that the quote appearing at the bottom of the page is Mizner's:

"If you steal from one author it's plagiarism; if you steal from many it's research."

As someone mentioned, it's not shocking the prosecution was politically motivated but shocking that they admitted it. I'll add that it's also not shocking that they think they didn't do anything wrong!

Or maybe the professionals (security "consultants", sales, and everyone else in line to make a friggin buck) just wants to hammer home that the sky is falling to keep the good times rolling. And yes, that means you too, Mr I work in the intelligence community. Is the state of "cyber" security in the various critical infrastructures weak? Absolutely and they need to be improved upon. I too work "in the field" and am very familiar with the state of security for several organizations in a specific critical infrastructure. It's bad. Really bad. The risks are primarily sensitive data (commercial). The weaknesses in controls systems are organizational. That's right, organizational. When the resources are taxed to just maintain the status quo, things slip when you have to engage in new projects. Security improvements fall under new projects and completion/success is declared at some arbitrary implementation level so everyone can get their check mark and move on to the next issue. The core reason? Profits and specifically O&M numbers. Don't fool yourself, it's a business. And security doesn't show up on profit side, only the cost.

So much for using mod points on this discussion... 3-4 years ago, I was the technical lead on a project to encrypt all laptops (mobile data, but not handhelds... *shrug*). The original project team had selected a solution (home directory only encryption) and then commenced to hit the skids. I was brought in to turn the project around. I found security weaknesses on the directory encryption (Hiram's boot cd could easily bypass it). We decided to test a whole disk solution, and went with it. For an environment that had 800+ laptops, ~25% being field crew devices (shared devices, assigned to a truck with crews then assigned to trucks on a daily basis), full deployment took 6 weeks and a dedicated team of 6 people. During the 6 weeks, we trained the IT Support staff on how to support systems w/ whole disk encryption including the decrypt process as well as continuing the roll out for new hardware deployments. Does it add to overhead on support and cause situations where data is "unrecoverable" when otherwise there would be a reasonable chance to recover? Yes. The business determined it was worth it due to the number of laptops lost/stolen. As a side note, not one user complained about additional system latency. Password sync was easily achieved via LDAP and the keys to the kingdom is held in an enterprise cert that can decrypt/access all devices. PGP WDE is the current solution. So far, so good. No linux support though.

what is this crap, kuro5hin? I'm new here, I actually read it and want the time I wasted back. and yes, the US will convert to metric just as soon as the entire adult populace is educated past an 8th grade level.

10 years in right now ;) And I concur, there is a strong possibility that the company would get wise and freeze the pension completely. They've already killed off new enrollment to the pension (almost 10 years ago).

401k contributions while maxing out the company matching program ... check

Actively managing (ie paying attention to and not actively/daily trading) an old IRA and 403b account ... check

End of the day, losing the pension would be a significant hit to my retirement plans, but I've got my contingency plan of the other retirement funds which will provide a modest retirement. Just not going to be able to have month long trips overseas every year.

I'm a lucky one w/ a pension still, or at least enrolled in a pension. Talk to me in 19 years when I've accrued all my points for full retirement assuming the company kept the plan alive!

A couple months ago, I popped my head up and took a look around the local job market based on my experience (Indianapolis, IN cyber security, security architect, and cyber security compliance). Talked to a few companies, dusted off the suit to sit down w/ one, and it got tanked at the end of the interview. The SVP was asking about my current compensation (I freely give that out to perspective employers) and he mentioned how great the bennies were. I responded w/ how my current bennies would have hit the proposed Cadillac Tax on health care plans as well as being 10 years into a pension plan. Needless to say, the company was unable to come close to my overall compensation.

Prior to all this, I looked at what leaving my current employer would cost me on just the pension. Assuming an expected live span of 85 yrs (had to pick a number) and retirement if I left at age the same time I qualified for the full pension, I would need to increase my salary by nearly 45% to make up for the loss of the pension. The equation changes a bit if I were leave and to retire at age 65 vs 58 if I stayed and got the pension.

The short of it is that the pension is truely golden handcuffs, and while I may sound like I'm complaining, it is a good problem to have!

squid as a mitm ssl proxy? but like so many previous commenters... why? other than messing w/ a roommate (ala http://www.ex-parrot.com/pete/upside-down-ternet.html) this is really useless. but hell, billables are billables!

Can't agree more. If you really want to hand off, you have to find a different EMPLOYER and not a different department/supervisor. Otherwise, every project you've ever lead will be yours forever. Sure, someone may be "responsible" for the day to day stuff and it can be upgraded half a dozen times, but if it falls over and the current guy/gal can't figure it out, you'll be getting the call. Documentation is great, but it only gets you so far as it's nigh impossible to document everything you did and why, much less what to do when X happens do Y for every case. The other reality w/ documentation is that for it to be useful, someone has to READ it. Good luck with that, RTFM became part of the gestalt for a reason. Suck it up, follow a previous poster's advice by CC'ing your new supervisor so he/she atleast can see how much time suck is going on and just be helpful as you can to the next guy. After all, it's us vs the users! ;)

Not even property protection. Their role is to apprehend criminals, AFTER a crime is committed. To protect and serve is simply their marketing tag line. The only protection law enforcement gives is the potential crime an individual may have committed while they are in custody or incarcerated (and that doesn't stop all criminal activity). If you want protection, regardless for personal or property, you need to provide it yourself!

but seriously, who hasn't enjoyed some Gedankenexperiment and run through all the neat little things one could do to really make someone's life a living hell? The fail here was the evidence trail he left :)

for myself, I intend to jump ship from facebook once a critical mass of my "friends" are available on g+ (and really, just friends, not people who know my friends). Until then, I'll live with fb updates to my inbox and the occasional interactive login to respond... oh wait. that's what I'm doing now!

Thanks Charlie and James! I'm rockin and rollin!

looks like matt grabbed the AC's invite. if there's anymore out there, i'd love to receive it! gyshin(@)g mail . com

i'd appreciate an invite as well. noone(.)indy@liamg.moc danke schon!