Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:It's not the slashvertisement (Score 1) 171

by Gulthek (#43103897) Attached to: RSA: Phish Me If You Can (Video)

You're right. Education in a formal setting simply doesn't convert to practical knowledge. That's a method best left to theoretical subjects.

But you're going to have a tough time arguing that *training* doesn't work: which is what PhishMe is selling. Teach employees to recognize phishing emails by actually sending them inoculated phishing emails. When employees fall for it you let them in on the game immediately and seize that invaluable teachable moment.

Comment: Re:cracking? (Score 1) 171

by Gulthek (#43096851) Attached to: RSA: Phish Me If You Can (Video)

Back in the day we were trying to get any exploitative hacking to be called "cracking". Note Jurassic Park's "I prefer to be called a hacker." line.

It didn't take completely. We got "hacking" to be relatively accepted into the mainstream vernacular but "hacker" remains in a kind of grey area and "hacked" is entirely negative.

Comment: Re:This is stupid and useless. (Score 3, Insightful) 171

by Gulthek (#43096785) Attached to: RSA: Phish Me If You Can (Video)

It's not about being dumb, it's about not being aware. If the first phishing email you come across is one that's technically advanced and well written enough to slip through the technological filter: then you as a corporate employee are probably going to fall for it. Especially if it's a true spear-phishing email that's targeting *you*. It'll look like an email from your boss with yet another emailed PDF or DOCX report to review. Bam.

The solution that PhishMe proposes is to safely expose employees to phishing emails on a regular basis and teach everyone to recognize actual phishing emails from those demonstrations. The human reading the email and about to click the link or open the attachment is your last line of defense and shouldn't be neglected as such.

Comment: Re:More stupid victim-blaming (Score 4, Insightful) 171

by Gulthek (#43096677) Attached to: RSA: Phish Me If You Can (Video)

This is what passes for +5 insightful these days?

The issue isn't opening an email: but clicking a link in that email or, worse, clicking a link that takes you to a legitimate looking site and entering data, or opening an attachment in a legitimate looking email.

There are all sorts of attack vectors present from an email message. To sweep it all up as "IT's Problem" is a very, very bad idea. It just takes one email fooling the right person to be a security problem.

PhishMe's philosophy is that at some point the technical protection will fail ... so you'd better ensure that your employees know what to look for. The best way to teach them what to look for is to let them actually experience safe emails using the same techniques that would be maliciously used against them.

Spear-phishing isn't an idle threat, it's a widely used attack method that has gotten data out of targets like the New York Times, Defense Department, Facebook, and Apple (http://www.theatlanticwire.com/technology/2013/02/spear-phishing-security-advice/62304/). I'm sure that each of those companies has a very robust and capable IT Department armed with email scanning and sanitizing software. You just can't catch everything with technology.

Comment: Re:Keurig? (Score 1) 584

by Gulthek (#41193435) Attached to: What's your usual coffee-making method?

A Keurig maching and a Jura Capresso machine are entirely different beasts. The Keurig is great for quick easy, individual drinks (e.g. one person can have coffee and the next tea). The Capresso is a serious coffee creation device that actually makes crema coffee right at home at the touch of a button. There's a reason a Keurig costs $150 and a Capresso costs $1000+.

I like and own 'em both though, they each have their place.

Comment: Re:Film industry (Score 1) 179

by Gulthek (#36400722) Attached to: A Plea For Game Devs To Aim Higher

I played GTA4 in character. I tried to do the right thing, drive by the rules, and not kill anyone. My Niko had already seen enough of war and bloodshed, but it was all he knew. He tried to make a change going to NYC, but did not have the will to break free of the dominating personalities surrounding him.

This style of play made some of the missions where you had to escape the police much more exciting.

Comment: Re:No big secret here (Score 1, Interesting) 235

by Gulthek (#36343366) Attached to: Wikileaks Cables Say No Bloodshed Inside Tiananmen Square

No one was run over by tanks.

Also many forget that this wasn't just a few thousand idle students peacefully hanging out in the square. There were about a *million* disaffected students and unemployed workers camping out wherever they could, demanding free food from vendors, and harassing the general public. This went on for almost a month before the government took action.

Think about how long a million people would be allowed to camp outside the US capitol buildings, especially if they were harassing and looting.

Cloud

Sony Wants To Put Your Game Saves In the Cloud 224

Posted by CmdrTaco
from the so-floaty-up-there dept.
itwbennett writes "Sony may be planning to have three platforms (Android devices, NGP, PS3) running PlayStation Suite content and needing access to the same saved data stored in the cloud, says blogger Peter Smith. At last week's PlayStation Meeting, game developer Hideo Kojima said his 'dream' was to offer the same game on the PS3 and the new PlayStation Portable with saves in the cloud. If Kotaku has it right, that dream may be coming in firmware version 3.6. Also, in an interview with Engadget, Sony's Jack Tretton first said that PlayStation Suite games would work on the PS3. He then retracted that comment, but it's sounding a lot like Sony just isn't ready to talk officially about plans to bring Suite content to the PS3, says Smith."

Comment: Re:Google results still much more accurate (Score 1) 138

by Gulthek (#35057648) Attached to: Google Would Beat Bing At Jeopardy, Says Wolfram

If you're looking for a new search engine I've found myself supremely happy with DuckDuckGo (http://duckduckgo.com/). Great results, snappy interface, !bang searches: it's great. The !bang syntax was what really hooked me. I used to spend a lot of time making custom site searches for my browser ("wa query" to search Wolfram|Alpha, etc.). With DDG that's all inherent: "!wa query" sends query straight to W|A.

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...