Forgot your password?
typodupeerror

Comment: ironic (Score 5, Insightful) 326

by IT.luddite (#43023491) Attached to: DoJ Admits Aaron Swartz's Prosecution Was Political
that the quote appearing at the bottom of the page is Mizner's:

"If you steal from one author it's plagiarism; if you steal from many it's research."

As someone mentioned, it's not shocking the prosecution was politically motivated but shocking that they admitted it. I'll add that it's also not shocking that they think they didn't do anything wrong!

Comment: Re:The reason a "cyber Pearl Harbor" isn't imminen (Score 3, Interesting) 215

by IT.luddite (#42671493) Attached to: The One Sided Cyber War

So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.

Or maybe because the professianls who do this for a living know something you don't. Imagine for a second that someone shuts down our power grid, something that is easy to do and has been demonstrated in Project Aurora. Without power, the internet is down. Without the internet, the economy grinds to a halt. No ships coming into port, no planes flying, no gasoline being delivered, no power in hospitals, no 911 calls, no critical infratructure working at all. This is the cyber 9/11 people like us (I work in the intelligence community) are worrying about.

Or maybe the professionals (security "consultants", sales, and everyone else in line to make a friggin buck) just wants to hammer home that the sky is falling to keep the good times rolling. And yes, that means you too, Mr I work in the intelligence community. Is the state of "cyber" security in the various critical infrastructures weak? Absolutely and they need to be improved upon. I too work "in the field" and am very familiar with the state of security for several organizations in a specific critical infrastructure. It's bad. Really bad. The risks are primarily sensitive data (commercial). The weaknesses in controls systems are organizational. That's right, organizational. When the resources are taxed to just maintain the status quo, things slip when you have to engage in new projects. Security improvements fall under new projects and completion/success is declared at some arbitrary implementation level so everyone can get their check mark and move on to the next issue. The core reason? Profits and specifically O&M numbers. Don't fool yourself, it's a business. And security doesn't show up on profit side, only the cost.

Comment: Re:[shrug] (Score 2) 226

by IT.luddite (#41992525) Attached to: NASA To Encrypt All of Its Laptops
So much for using mod points on this discussion... 3-4 years ago, I was the technical lead on a project to encrypt all laptops (mobile data, but not handhelds... *shrug*). The original project team had selected a solution (home directory only encryption) and then commenced to hit the skids. I was brought in to turn the project around. I found security weaknesses on the directory encryption (Hiram's boot cd could easily bypass it). We decided to test a whole disk solution, and went with it. For an environment that had 800+ laptops, ~25% being field crew devices (shared devices, assigned to a truck with crews then assigned to trucks on a daily basis), full deployment took 6 weeks and a dedicated team of 6 people. During the 6 weeks, we trained the IT Support staff on how to support systems w/ whole disk encryption including the decrypt process as well as continuing the roll out for new hardware deployments. Does it add to overhead on support and cause situations where data is "unrecoverable" when otherwise there would be a reasonable chance to recover? Yes. The business determined it was worth it due to the number of laptops lost/stolen. As a side note, not one user complained about additional system latency. Password sync was easily achieved via LDAP and the keys to the kingdom is held in an enterprise cert that can decrypt/access all devices. PGP WDE is the current solution. So far, so good. No linux support though.
Encryption

+ - How a Google Headhunter's E-Mail Unraveled a Massive Net Security Hole->

Submitted by
concealment
concealment writes "The problem lay with the DKIM key (DomainKeys Identified Mail) Google used for its google.com e-mails. DKIM involves a cryptographic key that domains use to sign e-mail originating from them – or passing through them – to validate to a recipient that the header information on an e-mail is correct and that the correspondence indeed came from the stated domain. When e-mail arrives at its destination, the receiving server can look up the public key through the sender’s DNS records and verify the validity of the signature.

Harris wasn’t interested in the job at Google, but he decided to crack the key and send an e-mail to Google founders Brin and Page, as each other, just to show them that he was onto their game."

Link to Original Source

Comment: Re:30% salary but... (Score 1) 374

by IT.luddite (#40616927) Attached to: To get me to switch jobs, it'd take ...
10 years in right now ;) And I concur, there is a strong possibility that the company would get wise and freeze the pension completely. They've already killed off new enrollment to the pension (almost 10 years ago).

401k contributions while maxing out the company matching program ... check

Actively managing (ie paying attention to and not actively/daily trading) an old IRA and 403b account ... check

End of the day, losing the pension would be a significant hit to my retirement plans, but I've got my contingency plan of the other retirement funds which will provide a modest retirement. Just not going to be able to have month long trips overseas every year.

Comment: 30% salary but... (Score 2) 374

by IT.luddite (#40591525) Attached to: To get me to switch jobs, it'd take ...
I'm a lucky one w/ a pension still, or at least enrolled in a pension. Talk to me in 19 years when I've accrued all my points for full retirement assuming the company kept the plan alive!

A couple months ago, I popped my head up and took a look around the local job market based on my experience (Indianapolis, IN cyber security, security architect, and cyber security compliance). Talked to a few companies, dusted off the suit to sit down w/ one, and it got tanked at the end of the interview. The SVP was asking about my current compensation (I freely give that out to perspective employers) and he mentioned how great the bennies were. I responded w/ how my current bennies would have hit the proposed Cadillac Tax on health care plans as well as being 10 years into a pension plan. Needless to say, the company was unable to come close to my overall compensation.

Prior to all this, I looked at what leaving my current employer would cost me on just the pension. Assuming an expected live span of 85 yrs (had to pick a number) and retirement if I left at age the same time I qualified for the full pension, I would need to increase my salary by nearly 45% to make up for the loss of the pension. The equation changes a bit if I were leave and to retire at age 65 vs 58 if I stayed and got the pension.

The short of it is that the pension is truely golden handcuffs, and while I may sound like I'm complaining, it is a good problem to have!

Comment: Re:Same company? (Score 1) 290

by IT.luddite (#39196411) Attached to: Ask Slashdot: Best Practices For Leaving an IT Admin Position?
Can't agree more. If you really want to hand off, you have to find a different EMPLOYER and not a different department/supervisor. Otherwise, every project you've ever lead will be yours forever. Sure, someone may be "responsible" for the day to day stuff and it can be upgraded half a dozen times, but if it falls over and the current guy/gal can't figure it out, you'll be getting the call. Documentation is great, but it only gets you so far as it's nigh impossible to document everything you did and why, much less what to do when X happens do Y for every case. The other reality w/ documentation is that for it to be useful, someone has to READ it. Good luck with that, RTFM became part of the gestalt for a reason. Suck it up, follow a previous poster's advice by CC'ing your new supervisor so he/she atleast can see how much time suck is going on and just be helpful as you can to the next guy. After all, it's us vs the users! ;)

Comment: Re:So? (Score 1) 487

by IT.luddite (#38965923) Attached to: Pasadena Police Encrypt, Deny Access To Police Radio

DO NOT expect protection from the police, that is not what they are there for: they are there to protect PROPERTY. For PERSONAL PROTECTION you need a BODYGUARD.

Not even property protection. Their role is to apprehend criminals, AFTER a crime is committed. To protect and serve is simply their marketing tag line. The only protection law enforcement gives is the potential crime an individual may have committed while they are in custody or incarcerated (and that doesn't stop all criminal activity). If you want protection, regardless for personal or property, you need to provide it yourself!

Comment: Re:how to start a new service? (Score 1) 1223

by IT.luddite (#36736350) Attached to: Google+ Already At 10 Million Users
for myself, I intend to jump ship from facebook once a critical mass of my "friends" are available on g+ (and really, just friends, not people who know my friends). Until then, I'll live with fb updates to my inbox and the occasional interactive login to respond... oh wait. that's what I'm doing now!

1: No code table for op: ++post

Working...