Forgot your password?
typodupeerror

Comment: "It depends" (Score 5, Interesting) 75

by AgentPhunk (#39589711) Attached to: Good News: A Sustained Drop In Spam Levels

We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?

Comment: Re:Unfortunate (Score 1) 360

by AgentPhunk (#38301182) Attached to: Netflix CEO Comments On Recent Decisions

Agreed - but one minor clarification: Hollywood negotiates with the theaters for profits percentages for new releases. Opening weekend, Hollywood takes 100% of ticket sales, and the theaters ONLY make money on the crap food they sell you. Several days/weeks later (depending on the release), the theater now starts getting incrementally more percentage. So they have to charge $5 for a box of popcorn to make any money.

Comment: Finally - a 'cloud' solution (Score 1) 138

by AgentPhunk (#35937174) Attached to: ERP Vendors Get Into Medical Marijuana Business

Yes, pun intended, but seriously: many dispensaries are still getting raided by the feds, who take their computers and customer lists. Maybe a cloud-based ERP solution would be a good way to get around this, assuming you could crypto the fuck out of it. Just figure out how to remember the password before you toke up, and don't write the password down on rolling papers.

Comment: Re:Dropbox IPS sig from EmergingThreats (Score 1) 168

by AgentPhunk (#35763866) Attached to: Dropbox Authentication: Insecure By Design

I'm sorry, I know this is /., but did you not RTFA?

I completely understand the concept of facilitating employee communications - we have a solution for that - secure file transfer (SFT), which we implemented after our FTP server was hacked and sensitive files went god-knows-where. SFT is quantifiable, controlled, and far more secure than something like dropbox, especially when you consider the issues described in TFA.

And I disagree with the anon poster below who compares this to flash drives or CD's. Again, anybody, anywhere, can access dropbox files once you get the .db file. At least with removable media you still need physical access.

And I did look at a few user's systems - large MP3 collections and yes, sensitive business documents.

I am trying to PROTECT the profitability of my company.

Comment: Dropbox IPS sig from EmergingThreats (Score 2) 168

by AgentPhunk (#35762692) Attached to: Dropbox Authentication: Insecure By Design

My IPS sensors went berzerk today after I updated my sigs from Emergingthreats.net:

emerging-all.rules:alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Dropbox.com Offsite File Backup in Use"; flow:established,to_server; uricontent:"/subscribe?host_int="; uricontent:"&ns_map="; uricontent:"&ts="; content:".dropbox.com|0d 0a|"; classtype:policy-violation; sid:2012647; rev:2;)

I was shocked how many users have this installed and running on their systems. Now I just need to convince management why I should change this rule to BLOCK. TFA and the /. comments will sure come in handy.

Kudos to the folks at ET and the community that writes these sigs. Simply amazing.

Comment: Why not a live virus? (Score 1) 366

by AgentPhunk (#33819138) Attached to: Simple Virus For Teaching?

Perhaps a better learning experience would be to connect the lab (or a handful of the students own computers) to the Internet, and stick a box running Snort (www.snort.org) with Emerging Threats (www.emergingthreats.net) signatures in between. If, by some miracle (or the fact that they're all Mac's) you don't have any immediate indicators of infection, then head on over to teh Googles and search for 'smiley tool bar' or 'free porn' with the I'm-Feeling-Lucky button. That ought to do the trick.

Get a full packet capture of the session so you can dissect how the virus was able to get on the machine, where it left hooks, how its similar and different to other types of malware, etc.

I agree that a review of a simple virus is a worthwhile endeavor, but perhaps that's best learned via a good book or whitepapers on the Internet. Save the demo for something that's relevant and 'live'.

And on second thought, maybe its best if you set up a demo machine to be infected. That way you can nuke it from space afterwards, just to be sure.

Comment: pre-meeting meetings (Score 1) 263

by AgentPhunk (#32608344) Attached to: Supreme Court Says Gov't Employee Texts Not Private

Many years ago I worked at a Boston-based mutual fund company. We not only had pre-meeting meetings (where the people on your "side" would all agree on what they'd say/agree to in the actual meeting), but then we started have pre-pre-meeting meetings - where a smaller subset of the people on your side would agree on what they'd say/agree to in the pre-meeting meeting, and then what they'd actually say in the actual meeting. (!!!)

Confused? You betcha. Backstabbing was considered an acceptable way to get your job done, especially if it had ANYTHING to do with the Marketing department.

Comment: Re:Yeah consumers! (Score 1) 557

by AgentPhunk (#32356196) Attached to: Apple Surpasses Microsoft In Market Capitalization

They have competition, but not enough so in the enterprise market. Every year when it comes time to renew our support/licensing agreements, there is NO negotiation. They basically say "this year its $X." That's it, end of story. Pay up or else. They might as well be sticking a gun in our back. REAL competition might not get us to switch away from Microsoft, but it will at least bring them back to the table for actual discussions on price.

Comment: Re:Is it pronounced DOHS or DAHS? (Score 3, Funny) 426

by AgentPhunk (#32355302) Attached to: For Automated Testing, Better Alternatives To DOS Batch Files?

The other posters are correct. You only say "DAHS" if you're from Boston, as in: "Oh My Gawhd, some retahd on slashdaht is still writing DAHS bahtch files. Why don't we just fihre up Windows fah Workgroups while we're aht it."

Seriously though - I think nmap can send PCL commands via the nmap scripting engine, which is written in LUA. How about wrapping that with what some of the other posters are suggesting?

Comment: Facebook addicts (Score 1) 126

by AgentPhunk (#32222988) Attached to: Facebook Throws Privacy Advocates a Bone

There are two things I don't understand:

1) people who are addicted to Facebook, and feel the need to post every single one of their inane thoughts on FB
2) how those inane thoughts have any marketing value and/or how it affects the users "privacy".

I understand the PII (Personally Indentifying Information) issues like birthday, hometown, etc, but does ANYONE really care that one of my friends from High School (whom I haven't spoken to in over 18 years but 'friended via FB) is proud that his daughter scored her first goal in soccer today?? (True story, btw.)

Is someone actually mining that random piece of trivia into an actionable data point that can then be used to generate revenue? I guess what I'm saying is that I'm not sure what all the fuss is about.

Comment: Racktables! (Score 1) 113

by AgentPhunk (#31946970) Attached to: GUI-Based Asset-Tracking Tools For a Datacenter?

Racktables.org is a very good, Free / Open Source solution to your problem. From the SourceForge description:

Racktables is a nifty and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and much, much more!

It lets you lay out racks, assign IP Address to assets, yadda yadda. Live Demo here:
http://racktables.org/demo.php

Last code update was 2010-02-17, and the guy seems to be good about maintaining it and adding new features. Its not "sexy" in the sense that your not looking at actual Visio diagrams of the gear in the racks. If you really need that, then I would suggest the RackWise solution (http://www.rackwise.com/), which has two offerings: 1) SaaS, where you pay by rack, at roughly $300 per rack. Its a plug-in to Visio, and your rack models are stored up in the cloud., 2) onsite appliance, where you pay through the nose (!!) but get the added benefit of integrating power management functionality into the solution.. i.e. how much power is this rack drawing, what PDU's is it attached to, etc. Option #2 is for large-ish (100+ rack) datacenters, IIRC.

Nothing is rich but the inexhaustible wealth of nature. She shows us only surfaces, but she is a million fathoms deep. -- Ralph Waldo Emerson

Working...