mrcash2009 0 Posted April 30, 2012 (edited) 4EkURdh1TB8 Just an interview about CISPA going through house of representatives. I like the use of a bearded hacker justifying the real points vs suit guy saying the party line. I wonder if they picked beardman for the role of who not to believe ... interesting, even though the points are valid and im not really assuming thats the case. Reminds me of pelham and his view of what "those who say otherwise" must be and look like :p I also like the fact that suite news man and his family and himself at home are also subject to it as things progress, its all about the bad men and those pesky conspiracy hacker types saying rubbish! Grrrrrrrr. He also makes a good point of the example of "hacker" and yet another swathing tag that must mean internet crashing binary terror. Point being that someone saying "im a hacker" is being morphed in the web terms as someone saying "im an al-Qaueda member" in trigger response and ill informed terms and usage. I wonder when 'open source hacker days' will get swat teams/tazors and gas piled into them soon .. I am exaggerating ... kind of. Edited April 30, 2012 by mrcash2009 Share this post Link to post Share on other sites
batto 17 Posted April 30, 2012 (edited) I wonder if they picked beardman for the role of who not to believe... They picked Richard M. Stallman, founder of Free Software Foundation, defender of liberty in digital era since 80s. He's not just randomly-picked-ordinary-hacker-with-beard! I suggest you go on youtube and look at some lectures he gave. He's a bit extreme but has some valid points. Edited April 30, 2012 by batto Share this post Link to post Share on other sites
mrcash2009 0 Posted April 30, 2012 (edited) I know :) ... I was simplifying a point, based on what ill informed people may think while casual browsing and seeing someone saying opposing views, thats was all, in actual fact the debate is perfect for this thread just in that small video. I probably didn't convey that too well, but also it was a good example about "hacker" terms too. Also heres a UK article which has relevance: Data sharing in Whitehall must be limited by respect for private rights The government should establish clear guidelines on people's rights to privacy to put a brake on official bodies sharing data http://www.guardian.co.uk/commentisfree/libertycentral/2012/apr/24/data-sharing-government-limit-private-rights?CMP=twt_fd Some interesting debates at the comments section at the base of the article too. Edited April 30, 2012 by mrcash2009 Share this post Link to post Share on other sites
PELHAM 10 Posted April 30, 2012 (edited) Up to date text of the bill including all current amendments. Stallman's information is out of date and while I respect the man and his work he is not up to date with the current text. http://intelligence.house.gov/hr-3523-bill-and-amendments Perhaps you would like to read this Q&A for a more balanced view?: http://intelligence.house.gov/qa-about-rogers-ruppersberger-cybersecurity-bill Q: I’ve heard that the bill has no protections for privacy and civil liberties; is that right? A: No. To the contrary, the bill contains strong, customized privacy protections designed to ensure that the bill remains centrally focused on protecting cybersecurity. -First, the bill is completely voluntary; no one is required to change anything about what they do today as a result of the legislation. -Second, the bill focuses on cyber threat information sharing, allowing the government to provide classified cyber threat intelligence to the private sector and permitting the private sector to identify and share cyber threat information on a voluntary basis. -Third, the bill only permits information directly pertaining to threats or vulnerabilities to be identified and shared only for the purpose of protecting systems and networks from such threats or vulnerabilities. -Fourth, the bill authorizes (and encourages) the private sector to anonymize or minimize the cyber threat information it voluntarily shares with others, including the government. -Fifth, if the cyber threat information is voluntarily shared with the government, there are strong limitations on the government’s use of the information. The cyber threat information must be protected from disclosure outside the federal government unless further sharing is specifically authorized by the entity providing the information. The government may not search the cyber threat information for non-cybersecurity or national security information. (Amendment at markup) The government may not use the cyber threat information for other purposes unless a significant cybersecurity or national security purpose exists. (Amendment at markup) The government may not require any entity to share cyber threat information with the government. (Amendment at markup) The government may not require the sharing of cyber threat information in exchange for government cyber threat intelligence. (Amendment at markup) -Sixth, if the government violates any of the restrictions placed on it by the legislation, it can be held liable for damages, costs, and attorney’s fees through federal lawsuits. (New provision). Q: Some have said that the bill permits the government to engage in a wide-ranging surveillance program; is that true? A: No. The bill does not permit government surveillance. It allows the government to share classified threat information with the private sector to help the private sector better defend its own networks; the bill also provides clear authority to the private sector—not the government—to identify and share cyber threats on its own systems and networks. The bill only permits such private sector identification and sharing of cybersecurity threat information where a company is engaged in the protection of its own systems or networks or those of a corporate customer; it does not permit the monitoring of individual customers. Why are many supporting this bill? Read letters of support: http://intelligence.house.gov/hr-3523-letters-support Edited April 30, 2012 by PELHAM Share this post Link to post Share on other sites
mrcash2009 0 Posted May 4, 2012 Just some points I had ref this, not for anything specific toward Pelham but in general mainly ... A: No. To the contrary, the bill contains strong, customized privacy protections designed to ensure that the bill remains centrally focused on protecting cybersecurity. Customised = can me modified at any time. Its central focus is on protecting cybersecurity, but does not state that its the only purpose of the customisation (changed at a later date). So its customised for cybersecurity, and I have always stated, for the current time. -First, the bill is completely voluntary; no one is required to change anything about what they do today as a result of the legislation. This is of course, for now, and also under a customisable model ref previous point. "About what they do today" isnt suggesting later on as things progress. The "threat" isnt voluntary, and voluntary gets used so much these days ita nice soft word, but it also is depending on what happens and the what the threat is. Although its in place as voluntary "currently". -Second, the bill focuses on cyber threat information sharing, allowing the government to provide classified cyber threat intelligence to the private sector and permitting the private sector to identify and share cyber threat information on a voluntary basis. "Cyber Threat" ... this can be used like "terrorism" in the physical world (and we have all seen how those laws have been used), it can be moulded to fit all manner of serious or not so serious scenarios in the digital realm based upon a threat to a system (IE: terror - a threat to building/property), so as long as you can confirm something is a "cyber threat" you would then feel "obliged" as a company to flag it "voluntary" and that is the process trigger. -Fifth, if the cyber threat information is voluntarily shared with the government, there are strong limitations on the government’s use of the information. Please elaborate and explain in detail the "strong limitations", all on whim of "voluntary" soft words. The government may not search the cyber threat information for non-cybersecurity or national security information. Please elaborate and extend the outline of the government employees who work in this field on what they can and cannot see and have the ability to overrule or extend on due to other processes. Can they overrule if they deem the "cyber threat" a threat to non cybersecurity and national security? after all isnt this threat just as much a threat to national security, we get told that in the real world all day long in the media (we also get told we cannot see anything due to national security threats). Also going by history, I will take his word for this then, a dash of a pinch of salt added too mind. The government may not use the cyber threat information for other purposes unless a significant cybersecurity or national security purpose exists. So they can then, as long as someone deems it as such with a level of significance (we have to take there word for this, you cant ask or find out .. thats a national security matter, nothing to see here). Which lead on to this: The definition of “cyber threat information†in the bill is limited only to information that directly pertains to a threat to, or vulnerability of, a system or network. But, it can be extended out of that by the two points above. The government may not require the sharing of cyber threat information in exchange for government cyber threat intelligence. But, if its deemed a threat to national security ..... what happens? Sixth, if the government violates any of the restrictions placed on it by the legislation, it can be held liable for damages, costs, and attorney’s fees through federal lawsuits. I guess that means abusing the information and searching further than is required, but as it stand if its a threat deemed as "national security significant", that would change things. Also if you want to pay some hackers to go about causing issues to get around this you can, it happens all the time. Dare I mention the bin laden of the tinterwebz, internet style norad fooling "anonymous". No. The bill does not permit government surveillance. But can trigger this process if a "significant" amount from the deemed "cyber threat" that was "volunteered" (soft word and state of play "for the moment")". It doesn't really go much into that "significance" specification to label "national security threat" and then what happens once the trigger is in place for them to then be allowed to go further. Also by the very nature of volunteering such information for the government to make decisions if its national security threat within this process, then it is the government doing surveillance in the end result. It allows the government to share classified threat information with the private sector to help the private sector better defend its own networks; the bill also provides clear authority to the private sector—not the government—to identify and share cyber threats on its own systems and networks. So they pass down the information knowing they have let them know this information, and if company in private sector doesn't "volunteer" anything they have them by the balls becuase "we told you so" .. hence the "volunteer" flaky element. I think "Volunteer" will morph swiftly to "Obliged" and after time it will be "Required" .. so lets synchronise watches and get the popcorn. going back to the point at the start: Fifth, if the cyber threat information is voluntarily shared with the government, (as if they are not going too based on point above). The bill only permits such private sector identification and sharing of cybersecurity threat information where a company is engaged in the protection of its own systems or networks or those of a corporate customer; it does not permit the monitoring of individual customers. But in the end is it not those individual customers that access the networks along with the "cyber security threats". And if they then flag "voluntary" the "cyber threat", and this information has been deemed "significant to national security", I wonder what the outcome would be later and what steps they extend from then. As regards the link to who's on board with this, well of course they are, multinational corporations are going to be, that's really not the point, they aren't potentially in the info that's "volunteered" they can be looked upon as a "cyberthreat to national security" that triggers the exact thing bog standard net users are talking about. It will start with system protection from hackers, and pathe the way for this "customisable" setup to extend, just like patriot acts and terror laws in the physical world, just wait and see. On the face of it, its all logical and black & white, come back in a year or two. Share this post Link to post Share on other sites
PELHAM 10 Posted May 4, 2012 (edited) Lol yet more Unspecified Future Disasters - is any of it at all likely? I am not going to read and explain it to you word for word. If you can't understand it then please use an internet translation service. All the information is in the links provided, maybe you can contact the secretaries of the relevant Congressmen and see if they can provide you with further info and translations. If you are unsure what a Cyber Threat is here is an example: http://www.channel4.com/news/soca-website-offline-after-hacker-attack 3rd May 2012, The UK Serious Organised Crime Agency website has temporarily been taken offline after a cyber attack by hackers. The week before, Soca shut down 36 websites that were used to sell data from credit and debit cards. Hacker revenge? Don't like the freedom to commit fraud being curtailed so resort to a form of terrorism? That's what it is. I like the idea of a free internet, problem is people abuse that freedom, just like in the real world. Therefore in the end it has to be policed because a small minority can't behave or keep their hands out of other peoples pockets. It's a shame it has to happen at all. Edited May 4, 2012 by PELHAM Share this post Link to post Share on other sites
batto 17 Posted May 4, 2012 (edited) Lol yet more Unspecified Future Disasters - is any of it at all likely? I am not going to read and explain it to you word for word. If you can't understand it then please use an internet translation service. All the information is in the links provided, maybe you can contact the secretaries of the relevant Congressmen and see if they can provide you with further info and translations. If you are unsure what a Cyber Threat is here is an example:3rd May 2012, The UK Serious Organised Crime Agency website has temporarily been taken offline after a cyber attack by hackers. The week before, Soca shut down 36 websites that were used to sell data from credit and debit cards. Hacker revenge? Don't like the freedom to commit fraud being curtailed so resort to a form of terrorism? That's what it is. I like the idea of a free internet, problem is people abuse that freedom, just like in the real world. Therefore in the end it has to be policed because a small minority can't behave or keep their hands out of other peoples pockets. It's a shame it has to happen at all. I know I'm posting in troll discussion but I just can't resist. http://www.channel4.com/news/soca-website-offline-after-hacker-attack The distributed denial of service (DDOS) attack, which involves websites being hit by a flood of users at the same time, was carried out on Wednesday night. 1) It affected UK site 2) Site I've never heard of till now was down for few hours 3) All IPs are collected & traffics saved 4) kids from EU/US that participated may see Police soon 5) people from Russia/China/Africa/... that participated will probably forget it soon 6) bots, trojans, ... may be removed soon Most important: 7) CISPA will not help Some dumb f*cks (those who thinks it's terrorism) may tell you it will, but fail to tell you how. Guys stop feeding trolls, you're filling this thread with garbage. Does anyone know some example where CISPA will help law enforcement? Only new thing I see are some unspecified private entities that can look on traffic (I don't mean those that monitor, AFAIK there are 2 types). EDIT: I'm not implying that stealing from stolen credit card numbers is OK. But credit cards are too old-school. I don't have one and never will for how simple it is to get money from it for anyone who knows the number (number you share in order to pay). Edited May 4, 2012 by batto Share this post Link to post Share on other sites
mrcash2009 0 Posted May 5, 2012 (edited) Lol yet more Unspecified Future Disasters - is any of it at all likely? I dont know Pelham, maybe ask london 2012 about surface to air missiles and some apparent mass terror threat that will occur if we dont have it as a real world example. [check the show 'have i got news for you' from last night and specificaly this subject and the point the host brings up, just to get into the mindset]. I am not going to read and explain it to you word for word. If you can't understand it then please use an internet translation service. All the information is in the links provided, maybe you can contact the secretaries of the relevant Congressmen and see if they can provide you with further info and translations. If you are unsure what a Cyber Threat is here is an example: You dont have to do anything, I did say it was question in general at the start of my post, so save the self imposed element. I know what a cyber threat is generally, thats pretty silly to come to that conclusion, you again as always miss the point regarding "deemed" and how something is read and used, all clear enough in previous post. 3rd May 2012, The UK Serious Organised Crime Agency website has temporarily been taken offline after a cyber attack by hackers. The week before, Soca shut down 36 websites that were used to sell data from credit and debit cards. Hacker revenge?Don't like the freedom to commit fraud being curtailed so resort to a form of terrorism? Funny enough you actually fell right into my point, the alignment of "terror" (real world) with hackers ... re-read my post points and you will see what I was getting at in terms of "patriot act for the tinterwebz". Also, what if no one hacked the site? How do we know? Another example to justify and throw terror=hacker into the media .. I speak about the site going down not the actual sites initially that were taken down. Also seems like SOCA is doing a good job already without this, no? In reference to things already in place. I said this before "Terror" is a now a no questions asked fast track tag, you align this to any form of hacking (as you can see from media) you get your "National security" threat, once you move into that arena: The government may not use the cyber threat information for other purposes unless a significant cybersecurity or national security purpose exists. And what other "purpose" does "terror" have? So you can abuse this my simply paying hackers to do the dirty work and you have your end result, but that has never happened, and is inconceivable, after all corporations are squeaky clean, and all intel agencies have never pulled any such stunts "to the east" before. This also has to be highlighted that all these agencies and bodies calling for it have partaken in the same shit to others, plus the examples of hackers getting hired. And AGAIN ... its not about the front end reasons for implementation and hacking, its about how that then gets used later using this "customisable" model, my point from the very start, all of which I have listed in the previous post fairly clear, and AGAIN .. the reason people have issues and questions. If this gets simplified to "if you dont want this legislation you must like hacking or hackers" is yet another mind game. I know I'm posting in troll discussion but I just can't resist. If you think I just reply for Pelhams benefit then your are mistaken, I post for the subject and thread points personally. It wouldn't be sporting to have one side of a view on a subject :) Edited May 5, 2012 by mrcash2009 Share this post Link to post Share on other sites
PELHAM 10 Posted May 5, 2012 (edited) I know I'm posting in troll discussion but I just can't resist.http://www.channel4.com/news/soca-website-offline-after-hacker-attack 1) It affected UK site 2) Site I've never heard of till now was down for few hours 3) All IPs are collected & traffics saved 4) kids from EU/US that participated may see Police soon 5) people from Russia/China/Africa/... that participated will probably forget it soon 6) bots, trojans, ... may be removed soon Most important: 7) CISPA will not help Some dumb f*cks (those who thinks it's terrorism) may tell you it will, but fail to tell you how. Guys stop feeding trolls, you're filling this thread with garbage. Does anyone know some example where CISPA will help law enforcement? Only new thing I see are some unspecified private entities that can look on traffic (I don't mean those that monitor, AFAIK there are 2 types). EDIT: I'm not implying that stealing from stolen credit card numbers is OK. But credit cards are too old-school. I don't have one and never will for how simple it is to get money from it for anyone who knows the number (number you share in order to pay). I did say it was an example of a cyber threat - please read things twice if you can't understand them at the 1st try and no, I can't explain it word for word to you. If MrCash has found a good internet translation service maybe he could recommend it to you? SOCA site was taken down for a number of days not hours. Not sure how it is relevant that you have not heard of it? CISPA will help with exactly this sort of thing as it will enable information sharing to get the people doing it. The SOCA site was attacked just after this: www.soca.gov.uk/news/446-web-domains-seized-in-international-operation-to-target-online-fraudsters How is that not some form of terrorism - mess with our crime business and we will attack your sites. The same thing happens in the US and that is why CISPA is needed. PS I'm not a troll - 2 or 3 have labelled me as such because they don't agree with my point of view. You are certainly classifiable/certifiable as something but I'm too polite to say it. If you think I just reply for Pelhams benefit then your are mistaken, I post for the subject and thread points personally. It wouldn't be sporting to have one side of a view on a subject :) Snap! (UK meaning, 'Me too!') Edited May 5, 2012 by PELHAM Share this post Link to post Share on other sites
mrcash2009 0 Posted May 5, 2012 (edited) CISPA will help with exactly this sort of thing as it will enable information sharing to get the people doing it. problem-reaction-solution. How is that not some form of terrorism - mess with our crime business and we will attack your sites. Hook line & sinker. To re quote my previous post: I said this before "Terror" is a now a no questions asked fast track tag, you align this to any form of hacking (as you can see from media) you get your "National security" threat, once you move into that arena: 'The government may not use the cyber threat information for other purposes unless a significant cybersecurity or national security purpose exists.' And what other "purpose" does "terror" have? If MrCash has found a good internet translation service maybe he could recommend it to you? Can I 'LOL' now? Snap! (UK meaning, 'Me too!') Really pelham? insinuations of not beig able to translate, IQ jibez ... lolz at posts, idiot references, UFO conspiracy nut jibez (pointless), telling everyone you have had to correct them in threads? I often wonder. Edited May 5, 2012 by mrcash2009 Share this post Link to post Share on other sites
PELHAM 10 Posted May 5, 2012 (edited) Really pelham? insinuations of not beig able to translate, IQ jibez ... lolz at posts, idiot references, UFO conspiracy nut jibez (pointless), telling everyone you have had to correct them in threads? I often wonder. Well don't appear so lacking in those areas then, I don't actually have to correct everyone - just 6 or so including you LOL (might be a good idea not to post videos from RT in future, their verification procedures are worse than yours) The people that attacked SOCA are organised criminals not ordinary people. That is a national security issue and it's quite reasonable to classify it so. The cost of their crime affects everyone. The attack was in response to this: http://www.soca.gov.uk/news/446-web-domains-seized-in-international-operation-to-target-online-fraudsters The sites, identified by SOCA as specialising in selling stolen payment card and online bank account details, used e-commerce type platforms known as Automated Vending Carts (AVC’s) allowing criminals to sell large quantities of stolen data quickly and easily. Visitors trying to access these sites are now directed to a screen indicating that the web domain has been seized by law enforcement. Attacking Law enforcement sites because your crime business was shut down is a minor form of e-terrorism and that is why we need CISPA. CISPA will help stop the everyday crime and the other acts that happen every day. Edited May 5, 2012 by PELHAM Share this post Link to post Share on other sites
batto 17 Posted May 5, 2012 (edited) If you think I just reply for Pelhams benefit then your are mistaken, I post for the subject and thread points personally. It wouldn't be sporting to have one side of a view on a subject. But it's meaningless. I've asked 2nd time how will this CISPA help to catch those criminals. No answer yet. CISPA is useless until proven otherwise. Answers like "teh cyber-terrorism!!" and other usual crap isn't proof that it's useful. There's no point discussing things around it until this question is answered. From: http://www.theinquirer.net/inquirer/news/2172444/soca-web-site-cyber-attack "Shutting a site down via a DDoS attack is not a hack or a compromise," he said. "I would also guess that most of the people who are performing these attacks are young people, but just because they are young doesn't mean that they shouldn't be taken seriously. I do not agree with the actions of Hacktivists, but this is a wake-up call for the security industry too." -- David Jacoby, Kaspersky Labs Well, I guess that when I F5 threads here several times per second to see reply to my awesome posts (which will usually come after few hours anyway) I'm terrorist too. But BIS definitely needs law similar to CISPA because they're too lazy to look at logs and hand my IP to police. [sACRACSM] Btw, when I get banned (I hope it'll never happen) I may commit an act of terrorism by F5-ing this forum all day long as a payback. [/sACRACSM] Edited May 5, 2012 by batto Share this post Link to post Share on other sites
mrcash2009 0 Posted May 5, 2012 (edited) Well don't appear so lacking in those areas then, I don't actually have to correct everyone - just 6 or so including you LOL (might be a good idea not to post videos from RT in future, their verification procedures are worse than yours) Lacking on your terms, I said it before, your not a moderator and the all knowing, you say "Snap" as regards posting on the subject but you do spend a good deal of time shutting down on others with your facts even though I have seen plenty ask questions that you ignore when it suits, so me thinks that might not all be strictly true. People can post videos from many sources if it has a valid point to a subject matter, so if you have issue, either cry to a moderator or accept its a 'forum' .. you dont like the videos, dont watch them. And similar to how you seem to dicate to others with things they dont like, if you have issue with RT then you can write to them. The people that attacked SOCA are organised criminals not ordinary people. Where did I state they were not? That is a national security issue and it's quite reasonable to classify it so. Yes indeed, I still refer to my last posts about this and future events. Attacking Law enforcement sites because your crime business was shut down is a minor form of e-terrorism and that is why we need CISPA. CISPA will help stop the everyday crime and the other acts that happen every day. And, again, we will see how it gets fleshed out later in terms of how its used outside the designated "customisable" framework. Just posting blatant examples of fraud and hacking isnt the argument, its about what gets put in place and where it extends, and as I posted already about the points of this legislation, you can see its open to that while being marketed as fixed and in no way going have any effect in the "normal users" ... and AGAIN, once this is in place and we rid the world of the criminals and hackers as a majority, it will still be in place for everyone to "customise" which will be an interesting future online. But it's meaningless. I've asked 2nd time how will this CISPA help to catch those criminals. No answer yet. CISPA is useless until proven otherwise. Its meaningless to voice opposing views on the matter? Now I really dont know where your coming from, last time I checked I wasnt batting for CISPA either in many ways. There's no point discussing things around it until this question is answered. I disagree, but then you also have a small thing called "Speaks for itself" :) Edited May 5, 2012 by mrcash2009 Share this post Link to post Share on other sites
Tonci87 163 Posted May 5, 2012 Lacking on your terms, I said it before, your not a moderator and the all knowing, you say "Snap" as regards posting on the subject but you do spend a good deal of time shutting down on others with your facts even though I have seen plenty ask questions that you ignore when it suits, so me thinks that might not all be strictly true. People can post videos from many sources if it has a valid point to a subject matter, so if you have issue, either cry to a moderator or accept its a 'forum' .. you dont like the videos, dont watch them.And similar to how you seem to dicate to others with things they dont like, if you have issue with RT then you can write to them. Where did I state they were not? Yes indeed, I still refer to my last posts about this and future events. And, again, we will see how it gets fleshed out later in terms of how its used outside the designated "customisable" framework. Just posting blatant examples of fraud and hacking isnt the argument, its about what gets put in place and where it extends, and as I posted already about the points of this legislation, you can see its open to that while being marketed as fixed and in no way going have any effect in the "normal users" ... and AGAIN, once this is in place and we rid the world of the criminals and hackers as a majority, it will still be in place for everyone to "customise" which will be an interesting future online. That is my main concern with him, he simply ignores questions that are to uncomfortable to his cause. Share this post Link to post Share on other sites
PELHAM 10 Posted May 5, 2012 (edited) Lacking on your terms, I said it before, your not a moderator and the all knowing, you say "Snap" as regards posting on the subject but you do spend a good deal of time shutting down on others with your facts even though I have seen plenty ask questions that you ignore when it suits, so me thinks that might not all be strictly true. People can post videos from many sources if it has a valid point to a subject matter, so if you have issue, either cry to a moderator or accept its a 'forum' .. you dont like the videos, dont watch them.And similar to how you seem to dicate to others with things they dont like, if you have issue with RT then you can write to them. Don't mind you posting videos, was just concerned that you pick a more reputable source for an argument. You don't see me posting fox news videos here do you? I wouldn't dream of backing up my point of view with some garbage I found on YouTube. That's all I was suggesting, no moderation intended, yet again some sort of misunderstanding has occurred. I was commenting on the lack of credibility in your video, not the posting of it. The daily acts of hacking, web site attacks and much else are part of the argument as that is why CISPA is being brought into law and why it is needed. All the supporting organisations in the link I provided to you have been hacked and had data stolen. There needs to be better coordination to prevent this sort of crime, hence CISPA. That is my main concern with him, he simply ignores questions that are to uncomfortable to his cause. Hi Tonci! I don't ignore anthing - I have posted links to CISPA many times in this thread - how it works is self explanitory, all those who wish to know can simply read it. Why I have to spoon feed people information when I have already posted the references is beyond me? Perhaps they will one day require a device to prop their eyelids open and move their eyeballs from side to side if no one is around to read things to them. (I do choose not to respond occasionally as the post does not make any sense (logic or legible) eg: post #513???) I once handed a policy document to a manager who promptly asked me to read it and explain it to him word for word. He wasn't stupid, just lazy and disinterested. It's a common tactic called obfuscation. Edited May 5, 2012 by PELHAM Share this post Link to post Share on other sites
batto 17 Posted May 5, 2012 The daily acts of hacking, web site attacks and much else are part of the argument as that is why CISPA is being brought into law and why it is needed That's why I say it's meaningless to continue this discussion. It's going nowhere. You'll never hear an explanation on how will CISPA change current situation to better except ususal "cyber threats on interwebz" BS. Share this post Link to post Share on other sites
Tonci87 163 Posted May 5, 2012 Don't mind you posting videos, was just concerned that you pick a more reputable source for an argument. You don't see me posting fox news videos here do you? I wouldn't dream of backing up my point of view with some garbage I found on YouTube. That's all I was suggesting, no moderation intended, yet again some sort of misunderstanding has occurred. I was commenting on the lack of credibility in your video, not the posting of it.The daily acts of hacking, web site attacks and much else are part of the argument as that is why CISPA is being brought into law and why it is needed. All the supporting organisations in the link I provided to you have been hacked and had data stolen. There needs to be better coordination to prevent this sort of crime, hence CISPA. Hi Tonci! I don't ignore anthing - I have posted links to CISPA many times in this thread - how it works is self explanitory, all those who wish to know can simply read it. Why I have to spoon feed people information when I have already posted the references is beyond me? Perhaps they will one day require a device to prop their eyelids open and move their eyeballs from side to side if no one is around to read things to them. (I do choose not to respond occasionally as the post does not make any sense (logic or legible) eg: post #513???) I once handed a policy document to a manager who promptly asked me to read it and explain it to him word for word. He wasn't stupid, just lazy and disinterested. It's a common tactic called obfuscation. How it can be abused is self explanatory too Share this post Link to post Share on other sites
mrcash2009 0 Posted May 5, 2012 (edited) Don't mind you posting videos, was just concerned that you pick a more reputable source for an argument. You don't see me posting fox news videos here do you? I wouldn't dream of backing up my point of view with some garbage I found on YouTube. That video was posted becuase I found it funny who was selected to defend the point in some ways, and he said a similar point in reference to what this thread is about, at no point did I post it to "back me up as a source of my argument" (as you say to us all, of your READ what I posted with that video you can see where I was coming from) ... then we know thats all you do is argue, I call it an open debate, and this is the difference. Again you speak like this thread is on your terms, it isnt, and posting a video can be ... posting a video. I was commenting on the lack of credibility in your video, not the posting of it. Its "a" video. :) All the supporting organisations in the link I provided to you have been hacked and had data stolen. There needs to be better coordination to prevent this sort of crime, hence CISPA. And in an ongoing cycle, we shall see where we are in the web future or so with its "customisable" implementation. Why I have to spoon feed people information when I have already posted the references is beyond me? You dont, you can stop, we know where they are to read, after all you are pretty much set on your end and we are all but spoon fed fools in your eyes, but you still react and repeat the same as we all do, so dont make it look like your excluded or feel the need to have too, a smell of superiority drenches the thread already. I once handed a policy document to a manager who promptly asked me to read it and explain it to him word for word. He wasn't stupid, just lazy and disinterested. It's a common tactic called obfuscation. Interestingly the same people are involved up top with putting legislation through, and clearly placed into the simplified comments I responded to a few posts back. So not sure how that defends much, but if it makes you feel good in the office, fill your work boots. How it can be abused is self explanatory too Amen. That's why I say it's meaningless to continue this discussion. It's going nowhere. Well, not really, I think everything has been said and repeated for sure, going no where would be that it didnt serve a purpose for the subject, and if you read it all, it does, for both sides of the coin. Although I question discussion some times though, "argument" crops up more than debate it seems. You'll never hear an explanation on how will CISPA change current situation to better except ususal "cyber threats on interwebz" BS. Thats because its on-line terror, fast track-ville, implementation is of up most importance, we have threats! It must be called for, you must ask for it, you simply have to accept it, nothing else in the world is powerful enough to thwart the on-line terror, there is simply nothing in it that could ever possibly effect anyone else but the bad men in the future ... apparently. :) Edited May 5, 2012 by mrcash2009 Share this post Link to post Share on other sites
PELHAM 10 Posted May 5, 2012 (edited) How it can be abused is self explanatory too Mostly imaginary actually lol. That's why I say it's meaningless to continue this discussion. It's going nowhere. You'll never hear an explanation on how will CISPA change current situation to better except ususal "cyber threats on interwebz" BS. Sorry to spoon feed yet again but that's not true, it's written very clearly within the legislation itself and is even outlined in the Q&A I provided on the previous page: http://intelligence.house.gov/qa-about-rogers-ruppersberger-cybersecurity-bill Today, the Chinese and other nation-state actors are stealing reams upon reams of corporate information and sensitive government information right out from under our noses; this expansive, aggressive effort undermines the free market and costs valuable American jobs. We must provide our private sector the information it needs to defend itself.Similarly, hackers are out there stealing tremendous amounts of personal information belonging to individuals, from credit card and social security numbers to medical records. We must provide the companies that provide critical services to ordinary Americans with the threat information they need to protect our personal information. We continue to work with various groups to see if the definitions in the legislation can be even more narrowly tailored, but it is important that any definitions be flexible enough to deal with rapidly changing technologies and the various adaptive tactics used by high-end nation-state hackers. See the bit about providing information, that's it. That's all CISPA is - it legslates for an exchange of preventative information and advice. A bit like a neighbourhood watch. Edited May 5, 2012 by PELHAM Share this post Link to post Share on other sites
batto 17 Posted May 6, 2012 Mostly imaginary actually lol.Sorry to spoon feed yet again but that's not true, it's written very clearly within the legislation itself and is even outlined in the Q&A I provided on the previous page: http://intelligence.house.gov/qa-about-rogers-ruppersberger-cybersecurity-bill See the bit about providing information, that's it. That's all CISPA is - it legslates for an exchange of preventative information and advice. A bit like a neighbourhood watch. We must provide the companies that provide critical services to ordinary Americans with the threat information they need to protect our personal information. Ah I see. So the official ultimate and only goal of CISPA is that some companies that provide critical services to ordinary Americans may one day recieve e-mail from government saying "you have been hacked, fix this and that". Interesting. This doesn't answer my questions at all. Why government? Today companies that care about security can hire companies that specialize in securing & monitoring servers/networks. Hi Tonci! I don't ignore anthing I'll ask for 3rd time then. 1) DDoS will hit US web site. How will CISPA help? (I think no spy infrastructure can prevent DDoS so this IMO invalidates 90% of your cyber-threat links/quotes) 2) Chinese will steal sensitive data from US R&D company. What's the advatage of being monitored by government (without the chance to opt-out) over being monitored by hired security company? Let's forget for a moment that unlike security companies government is payed from taxes. Here is some interesting read: https://www.eff.org/deeplinks/2012/04/cybersecurity-bill-faq-disturbing-privacy-dangers-cispa-and-how-you-stop-it Share this post Link to post Share on other sites
mrcash2009 0 Posted May 6, 2012 (edited) Ah I see. So the official ultimate and only goal of CISPA is that some companies that provide critical services to ordinary Americans may one day recieve e-mail from government saying "you have been hacked, fix this and that". Interesting. This doesn't answer my questions at all. Dont worry its "voluntary" though :j:, thats the point I was making looking at those list of points, and its clear that's just a buzz word 'for now' so I agree. In fact its put across so nicely that its simply the government giving handy tips and everyone else volunteers as they wish, its like a advert with minuscule small print. Why government? Today companies that care about security can hire companies that specialize in securing & monitoring servers/networks. More continued centralisation of information & data, and I also think the same in regards to what already exists, if your centralising everything then these companies are dotted around too much to track it all in one place, and thats just not tennis. If you get them hooked in via the "voluntary" card then its game on to sell it better to companies to go for that than thier own options. CISPA is a sales exersize to streamline this for net 3.0, well its clear its whatever you have been sold it is, and to think any further out from it, or highlight obvious things such as "customisation" & keywords like terror align to hacker and "national security" trigger (which then starts a process where government can then "go further" with the data), is somehow really odd or strange. I think your 2 questions have their own answers esp number 2, good questions. I just see that any attack worthy leads to the following ...threat = hacker = terror = national security = The government may not use the cyber threat information for other purposes unless a significant cybersecurity or national security purpose exists. Either way the data gets centralised, and may include things not related to the attack itself, which is beneficial if you are monitoring for other things outside of the "customisable" model, and brings it right back to entire point of issues with it. I will say this again, its a nice piece of legislation to open a direct link to government and companies to do exactly what people have issue with bathed in a mask of on-line cyber threats (terror). Just a mini patriot act for tinterwebz. One other example is, what if norad foiling online binladenzwebz "anonymous" come forward with some massive outage hacking spree in some open areas, what have you got? A Cyber threat via hackers that is terror based and national security issue, and thus, the spread of investigation and mass data sharing based on said large attack ropes all kinds of data in from all areas and normal users, and right away it can be mined and used for "other purposes" due to its national security red flag direct and central to government. Its either that or they will later get private contracters in (sign of the times) to "outsource" this process to deflect, but its still utlimately collated back at "monitors-r-us". ;) So, unless your utterly blind (speaking in general terms), it doesn't take a child to actually work out where this can go later, but, thats for UFO people apparently. Edited May 6, 2012 by mrcash2009 Share this post Link to post Share on other sites
PELHAM 10 Posted May 6, 2012 (edited) Ah I see. So the official ultimate and only goal of CISPA is that some companies that provide critical services to ordinary Americans may one day recieve e-mail from government saying "you have been hacked, fix this and that". Interesting. This doesn't answer my questions at all.Why government? Today companies that care about security can hire companies that specialize in securing & monitoring servers/networks. I'll ask for 3rd time then. 1) DDoS will hit US web site. How will CISPA help? (I think no spy infrastructure can prevent DDoS so this IMO invalidates 90% of your cyber-threat links/quotes) 2) Chinese will steal sensitive data from US R&D company. What's the advatage of being monitored by government (without the chance to opt-out) over being monitored by hired security company? Let's forget for a moment that unlike security companies government is payed from taxes. Here is some interesting read: https://www.eff.org/deeplinks/2012/04/cybersecurity-bill-faq-disturbing-privacy-dangers-cispa-and-how-you-stop-it You don't make much sense One_man? If some criminals carry out a bank robbery, or the bank notices supicious activity, the bank calls the police, if the police know that criminals are planning to target a bank they let the bank know. That is all CISPA is. Why the government? Well that is what it's there for and it already provides this sort of service in many different ways eg the police force. DDoS? since when is that 90% of attacks? It is actually the smallest percentage of the problem so that argument is nonsense to start with. CISPA may not stop DDoS attacks but that is not it's sole purpose. CISPA will allow governement agencies to warn about pending DDos attacks so that would be useful wouldn't it? CISPA's main focus is the organised hacking by nation states. eff.org? Same inaccuracy and paranoia you see from all such websites, shame so many fall for it. If you want the correct info stick to this: http://intelligence.house.gov/qa-about-rogers-ruppersberger-cybersecurity-bill @MrCash - love post #522 it's the best yet :D Edited May 6, 2012 by PELHAM Share this post Link to post Share on other sites
batto 17 Posted May 6, 2012 (edited) If some criminals carry out a bank robbery, or the bank notices supicious activity, the bank calls the police, if the police know that criminals are planning to target a bank they let the bank know. That is all CISPA is. If Chinese attacks, the harmed company will call police (maybe via hired security company) that will investiage with ISPs & others and may notify harmed company about future threat. That's CISPA? No that's reality. You don't make sense either. Why the government? Well that is what it's there for and it already provides this sort of service in many different ways eg the police force. Government is not here to spy on us. Police can't search your house or computer without any reason. You're missing the point. Securing access to sensitive data means doing it on own property. If you care about your family photos you secure your computer instead of monitoring every other computer in the world. If you are really scared you go to FREE-MARKET and hire professionals. Government is payed from taxes to protect citizens. Like murder or bank robbery, DDoS or intrusion is already a crime and police investigates it. It's IMPOSSIBLE that government will take care of every computer in US (like police can't protect every citizen from being murdered in his/her house). So if you left your server with "admin" password and rely on government to notify you about intrusion, it could mean you'll never get a notification. If you want to be sure you'll use good password, secure your applications, ... or hire professionals to do it (& monitor it). DDoS? since when is that 90% of attacks? It is actually the smallest percentage of the problem so that argument is nonsense to start with. CISPA may not stop DDoS attacks but that is not it's sole purpose. 90% of your cyber-threatz "evidence" was DDoS. CISPA will allow governement agencies to warn about pending DDos attacks so that would be useful wouldn't it? Hahaha... No it won't. I suggest you go to wikipedia and read what it is before using it as argument. CISPA's main focus is the organised hacking by nation states. I don't give a flying f*ck what YOU THINK is main focus CISPA. You didn't answer my questions once again. So will you admit that CISPA is bad? If not, please take some time and answer my previous question + these: How can government take care of every single computer in US? Why should government do it in first place? (did anyone ask for it?) And please, stop with "cyber-threatz on Interwebz". We all know them and I already gave you some examples on how can it be countered today. Centralized archive for security informations can be set up in open manner. Some already exist for a long time (CVEs). eff.org? Same inaccuracy and paranoia you see from all such websites, shame so many fall for it. By bashing EFF you make yourself look utterly stupid. This just shows that you've absolutely no idea about threats you talk about. Unlike you they are professionals formed long before government started to interfere with Internet. If you really cared about Internet security, cyber-threatz, ... you would already be regular EFF reader. Stop re-posting links that we all already know. So looking at Wikipedia, EFF was formed in 1990. That's long time before you found that Internet is good medium for porn distrubtion. Dont worry its "voluntary" though , thats the point I was making looking at those list of points, and its clear that's just a buzz word 'for now' so I agree. In fact its put across so nicely that its simply the government giving handy tips and everyone else volunteers as they wish, its like a advert with minuscule small print. AFAIK, the "voluntary" means that no one will be forced to monitor. But one can't find out who's monitoring. Those "volunteers" could be "good friends" on some crucial places. Edited May 6, 2012 by batto Share this post Link to post Share on other sites
PELHAM 10 Posted May 6, 2012 Well incoherent ranting aside, I will try to pick some valid points out of that. How can government take care of every single computer in US? That isn't what CISPA is for or attempting to do, it's for protecting government and private networks. There is no blanket attempt to spy on every computer, thats just the paranoid fantasy of eff.org and others. Yes many did ask for it and support it including me, I provided the links to the letters of support<-*link*. Nation states hacking other nations is the responsibility of the government as it's a national security issue, that is how it works. The organised international criminality is a bit above the capabilities of private security companies or the ordinary police. Counter espionage is a central government role in every single country in the world, I thought that was common knowledge? Do you think an ISP would get anywhere reporting organised hacking by the Chinese governement to the local police? I would check your reasoning there as it's a little absurd. I'm surprised you don't know this as I posted the links to the information, haven't you read it yet? http://intelligence.house.gov/qa-about-rogers-ruppersberger-cybersecurity-bill Share this post Link to post Share on other sites
batto 17 Posted May 6, 2012 (edited) How can government take care of every single computer in US? That isn't what CISPA is for or attempting to do, it's for protecting government and private networks. I meant traffic from/to computer. I thought you'll figure out. There is no blanket attempt to spy on every computer, thats just the paranoid fantasy of eff.org and others. And yet that's what could happen. That's just your fantasy that it won't. You'll have no way to find out. Yes many did ask for it and support it including me, I provided the links to the letters of support<-*link*. Microsoft dropped their support recently. I see cca 20-30 companies. So let's say the decision was made by cca 20 people from each company. 600 is not "many". Stop using weasel words. Nation states hacking other nations is the responsibility of the government as it's a national security issue, that is how it works. The organised international criminality is a bit above the capabilities of private security companies or the ordinary police. Counter espionage is a central government role in every single country in the world, I thought that was common knowledge? I have to admit I have a mixed feeling about this. The problem is that while US & others wanted open UN-like international organization, Russia wants treaties [1]. The fact that it will be misused against citizens for political reasons remains and it's just your fantasy it won't. [1] http://books.google.cz/books/about/Cyber_War.html?id=_oASQgAACAAJ&redir_esc=y (the book is very boring, it could be reduced to 50 pages, most of threats it shows are just DDoS-es & other minor stuff) Do you think an ISP would get anywhere reporting organised hacking by the Chinese governement to the local police? I would check your reasoning there as it's a little absurd. I would stop altering my original sentences like adding "local" to police. I said police and I meant FBI. I'm surprised you don't know this as I posted the links to the information, haven't you read it yet? http://intelligence.house.gov/qa-about-rogers-ruppersberger-cybersecurity-bill Of course I did. But only the Q&As I was interested in. Edited May 6, 2012 by batto Share this post Link to post Share on other sites
