Allegedly owned by someone that attended the DEFCON Shoot event where gun powder was transferred to the package, tipping a dog doing a random search in the Forums.
That would be wild. Bomb dogs usually are not trained to hit on ammunition since every officer on a scene is carrying some. Gunpowder is also a low explosive (meaning it burns at subsonic speed) which sucks for making things go boom.
Yes, but a lot of modern formulations are based around RDX chemistry or nitroguanidine, etc. So, a big portion of the "smell" is high explosive even if the overall formulation burns subsonic.
I'm hoping Verizon kills the deal. It would send a powerful message (unintentional on Verizon's part, but irrelevant) that a major data breach + installing NSA's rootkit on your servers could one day cost you billions of dollars, as well as give you a forever tainted reputation.
Realistically I think that the last field, Vulnerabilities / Product, is the one of more interest here. Rates are much more informative than absolutes. I'd be more concerned using a Canonical product based on the data you've shared than a Microsoft product.
+ the pencil @ $99 and the smart keyboard at $169. > $1k for the entry level model to be comparable with the Surface Pro 3 at ~$930 (which starts at 64GB, btw).
It seems more comparable to the Surface 3 ($499) than Surface Pro 3. The "Pro" moniker doesn't buy you a laptop replacement with Apple like it does with Microsoft.
I don't disagree. Unfortunately, this all falls on DoD-DISA. The NSA works with DISA to write the policy for how to secure systems (called STIGs) and also has 'Red Teams', but they aren't the arm that certifies these systems before coming online, nor are they the ones the ensure the systems stay secured as new vulnerabilities are found and patched -- that's DISA again.
That makes sense from an org-chart level. But if that's actually the thinking inside, it represents a total lack of ownership on their part to get to the overall goal of security.
You obviously know what you're talking about, but DISA can't enforce STIGs across the entire government can they? Some say that's DHS's job, or some Office within DHS (or within an Agency under DHS).
> but DISA can't enforce STIGs across the entire government can they?
No, with a small caveat: If that civilian agency (say DHS) is connected to the GIG[1], then DISA has a say-so and can threaten to disconnect them for failing security audits.
Something to keep in mind is that the STIGs are merely implementation guides to secure a system. Therefore, different agencies have different interpretations. In some cases specific secure implementations break systems and applications (mostly legacy ones), so they avoid securing those particular settings all together.
Yes, both can be disabled. However, I'm not sure if it's dependent upon which 'edition' though. For example, you can turn it off in Enterprise, but not Professional.
