Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment The gift of time (Score 1) 698

Video's are nice if you can't spend the time w/ her now. But don't spend too much time/effort on them, spend the time with her AND your wife. Memories are so much more important than a video. My condolences to you and your family. I've lost two immediate family members to liver cancer and have a significant increased risk to having it myself. This is a matter I've spent more time than most contemplating.

Comment criminal background check (Score 1) 720

Aka personnel risk assessments generally are time limited. My employer (for various reasons including the drafter, me, thought a forever check was asinine), limits checks to the previous 7 years. There is also an exception process for those that do 'pop' that includes a specific assessment of risk for the hire/employee to have a sensitive position. Depending on the conviction (fraud/theft is more of an issue w/ a trust based position), you just need an inside advocate, as hard as that may be.

Comment ironic (Score 5, Insightful) 326

that the quote appearing at the bottom of the page is Mizner's:

"If you steal from one author it's plagiarism; if you steal from many it's research."

As someone mentioned, it's not shocking the prosecution was politically motivated but shocking that they admitted it. I'll add that it's also not shocking that they think they didn't do anything wrong!

Comment Re:The reason a "cyber Pearl Harbor" isn't imminen (Score 3, Interesting) 215

So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.

Or maybe because the professianls who do this for a living know something you don't. Imagine for a second that someone shuts down our power grid, something that is easy to do and has been demonstrated in Project Aurora. Without power, the internet is down. Without the internet, the economy grinds to a halt. No ships coming into port, no planes flying, no gasoline being delivered, no power in hospitals, no 911 calls, no critical infratructure working at all. This is the cyber 9/11 people like us (I work in the intelligence community) are worrying about.

Or maybe the professionals (security "consultants", sales, and everyone else in line to make a friggin buck) just wants to hammer home that the sky is falling to keep the good times rolling. And yes, that means you too, Mr I work in the intelligence community. Is the state of "cyber" security in the various critical infrastructures weak? Absolutely and they need to be improved upon. I too work "in the field" and am very familiar with the state of security for several organizations in a specific critical infrastructure. It's bad. Really bad. The risks are primarily sensitive data (commercial). The weaknesses in controls systems are organizational. That's right, organizational. When the resources are taxed to just maintain the status quo, things slip when you have to engage in new projects. Security improvements fall under new projects and completion/success is declared at some arbitrary implementation level so everyone can get their check mark and move on to the next issue. The core reason? Profits and specifically O&M numbers. Don't fool yourself, it's a business. And security doesn't show up on profit side, only the cost.

Comment Re:[shrug] (Score 2) 226

So much for using mod points on this discussion... 3-4 years ago, I was the technical lead on a project to encrypt all laptops (mobile data, but not handhelds... *shrug*). The original project team had selected a solution (home directory only encryption) and then commenced to hit the skids. I was brought in to turn the project around. I found security weaknesses on the directory encryption (Hiram's boot cd could easily bypass it). We decided to test a whole disk solution, and went with it. For an environment that had 800+ laptops, ~25% being field crew devices (shared devices, assigned to a truck with crews then assigned to trucks on a daily basis), full deployment took 6 weeks and a dedicated team of 6 people. During the 6 weeks, we trained the IT Support staff on how to support systems w/ whole disk encryption including the decrypt process as well as continuing the roll out for new hardware deployments. Does it add to overhead on support and cause situations where data is "unrecoverable" when otherwise there would be a reasonable chance to recover? Yes. The business determined it was worth it due to the number of laptops lost/stolen. As a side note, not one user complained about additional system latency. Password sync was easily achieved via LDAP and the keys to the kingdom is held in an enterprise cert that can decrypt/access all devices. PGP WDE is the current solution. So far, so good. No linux support though.

Submission + - How a Google Headhunter's E-Mail Unraveled a Massive Net Security Hole (

concealment writes: "The problem lay with the DKIM key (DomainKeys Identified Mail) Google used for its e-mails. DKIM involves a cryptographic key that domains use to sign e-mail originating from them – or passing through them – to validate to a recipient that the header information on an e-mail is correct and that the correspondence indeed came from the stated domain. When e-mail arrives at its destination, the receiving server can look up the public key through the sender’s DNS records and verify the validity of the signature.

Harris wasn’t interested in the job at Google, but he decided to crack the key and send an e-mail to Google founders Brin and Page, as each other, just to show them that he was onto their game."

Comment Re:30% salary but... (Score 1) 374

10 years in right now ;) And I concur, there is a strong possibility that the company would get wise and freeze the pension completely. They've already killed off new enrollment to the pension (almost 10 years ago).

401k contributions while maxing out the company matching program ... check

Actively managing (ie paying attention to and not actively/daily trading) an old IRA and 403b account ... check

End of the day, losing the pension would be a significant hit to my retirement plans, but I've got my contingency plan of the other retirement funds which will provide a modest retirement. Just not going to be able to have month long trips overseas every year.

Bell Labs Unix -- Reach out and grep someone.