give a package to an agent to deliver somewhere too, but
in that case the bailment
Ends when delivery occurs.
From: s...@strawberrycupcak.es [mailto:s...@strawberrycupcak.es] On Behalf Of
dramacrat
Sent: Monday, November 09, 2009 9:50 PM
To: Paul Schmehl
Cc: Everhart,
The law of bailment applies, I would submit, to information sent on
wires. The act of sending something out is not handing it to the public
domain (though it may arrive in the public domain, depending on intent).
However the law of bailments seems to have been ignored by many, even
though it has
Recall that government licenses historically serve mainly to limit the size of
a field and enrich those who get licensed, and exclude a number of competent
people.
Personally I do not favor such measures...speaking for myself here.
Glenn Everhart
-Original Message-
From: [EMAIL
The sender would like to recall the message, [Full-disclosure] simple phishing
fix.
-
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law. If you are not the
You might eliminate phishing but there are occasionally messages from people at
these institutions also. This sort of thing is in essence allowing phishers a
denial of service attack against anyone they choose to make themselves a
nuisance
with.
I am not well pleased with any bank authentication
1% per hour for each target. Lots of targets.
The need for something more like ssl certs in there remains. (Also needed for
bgp I suspect). By extension, some web of trust variation of CERTs would
make much of this easier for those not interested in or able to pay for
certs from commercial
The kind of thing being talked about should be perhaps viewed in terms of
other work Dan has done. An exploit that alters DNS and is combined with
turning corporate browsers into gateways is perfectly feasible and would
in effect make most corporate gateways into pieces of wire. All the pieces
are
The atrocities in Canaan reported about places like Jericho and Ai happened
something like 3 millennia ago now; time to
get over them, and remember there may be statements in the Bible which are not
divinely inspired. In fact the Bible says
there are. See for example Jeremiah 8:8 which I have
Certainly in VMS there is DMA opened up, but only to buffers that are known
and checked to be legal for such. This is a source of considerable complexity
in the drivers, and depending on hardware architecture (number of control
registers
available, for example, to control DMA channels) limits
I suspect rather that DHS needs to first acquire the expertise to deal with
these issues, and participate as
helpers rather than as directors.
Nanog has dealt with interruptions to the Internet in the past, with success
enough that most people are unaware that
major problems ever occurred.
So the precision of an IEEE single precision float is about 7 digits
and of a double is about 15. If you try to exhibit the result to more
digits of precision what makes anyone think you would get a more
precise result? What makes you think that such exhibiting is even guaranteed
to be accurate?
Minor point:
No need to limit such accumulations to nation-states though. People interested
in fiddling with other peoples' computers have come up with attacks that don't
get instantly published at least since the 1970s, and have had more-or-less
private
channels to communicate them. The motives
When someone fraudulently charges your credit card you should immediately
complain to the card issuer in writing so the charge can be reversed and
charged back to the merchant who accepted the fraudulent credentials. That is
one of the advantages of a credit card - the loss can be charged back,
They discover SHA256 but misunderstand somewhat. There will be cases where
different files yield the same hash, but if the algorithm works as it should
it will be infeasible to generate one given the desired hash value in any
sufficiently simple way.
-Original Message-
From: [EMAIL
Well, it depends on the context.
A story went around some years ago about a colleague who was in London. Once he
got his
PhD (in physics), he had a sign made which read DOCTOR VISITING which was
placed in his
dashboard when he double parked now and again (parking spaces being hard to
find in
No money or valuables demanded ==no blackmail.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of HACK THE GOV
Sent: Wednesday, June 20, 2007 10:20 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Month of Random Hashes: DAY TWELVE
maybeso, but that does not come from the company. Blackmail requires
some
sort of or else. Unilateral release of info might match a description
of reckless endangerment, but not blackmail.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, June 22, 2007
Ayup, true enough re jury confusion.
Once a machine has had a malware infection though, the point a layman needs to
understand is simply: it is not possible in under (a large number, maybe 1000)
man
years) to determine that the machine has not been remotely controllable if
connected
to an
There may be no impersonation going on. Could be that email for terminated
people is directed to a common mailbox which might be perused by security folks
to check whether anything wrong might have been going on and not noticed while
the person was there. In effect the mail has then gone to a
Extortion is AFAIK the demand for money or valuables without legal
authority. I do not believe fame qualifies, and in any event one who
points out a bug in public has his fame or infamy independently of what
a company does.
At a former employer (an OS vendor) the general line was to ask customers
There is something called sandboxie that seems to do this same kind of thing.
Programs run inside the sandbox
can read whatever you allow, but writes get done to other directories so that
it is more difficult for a rogue app to corrupt
anything outside the area it is allowed to write to.
Actually some of the older machines (pdp11 in particular) with their
signed and unsigned conditional branches forced you to think about
overflow, and if your programs happened to run in memory above 32K bytes
(16K words) things were too apt to just crash if you got that stuff wrong.
I recall
I see no value in suddenly starting to use a term virtual trust for
trust given due to evidence produced over wires as opposed to trust given
due to evidence produced by other means.
Trust and the validity of evidence to justify it are meaningful. A new candidate
buzzword for a concept that has
If the data is encrypted on laptop that mitigates loss. If you have never heard
of
truecrypt (as one possibility that is free), go learn (and use!) now.
However I fail to see the governments doing much to see that whatever gets
checked
through in fact GETS to the destination with the passenger,
Every RFID that I have seen descriptions for (they're on websites for vendors!)
has a unique serial number that is manufactured in, and is designed not to be
writeable after manufacture. If someone does not use this information the part
could
be cloned but the feature exists to block this.
A query based on IP has the same problems everyone else has with IP address;
it would immediately remove everyone using the same proxy, or who happened
to get the same IP from a point of presence, or from a load balancer...
It might just be that a merchant trying to advertise this way and getting
This argument has gone on for decades at least; you hear very similar things
from the feds about homeland security as well, to pick one of the more prominent
other sources.
We are engaged, when trying to defend systems, in a design contest with
attackers,
trying to keep our fortresses from being
Folks -
The following scheme looks like it could be helpful, apart from runtime cost
(which would tend to be limited since it is only where using human entered
data). Anyone see serious holes? Concur? Disagree? This seemed just crazy enough
to work when it occurred to me...
Thanks
Glenn Everhart
30 matches
Mail list logo