Comment Www.sharefile.com (Score 1) 274
You should look into sharefile. It is a secure alternitive to drop box. You can also optionally host an on prem appliance while still utilizing their cloud based access and front end.
Comment Enter at your own risk (Score 1) 204
The way that I read Jeff's comment was not so much as a ban of the Feds but he seemed to be politically cautioning the attendance of Feds on potential hostilities from attendees who aren't particularly thrilled with the recent disclosures.
We can all argue the maturity level of the conference but in the immortal words of Friedrich Nietzsche:
"Madness is rare in individuals, but in groups, parties, nations and ages, it is the rule"
Surely there would be severe consequences on both sides were there to be pranks or aggressions on Feds in attendance.
Of my many years of attendance, I have never considered Defcon to be a completely open environment free from danger, but rather a Hackers Mos Eisley where you can interact with all walks of life, but that you had better be aware of those who do not like you.
Submission + - The state of information security today (purdue.edu)
tanawts writes: Capturing a recent topic posed during a panel at CERIAS Symposium, Gene Spafford breaks down the problems of the industries current response to computer security today.
The article touches on recent government involvement, pwn2own style competitions, and the vicious cycle of IT professionals being pulled into incident after incident without being allotted the time and priority to correct the systemic problems that cause these security fiascos.
"There's another barn on fire! Quick, get a bucket brigade going — we need to put the fire out before everything burns. Again. It is getting so tiring watching all our stuff burn while we're trying to run a farm here. Too bad we can only afford the barns constructed of fatwood. But no time to think of that — a barn's burning again! 3rd time this week!"
The article touches on recent government involvement, pwn2own style competitions, and the vicious cycle of IT professionals being pulled into incident after incident without being allotted the time and priority to correct the systemic problems that cause these security fiascos.
"There's another barn on fire! Quick, get a bucket brigade going — we need to put the fire out before everything burns. Again. It is getting so tiring watching all our stuff burn while we're trying to run a farm here. Too bad we can only afford the barns constructed of fatwood. But no time to think of that — a barn's burning again! 3rd time this week!"
Submission + - Crisis averted in BIOS source code leak (scmagazine.com.au)
mask.of.sanity writes: The world's largest BIOS vendor has attempted to calm rising panic over the leak of the cryptographic signing keys and source code for its UEFI BIOS
A Taiwanese vendor had left a file transfer protocol server open for anyone to browse and download internal emails and the source code for the vendor's UEFI BIOS and cryptographic signing keys.
The company, American MegaTrends, said the security keys on the ftp server were not used for production systems.
A Taiwanese vendor had left a file transfer protocol server open for anyone to browse and download internal emails and the source code for the vendor's UEFI BIOS and cryptographic signing keys.
The company, American MegaTrends, said the security keys on the ftp server were not used for production systems.
Comment Re: Improve infrastructure, don't inact laws to p (Score 1) 80
To put it another way.
The wolf does not adhere to the laws of the little pigs.
If your tired of him blowing your house down, you need to stop thinking about patching holes in your straw house. Reenforcing reeds isn't a scalable solution.
You need to start building the houses with bricks.
Comment Re: Improve infrastructure, don't inact laws to pr (Score 1) 80
I'm not sure that we have a choice. "Because its hard" is probably not going to be a sufficient excuse with respect to the critical mass we are heading toward. If everything that the world has invested in standing on top of the Internet is so important, than all that important stuff is going to need to experience the growing pain of adapting to new redesigned transit protocols. The alternative seems to be a sheer cliff.
Comment Improve infrastructure, don't inact laws to prolif (Score 2) 80
Given that a lot of these problems stem from inherent design flaws with our current Internet protocols, perhaps we ought to start improving upon the 20 and 30 year old protocols we've been relying on. Fundamental scale and design flaws will continue to empower bad people to do bad things so long as it continues to be nearly effortless. BGP, DNS, IPv4... You can only build on a foundation for so long before its age and brittleness beings to cause serious problems.
Comment Sabu vs APT1 (Score 1) 116
Really...? You have real threats out there like APT1, and the most useful thing you can think to do is threaten 124 years of prison to try and shake out folks who are doxing, and ddosing???
US Gov: You're doing it wrong.
Comment With great power, comes great responsibility (Score 1) 823
Always remember that.
Comment What was your favorite/most elaborate prank? (Score 2) 612
You have a long history of being a trickster. I am curious which you are most proud of/which was your favorite.
Comment Sounds like tech support? (Score 1) 630
I guess I am desensitized... I realize this is a pharmaceutical company, but this is all very standard behavior in the tech support / call center world. I've seen this sort of thing since 1998, so it really isn't that new to me.
In both cases it sounds like management is being asked to predict productivity and deliverables based on time.
Is your job function serial in nature at all? Does someone have to do something to a product before its passed to you and do you pass it to someone after that?
Comment Two types of Professionals (Score 1) 515
You are going to find two types of techs throughout your career.
* The Career-Person:
Is there to punch a time card and collect a paycheck
Learns only what is necessary to do the job
Probably received a classroom education on tech
Goes home and complains about not having enough free time to socialize
* The Enthusiast:
Loves technology and loves getting paid for working with it
Is constantly researching new technology even if it doesn't have to do with work
Could either have a degree our self taught education
Goes home and hacks on/fiddles with some sort of tech
* The Career-Person:
Is there to punch a time card and collect a paycheck
Learns only what is necessary to do the job
Probably received a classroom education on tech
Goes home and complains about not having enough free time to socialize
* The Enthusiast:
Loves technology and loves getting paid for working with it
Is constantly researching new technology even if it doesn't have to do with work
Could either have a degree our self taught education
Goes home and hacks on/fiddles with some sort of tech
Top Google Executives Approved Illegal Drug Ads 287
Hugh Pickens writes "PC Magazine reports that the U.S. government used convicted con artist David Whitaker, owner of an online business selling steroids and human growth hormone to U.S. consumers, to help federal agents in a sting operation against Google when he began advertising with Google with advertisements that included the statement 'no prescription needed,' clearly violating U.S. laws. Google's settlement with the U.S. government for $500 million blamed AdWords sales by Canadian pharmacies, who allegedly were selling drugs to U.S. consumers. 'We banned the advertising of prescription drugs in the U.S. by Canadian pharmacies some time ago,' Google said then. 'However, it's obvious with hindsight that we shouldn't have allowed these ads on Google in the first place.' Peter Neronha, the U.S. attorney for Rhode Island who led the multiagency federal task force that conducted the sting, claims that chief executive Larry Page had personal knowledge of the operation, as did Sheryl Sandberg, a Google executive who now is the chief operating officer for Facebook. In 2009 Google started requiring online pharmacy advertisers to be certified by the National Association of Boards of Pharmacy's Verified Internet Pharmacy Practices Sites program and hired an outside company to detect pharmacy advertisers exploiting flaws in the Google's screening systems."
Intel's Plans For X86 Android, Smartphones, and Tablets 151
MrSeb writes "'Last week, Intel announced that it had added x86 optimizations to Android 4.0, Ice Cream Sandwich, but the text of the announcement and included quotes were vague and a bit contradictory given the open nature of Android development. After discussing the topic with Intel we've compiled a laundry list of the company's work in Gingerbread and ICS thus far, and offered a few of our own thoughts on what to expect in 2012 as far as x86-powered smartphones and tablets are concerned.' The main points: Intel isn't just a chip maker (it has oodles of software experience); Android's Native Development Kit now includes support for x86 and MMX/SSE instruction sets and can be used to compile dual x86/ARM, 'fat' binaries; and development tools like Vtune and Intel Graphics Performance Analyzer are on their way to Android."
Comment Bug fixes (Score 1) 666
With commercial support, if and when you find a bug in the distribution, you have the means and leverage to have the bug fixed and possibly interim workarounds.
