Become a fan of Slashdot on Facebook


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Non-technical people making technical decisions (Score 1) 122 122

Funny how managers and executives eventually learn this lesson and then quickly forget about it when there's a whiff of out sourcing. The funny thing is that word will get out and the rumor mill will always make it out worse than the reality.

Comment: The gift of time (Score 1) 698 698

Video's are nice if you can't spend the time w/ her now. But don't spend too much time/effort on them, spend the time with her AND your wife. Memories are so much more important than a video. My condolences to you and your family. I've lost two immediate family members to liver cancer and have a significant increased risk to having it myself. This is a matter I've spent more time than most contemplating.

Comment: criminal background check (Score 1) 720 720

Aka personnel risk assessments generally are time limited. My employer (for various reasons including the drafter, me, thought a forever check was asinine), limits checks to the previous 7 years. There is also an exception process for those that do 'pop' that includes a specific assessment of risk for the hire/employee to have a sensitive position. Depending on the conviction (fraud/theft is more of an issue w/ a trust based position), you just need an inside advocate, as hard as that may be.

Comment: ironic (Score 5, Insightful) 326 326

that the quote appearing at the bottom of the page is Mizner's:

"If you steal from one author it's plagiarism; if you steal from many it's research."

As someone mentioned, it's not shocking the prosecution was politically motivated but shocking that they admitted it. I'll add that it's also not shocking that they think they didn't do anything wrong!

Comment: Re:The reason a "cyber Pearl Harbor" isn't imminen (Score 3, Interesting) 215 215

So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.

Or maybe because the professianls who do this for a living know something you don't. Imagine for a second that someone shuts down our power grid, something that is easy to do and has been demonstrated in Project Aurora. Without power, the internet is down. Without the internet, the economy grinds to a halt. No ships coming into port, no planes flying, no gasoline being delivered, no power in hospitals, no 911 calls, no critical infratructure working at all. This is the cyber 9/11 people like us (I work in the intelligence community) are worrying about.

Or maybe the professionals (security "consultants", sales, and everyone else in line to make a friggin buck) just wants to hammer home that the sky is falling to keep the good times rolling. And yes, that means you too, Mr I work in the intelligence community. Is the state of "cyber" security in the various critical infrastructures weak? Absolutely and they need to be improved upon. I too work "in the field" and am very familiar with the state of security for several organizations in a specific critical infrastructure. It's bad. Really bad. The risks are primarily sensitive data (commercial). The weaknesses in controls systems are organizational. That's right, organizational. When the resources are taxed to just maintain the status quo, things slip when you have to engage in new projects. Security improvements fall under new projects and completion/success is declared at some arbitrary implementation level so everyone can get their check mark and move on to the next issue. The core reason? Profits and specifically O&M numbers. Don't fool yourself, it's a business. And security doesn't show up on profit side, only the cost.

Comment: Re:[shrug] (Score 2) 226 226

So much for using mod points on this discussion... 3-4 years ago, I was the technical lead on a project to encrypt all laptops (mobile data, but not handhelds... *shrug*). The original project team had selected a solution (home directory only encryption) and then commenced to hit the skids. I was brought in to turn the project around. I found security weaknesses on the directory encryption (Hiram's boot cd could easily bypass it). We decided to test a whole disk solution, and went with it. For an environment that had 800+ laptops, ~25% being field crew devices (shared devices, assigned to a truck with crews then assigned to trucks on a daily basis), full deployment took 6 weeks and a dedicated team of 6 people. During the 6 weeks, we trained the IT Support staff on how to support systems w/ whole disk encryption including the decrypt process as well as continuing the roll out for new hardware deployments. Does it add to overhead on support and cause situations where data is "unrecoverable" when otherwise there would be a reasonable chance to recover? Yes. The business determined it was worth it due to the number of laptops lost/stolen. As a side note, not one user complained about additional system latency. Password sync was easily achieved via LDAP and the keys to the kingdom is held in an enterprise cert that can decrypt/access all devices. PGP WDE is the current solution. So far, so good. No linux support though.

+ - How a Google Headhunter's E-Mail Unraveled a Massive Net Security Hole->

concealment writes: "The problem lay with the DKIM key (DomainKeys Identified Mail) Google used for its e-mails. DKIM involves a cryptographic key that domains use to sign e-mail originating from them – or passing through them – to validate to a recipient that the header information on an e-mail is correct and that the correspondence indeed came from the stated domain. When e-mail arrives at its destination, the receiving server can look up the public key through the sender’s DNS records and verify the validity of the signature.

Harris wasn’t interested in the job at Google, but he decided to crack the key and send an e-mail to Google founders Brin and Page, as each other, just to show them that he was onto their game."

Link to Original Source

Comment: Re:30% salary but... (Score 1) 374 374

10 years in right now ;) And I concur, there is a strong possibility that the company would get wise and freeze the pension completely. They've already killed off new enrollment to the pension (almost 10 years ago).

401k contributions while maxing out the company matching program ... check

Actively managing (ie paying attention to and not actively/daily trading) an old IRA and 403b account ... check

End of the day, losing the pension would be a significant hit to my retirement plans, but I've got my contingency plan of the other retirement funds which will provide a modest retirement. Just not going to be able to have month long trips overseas every year.

Comment: 30% salary but... (Score 2) 374 374

I'm a lucky one w/ a pension still, or at least enrolled in a pension. Talk to me in 19 years when I've accrued all my points for full retirement assuming the company kept the plan alive!

A couple months ago, I popped my head up and took a look around the local job market based on my experience (Indianapolis, IN cyber security, security architect, and cyber security compliance). Talked to a few companies, dusted off the suit to sit down w/ one, and it got tanked at the end of the interview. The SVP was asking about my current compensation (I freely give that out to perspective employers) and he mentioned how great the bennies were. I responded w/ how my current bennies would have hit the proposed Cadillac Tax on health care plans as well as being 10 years into a pension plan. Needless to say, the company was unable to come close to my overall compensation.

Prior to all this, I looked at what leaving my current employer would cost me on just the pension. Assuming an expected live span of 85 yrs (had to pick a number) and retirement if I left at age the same time I qualified for the full pension, I would need to increase my salary by nearly 45% to make up for the loss of the pension. The equation changes a bit if I were leave and to retire at age 65 vs 58 if I stayed and got the pension.

The short of it is that the pension is truely golden handcuffs, and while I may sound like I'm complaining, it is a good problem to have!

Comment: Re:Same company? (Score 1) 290 290

Can't agree more. If you really want to hand off, you have to find a different EMPLOYER and not a different department/supervisor. Otherwise, every project you've ever lead will be yours forever. Sure, someone may be "responsible" for the day to day stuff and it can be upgraded half a dozen times, but if it falls over and the current guy/gal can't figure it out, you'll be getting the call. Documentation is great, but it only gets you so far as it's nigh impossible to document everything you did and why, much less what to do when X happens do Y for every case. The other reality w/ documentation is that for it to be useful, someone has to READ it. Good luck with that, RTFM became part of the gestalt for a reason. Suck it up, follow a previous poster's advice by CC'ing your new supervisor so he/she atleast can see how much time suck is going on and just be helpful as you can to the next guy. After all, it's us vs the users! ;)

Any programming language is at its best before it is implemented and used.