It's kinda sad what a few Google searches can turn up. http://www.hackersforcharity.org/ghdb/ Of course, searching from his own computer wasn't exactly bright.

In the article @ Rapid7.com, HD briefly mentioned WarVOX - another one of his pet projects - as a means to find targets. And that lit the bulb over my head. Yes, the vast majority of what goes on is going to be boring as hell. But don't just use this on "a" target. Wardial to find a crapton of them, automate recording audio from the targets, feed it into some transcription software (cheap solution: perhaps leaving vm for yourself in Google Voice?), and alert on keywords. Let it do its thing and just check in occasionally to hear 20 second clips around whenever someone says "password" or "lawsuit" or "IPO"... whatever tickles your fancy.

I'm with Alranor. Having spent several years on subs, sometimes in "interesting" locations, I second the notion that "burn it with fire" is likely used if there is threat of capture due to the need for speed of disposal, and also because it doesn't matter how the sensitive data is stored... paper, mag tape, hd, ssd, dvd... high enough heat destroys them all. It also doesn't require anything to still have power to "write zeros".

You contradict yourself by saying all certs except Cisco are worthless, then start listing others that are "still worthwhile."

In addition to the ones you listed, I'd say anyone with a GIAC "gold" certification (requires a published research paper), a GIAC GSE (requires mutiple GIAC certs and hands-on evaluation), or VMware VCDX (2 tests + submit a design/implementation plan and defend your decisions) is probably going to have solid knowledge. Offensive Security's OSCP is another with "real-world" testing.

But not every certification has to imply the holder has omnipotent godly power in their chosen field. It can also show basic competence (CCNA and the labs built into the test) or even just a willingness to invest in one's professional education (VCP ain't cheap, and requires attending a VMware-approved training course).

Certs alone may not get you the job, but they are very useful in getting past the HR department so that someone with actual experience can evaluate the rest of your resume. From a technical knowledge standpoint the CISSP is pretty useless, yet most higher level infosec jobs list it as a "requirement". So guess what I'm going to spend $550 on next quarter?

...still doesn't give a shit. He'll eat a 35' robot snake. He's pretty badass.

And get arrested for necrophilia.


Too soon?

For some organizations, it is a weighted risk. Which would be worse: some random car thief thinking he stole somebody's 8-track collection, or not being able to find/remember the right password to restore the data in a legit DR situation?

Although, even with my defending them above I have to ask... WTF was going on with tapes left alone in an employee's car? Most places use a data storage company to transfer and store tapes.

Also, Axway's Raley was either misquoted or she's an idiot. What is Tricare using that makes tape encryption so difficult? Usually the difference between encrypting and not is just a checking a box and entering a password. May slow down an already tedious process of backing up/restoring, but definitely isn't difficult to implement.

en.wikipedia.org is currently using TLS 1.0.

Go fuck yourself, Sony.
Is that statement clear enough to meet requirement 4?

I'm one of those who uses VMware on a daily basis, and who is interested to see how others are receiving the release of 5.0. I'm currently running 4.1 on a group of 6 physical servers. VMs automagically migrating from one host to another based on resource requirements was pretty cool, storage vmotion was even better. With 5.0 I'm really looking forward to trying out the storage DRS, which was the logical next step.