Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Depends on the firewall, depends on the business (Score 1) 267

Next Gen Firewalls typically have three interesting features that changes this game. The first is Single-Sign-On tech that allows the ntwkr to use User ID (either on Active Directory, LDAP, or pulling it off 802.1x\RADIUS, or SYSLOG). That gives them an extra special group that they can then give extra perms to or bypass capabilities (maybe even with a coaching TOS screenie). There are lawyers, executives, and HRIS people that may need bypass to do investigations for the company or maybe the company just wants to treat people like adults, but in the case there is a HR issue or violation they need the logging. The second and third are the ability to hand application controls, URL Filtering, and GEO-IP reputation in the same security policy as the user Identity. This single-policy execution makes these firewalls a no-brainer to push whatever policies you need.

Now, I am of a mindset that technology should fix business problems and content filtering is a business problem. Depending on the business you are in and job description, the responsibilities change. I think the discussion is fairly moot due to lack of information on industry.
My opinions:
In the tech world leave it open but log everything
In the financial industry, GEO-IP, In-line antivirus, and application control (with SSL inspection) are key, but you have to be fairly open with the content filter (coaching pages).
In education, block everything (I keed, but not really)
etc etc etc

Submission + - Another Surprise In Jeb Bush's Email Cache: Viruses (itworld.com)

itwbennett writes: In addition to personal phone numbers and email addresses for hundreds of people who corresponded with him, there’s something else inside the cache of emails that Jeb Bush released this week: computer viruses. Alongside a Web interface to read the emails, Bush also offered raw Microsoft Outlook files, and it’s in those files where the viruses lurked in file attachments. Many are old and easily detectable with modern anti-virus software, but they still might pose a threat to some people running older computers or without anti-virus software. For example, in the email database from 2001 there are several attachments that carry the “Happy99.exe” file, a computer worm for Windows 95, 98 and NT systems, also known as “Ska,” which first appeared in 1999.

Submission + - Sony, Microsoft and Others Agree to Share Customer Data With US Government

Jason Koebler writes: On Friday, the president issued a cybersecurity executive order that creates a new framework for “expanded information sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber threats,” according to an emailed fact sheet from the White House.
Some groups are signing on for full information sharing, starting now. They include the Cyber Threat Alliance, which includes Palo Alto Networks, Symantec, Intel Security and Fortinet; the Entertainment Software Association, which represents Sony and Microsoft’s video game divisions, as well as many more of the largest video game companies in the country; Crowdstrike, a security firm; Box, a cloud storage company; and FireEye, a cybersecurity firm.

Submission + - Our oceans are being fed 8.8m tons of plastic annually, alarming study finds (techienews.co.uk)

hypnosec writes: According to a new study that tracked marine debris from its source, 8.8 million tons of plastic ends up in the world oceans annually. Plastic waste is a global problem and until now there wasn't a comprehensive study that highlighted how much plastic waste was making it to the oceans. Latest study by researchers over at University of Georgia claim that if all the plastic waste being dumped to oceans is accounted for, it will be equivalent of five grocery bags full of plastic debris dotting each foot of coastline around the world.

Submission + - Obama set to push cybersecurity data-sharing (thestack.com)

An anonymous reader writes: President Barack Obama is preparing to sign a new executive order today which urges organisations to share information on cybersecurity threats with the White House and each other — a decision sparked by recent attacks including that on Sony Pictures last November. The order will set in place the new ‘information sharing and analysis organisations’ (ISAOs) initiative which aims to encourage companies to share data on cyber threats among themselves and with the Department of Homeland Security. The White House has said that the community is the next step in making businesses aware of and more familiar with security legislation, offering participating companies liability protection.The order will be signed by Obama at a day-long cybersecurity conference held at Stanford University.

Submission + - Bringing offshore into 4G connectivity

Amanda Parker writes: Reliable, high-speed communications technologies are transforming the offshore environment, improving the day to day lives of offshore workers. Having just established its first 4G network for Shell on the Norwegian continental shelf, Maritime Communication Partner explains what better connectivity will mean for the offshore sector. From autonomous drones monitoring the seafloor to advanced drilling rigs sending back detailed information to the drilling platform, offshore operations are becoming ever more interconnected. With GSN and satellite based networks both costly and restricted, telecoms specialist MCP is branching out of cruise ship communications to offer 4G connectivity to offshore operators.

Submission + - Splitting HARES, Military Grade Crypto in Malware (wired.com)

Dharkfiber writes: Andy Greenberg @ Wired Magazine writes, "Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It’s also what allows those same hackers’ dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder." New crypto tricks being added to Malware, SSL, Disk, and now HARES packaging.

Submission + - Peak Google: The Company's Time at the Top May Be Nearing Its End

HughPickens.com writes: Farhad Manjoo writes at the NYT that at first glance Google looks plenty healthy, but growth in Google’s primary business, search advertising, has flattened out at about 20 percent a year for the last few years and although Google has spent considerable resources inventing technologies for the future, it has failed to turn many of its innovations into new moneymakers. According to Manjoo as smartphones eclipse laptop and desktop computers to become the planet’s most important computing devices, the digital ad business is rapidly changing and Facebook, Google’s archrival for advertising dollars, has been quick to profit from the shift. Here’s why: The advertising business is split, roughly, into two. On one side are direct-response ads meant to induce an immediate purchase: Think classifieds, the Yellow Pages, catalogs or Google's own text-based ads running alongside its search results. But the bulk of the ad industry is devoted to something called brand ads, the ads you see on television and print magazines that work on your emotions in the belief that, in time, your dollars will follow. “Google doesn’t create immersive experiences that you get lost in,” says Ben Thompson. “Google creates transactional services. You go to Google to search, or for maps, or with something else in mind. And those are the types of ads they have. But brand advertising isn’t about that kind of destination. It’s about an experience.” According to Thompson the future of online advertising looks increasingly like the business of television and is likely to be dominated by services like Facebook, Snapchat or Pinterest that keep people engaged for long periods of time and whose ads are proving to be massively more effective and engaging than banner advertisements.

In less than five years, Facebook has also built an enviable ad-technology infrastructure, a huge sales team that aims to persuade marketers of the benefits of Facebook ads over TV ads, and new ways for brands to measure how well their ads are doing. These efforts have paid off quickly: In 2014 Facebook sold $11.5 billion in ads, up 65 percent over 2013. Google will still make a lot of money if it doesn’t dominate online ads the way it does now. But it will need to find other businesses to keep growing. This is why Google is spending on projects like a self-driving car, Google Glass, fiber-optic lines in American cities, space exploration, and other audacious innovations that have a slim chance of succeeding but might revolutionize the world if they do. But the far-out projects remind Thompson of Microsoft, which has also invested heavily in research and development, and has seen little return on its investments. “To me the Microsoft comparison can’t be more clear. This is the price of being so successful — what you’re seeing is that when a company becomes dominant, its dominance precludes it from dominating the next thing. It’s almost like a natural law of business.”

Submission + - Real Time Hacking Map (fortiguard.com)

Dharkfiber writes: Cool new service from Fortinet shows real time hacking attempts to world wide honey pots. Similar to Norse and Dark Viking but better visuals. Enjoy!

Comment You need a cloud security broker (Score 1) 168

Centrify, Ping Identity, Bit Glass and others can provide SSO capabilities between your core infrastructure (AD) and the cloud. Some include sync tools and other provide nearly full ADFS implementations. They can also provide 2FA and other authentication mechanisms. Centrify can even give you MDM (Mobile Device Management) for 802.1x like functionality. Bit Glass can do some very cool proxying that gives you DLP style water marking of stored files on the cloud. Etc etc etc.

Submission + - The Security Emperor Has No Clothes (reuters.com)

Dharkfiber writes: In a weird twist of fate Palo Alto Networks, a company many consider to have the answer to many internet threats, fails to pass a standard set of TCP/IP invasions tests, caveat emptor.

Submission + - Fired NY Fed Regulator's Secret Audio Recordings Inside Goldman Sachs 2

maynard writes: Carmen Segarra used to work as a regulator for the New York Federal Reserve Bank, one of twelve regional banks that make up the US central banking system. In her capacity as regulator, Ms. Segarra was assigned to a team overseeing investment banking giant Goldman Sachs. There, while investigating a case of Goldman having advisied a client about a buyout offer by another company in which the firm held significant investment holdings, she determined that Goldman didn't even have a conflict of interest policy. Her supervisor initially backed the investigation, until it became clear she meant to file a written report detailing her findings of fact. Then they abruptly fired her.

And all this would have been another unfortunate case of 'she-said / institution-said' ineffective whistleblowing were it not for the fact that Ms. Segarra saw what was coming and had bought a keychain audio recorder. With it, she collected 46 hours of internal discussion and meetings, including statements by Goldman Sachs principles admitting the firm didn't have a conflict of interest policy and that the deal under investigation had been "shady." Additionally, she collected reams of documents and testimony. She thought her case iron clad.

However, when it came time to reveal her findings in full to superiors, though initially supportive of the investigation, her boss quickly shifted gears and worked to squelch the report. This culminated in a recorded meeting where her boss made clear his supervisors at the Fed insisted she downplay those findings. Then, a week later, before she could formally file the report, they fired her.

While bits of the story have been out in print for about a year, the radio show This American Life just published actual excerpts from those audio recordings. They make for harrowing listening. As the producer says in the introduction, her recordings show: "Repeated examples of pervasive regulatory capture by the industry regulators are meant to oversee."

In other words, whereas before we could all surmise just how bad banking regulation must be, what with the Financial Crisis having nearly tanked the world economy and all, with this audio we can hear first hand and in minute detail what it's like for an honest regulator to try to do the job properly: You get fired. Quickly. Then your embarrassing work is buried and reputation smeared. And if she'd just kept her mouth shut, she coulda gotten rich! This, at the very heart of the global financial system.

Is it any wonder why the public has lost faith in our political and economic institutions?

Submission + - Yahoo scrapping sign-in security seal (yahoo.com)

An anonymous reader writes: Yahoo logins have long featured an option to display a sign-in seal associated with user computers to discourage phishing and other security holes. The seal will now disappear, with Yahoo claiming that "advances in secure communications for browsing, email, and instant messaging, there's no longer a need for it.". Yahoo didn't indicate how advances of insecure systems, malware and social engineering factored into its decision.

Submission + - Could we abort a manned mission to Mars?

StartsWithABang writes: The next great leap in human spaceflight is a manned mission to a world within our Solar System: most likely Mars. But if something went wrong along the journey — at launch, close to Earth, or en route — whether biological or mechanical, would there be any way to return to Earth? A fun (and sobering) look at what the limits of physics and technology allow at present.

You don't have to know how the computer works, just how to work the computer.