ark1 - Slashdot User

Comment Re:Some other option (Score 2) 297

by ark1 on Sunday January 15, 2012 @11:19AM (#38705696) Attached to: Least worthy tech-world cliches / buzzwords?

Crowdsourcing

Comment Re:Layers (Score 1) 333

by ark1 on Monday January 02, 2012 @10:07PM (#38568580) Attached to: Ask Slashdot: Writing Hardened Web Applications?

+1 for multiple layers.

If this is a serious project, you should definitely consider getting a security pro involved to conduct a proper risk assessment. This will give you a good idea of what will be required to meet security expectations throughout the entire life cycle of your system.

Physical security, Network security, Policy/Legal requirements etc will likely require to be assessed if not already done.

Comment Re:applicants (Score 1) 229

by ark1 on Friday December 23, 2011 @09:53AM (#38470550) Attached to: Do You Have the Right Stuff To Be an Astronaut?

20/20 vision? Incredible shape? This is slashdot, that means none of us qualify.

TFA is not entirely accurate. If you look at the actual job posting, they say "Must be correctable to 20/20". This means you can wear glasses or have an eye surgery to meet 20/20.

Comment Re:aldrich ames passed his polygraphs (Score 1) 238

by ark1 on Saturday December 17, 2011 @07:30PM (#38412080) Attached to: How Does the CIA Keep Its IT Staff Honest?

Actual polygraph questions are Yes/No only.

Comment Re:Polygraphs are nothing but BS. (Score 2) 238

by ark1 on Saturday December 17, 2011 @05:02PM (#38411118) Attached to: How Does the CIA Keep Its IT Staff Honest?

If you read about the actual history and accuracy of polygraphs, you will find that they are not "lie detectors" at all, but merely tools of intimidation. (I could cite many, many sources. While not authoritative, the Penn & Teller show "Bullshit" has a very informative episode on the matter. And yes, the show is called "Bullshit" for a reason. Polygraphs are bullshit.) Polygraphs are used as tools for intimidation in order to interrogate. By themselves, they are worthless. They are security theater, much like the TSA. I really hate to see our country run by people who believe in (or pull) this kind of BS.

Sure polygraphs are far from perfection but is your normal job interview perfect at assessing if you are the best candidate for the job? Is a 2 hours exam best way to assess your technical skills? Or reference checks? To me its just another step in what is a subjective process anyway.

Comment Re:WTF? (Score 3, Funny) 238

by ark1 on Saturday December 17, 2011 @04:48PM (#38411022) Attached to: How Does the CIA Keep Its IT Staff Honest?

What use would the CIA have for honest staff?

You have to be honest to the organization but lie to everyone else.

Comment Re:Somewhere in the engineering process (Score 1) 647

by ark1 on Thursday December 15, 2011 @09:05PM (#38392140) Attached to: US Sentinel Drone Fooled Into Landing With GPS Spoofing

I am not. I remember when the Taliban hacked into the Predator drones over Afghanistan and were receiving the video down-link due to the lack of encryption :(

The predator was not hacked into.The stream was unencrypted which made it an easy target for passive listening.

Comment Re:What is with the UK and all this surveillance a (Score 1, Funny) 398

by ark1 on Tuesday December 13, 2011 @05:16PM (#38361276) Attached to: UK Police Test 'Temporarily Blinding' LASER

Dunno why they don't just use flashbulbs.

"Smile! You're under arrest!"

Does give a whole new meaning to Legally Blind, Blind Justice and Shedding a little light on the Crime.

No one wants to see a British smile.

Comment Reflection? (Score 5, Interesting) 398

by ark1 on Tuesday December 13, 2011 @04:54PM (#38360818) Attached to: UK Police Test 'Temporarily Blinding' LASER

I'm sure someone will figure out a way to reflect (mirror?) back to the source.

Comment Re:They just want your Facebook (Score 1) 340

by ark1 on Monday December 12, 2011 @08:33PM (#38350274) Attached to: Site Offers History of Torrent Downloads By IP

1. Create a fake facebook page impersonating a top RIAA exec. 2. Visit this page. 3. Wait and profit!

Comment Re:My letter to Maged (Score 1) 231

by ark1 on Friday October 14, 2011 @08:24PM (#37720464) Attached to: Security Researcher Threatened With Vulnerability Repair Bill

There is certainly a great number of important details we are missing in this story but as much as I would like to defend this guy it appears to me he clearly stepped the line if he indeed tested with 568 statements. Your analogy in this case is not accurate as he didn't had to access 568 different accounts to prove his point. A better analogy could be something like this. If you find a way to access all hotel rooms without proper keys, do you have to physically open 568 rooms to prove the owner that you know how to bypass his door security? I don't know the law in Australia but it is possible that this institution will now have to contact each affected account and inform owners about this unauthorized access even if the offending party had no malicious intentions. That is not good for your PR and will cost them $$$. Without having more details it is difficult to say more but it looks to me like both sides could have handled this in a better manner.

Comment Re:Critical information missing in TFA (Score 2) 231

by ark1 on Friday October 14, 2011 @06:50PM (#37719616) Attached to: Security Researcher Threatened With Vulnerability Repair Bill

The PDF has a sentence which hints that he may have submitted a proof of concept that accessed approx 568 statements.

Comment Re:Impressive compared to what? (Score 2) 68

by ark1 on Sunday June 19, 2011 @04:32PM (#36493088) Attached to: Life As a Bug Hunter

The real money is in the black market of 0days. That is where Intelligence agencies and criminals compete for new vulnerabilities and are willing to throw some major money depending on the severity. If you are fortunate to find a critical 0day - think remote exploitation in a popular OS/application without user interaction then you may pocket 6 or even 7 figures for a single bug. White hat reporting is mainly done as a hobby and/or advertisement of your personal skills or your company and is not really meant to be a full time job.

Comment Misread it as... (Score 1) 72

by ark1 on Friday June 17, 2011 @06:05PM (#36480484) Attached to: Researchers Design Memory-Strengthening Implant

"Researchers Design Mammary-Strengthening Implant" Unfortunately my brain can only make one association with the word Implant.

Comment No human intervention? (Score 1) 95

by ark1 on Saturday June 11, 2011 @09:56AM (#36410606) Attached to: Russian Lie Detector ATM

Lets assume for a second this voice stress analyser can actually detect deception at a very high rate (it can't). What prevents someone from pre-recording all answers from themselves or someone else at the time when they are telling the truth then play when required? I suspect results of this stress analyser have no or very little bearing in the final outcome. This is all smoke and mirrors with hopes that those who believe in lie detectors wont attempt to apply.

Slashdot Top Deals