Forgot your password?
typodupeerror

Comment: Re:I've been in your position (Score 2) 246

by KevMar (#47590595) Attached to: Ask Slashdot: IT Personnel As Ostriches?

In IT we have access to everything and that means that our trust and integrity means everything. We will see things that are very personal, we will know things that are very sensitive, and people will trust us.

If they question our integrity, our trust worthiness, or even our respect for authority then we lose our value to the organization. Once they start to question that, then you won't be able to get it back.

But if you maintain high standards in IT and gain absolute trust from your coworkers and administration, then you can do some amazing things.

Comment: Re:Let's face it ... (Score 1) 33

by KevMar (#47395555) Attached to: Researchers Disarm Microsoft's EMET

Your missing the point. If you have administrator rights, why even bother disabling EMET. Just uninstall it. Here is a quick exploit code for that:

Get-WmiObject Win32_Product | Where-Object{$_.Name -match "EMET"} | ForEach-Object{$_.Uninstall()}

If the attacker has admin rights then game over. Any other exploit after that is just smoke and mirrors.

Comment: Re:Cool (Score 1) 564

I know you are joking, but it would not be a bad idea.

Lets say you add application virtualization, redirect files to the network, and roam user settings. It would be possible to reimage at will. Change our first question from "did you turn it off and back on again?" to "Did you redeploy the operating system yet?". If only it was that easy.

Comment: The modem (Score 1) 319

by KevMar (#45110669) Attached to: Ask Slashdot: Mitigating DoS Attacks On Home Network?

If I had to guess, the modem is holding onto the same IP address regardless of what you do with your router. Take a weekend trip and unplug your modem in hopes that it will pull a new address when you return. You could go upstream to your ISP with the issue and suggest the tech release your IP and assign you a new one.

If the attack continues, then you have something inside your network leaking information to the attacker. And you will have to clean that up before you can resolve the problem.

Comment: Input validation (Score 5, Insightful) 598

by KevMar (#45066619) Attached to: What Are the Genuinely Useful Ideas In Programming?

I think he was missing input validation from his list. The idea that you can never trust user input and you must validate it. The idea that you should white list what you want instead of black list the things you don't want. Ideas that consider the security of the system and not just the working condition of it.

Comment: Less adds but feels like more? (Score 1) 1191

by KevMar (#45009889) Attached to: Come Try Out Slashdot's New Design (In Beta)

The ads stand out way too much on the beta site. I tried it out and my first impression was that it was a site that I would not trust for the news. I thought it was all the ads on the site.

BUT then I went back to the main site and discovered that it was showing me more ads than the beta site. The main top ad was smaller on the beta site. I am not sure what to think. I don't like it because it feels like it is a ad driven site. Before it felt like it was about the content (it just so happened to have ads). Leaves a different impression.

Comment: Another Idea (Score 2) 740

by KevMar (#44953463) Attached to: Somebody Stole 7 Milliseconds From the Federal Reserve

If someone was expecting one of two outcomes, they could have done the math on both of them. If I make this trade what can I win. They placed the trade not knowing the outcome. But they had a cancel order (or reverse order) ready to go. If the news was not what they expected, they could have canceled it with minimal losses. Buying a lot of gold and the market doing nothing on the FED's news would mean that they could sell it back without much market shift.

I know this is what happened because I did stay at a Holiday Inn Express last night.

The Military

United States Begins Flying Stealth Bombers Over South Korea 567

Posted by samzenpus
from the nice-day-for-a-flight dept.
skade88 writes "The New York Times is reporting that the United States has started flying B-2 stealth bomber runs over South Korea as a show of force to North Korea. The bombers flew 6,500 miles to bomb a South Korean island with mock explosives. Earlier this month the U.S. Military ran mock B-52 bombing runs over the same South Korean island. The U.S. military says it shows that it can execute precision bombing runs at will with little notice needed. The U.S. also reaffirmed their commitment to protecting its allies in the region. The North Koreans have been making threats to turn South Korea into a sea of fire. North Korea has also made threats claiming they will nuke the United States' mainland."

Comment: Re:Good for Google (Score 4, Insightful) 165

by KevMar (#42975983) Attached to: RIAA: Google Failing To Demote Pirate Websites

If people are looking for pirating sites, I would expect them to show up at the top of the rankings. Because if I was searching for [artist] [track] download, I am not looking for amazon.com.

What Google has done is reduced when these sites would show up when you were looking for legitimate sites. Just like they reduced the adult content you see unless you are looking for adult content. It's not Google's job to police what people search for, just to make sure they find what they are looking for.

Comment: great opprotunity (Score 1) 402

by KevMar (#39093359) Attached to: Should Microsoft Put Office On the iPad?

While I don't see MS porting full office to apple/android, I do see them building a very slick VDI client. Office on a tablet will end up as a vdi session to a private cloud server. It may sound crazy, but its the smart thing to do. It allows Microsoft to leverage all the existing tablets that everyone already has entering the corporate environment. They can support more devices quicker and extend the life of older tablets. The tablets 3 years from now will blow away today's tablets, but if its a VDI client then that wont matter.

Tablets are too personalized and a nightmare for IT security. But what if you could connect to a work desktop and get all your work apps in a way that makes IT feels good about it. Yet, allow the individual to keep personalized apps. I think this is why Windows 8 has such a tablet feel to it. Windows 7 already does a good job under VDI, and I expect Win8 to do so much better.

This would definitely be a corporate IT strategy that is in sync with the MS push of VDI and Private cloud that we see MS timing with the Win8 release. Home users are another story.

Comment: Re:Security without security? (Score 1) 138

by KevMar (#39089693) Attached to: Stealing Laptops For Class Credit

I would find that is a perfect opportunity for security to practice protocol. Do everything except report it to the authorities. Even do the data loss analysis.

In the case where the doors were locked, hunt everyone down that had a key and question them. Track each breach down.

I would love to attempt stuff like this at work.

Comment: Re:Security without security? (Score 4, Insightful) 138

by KevMar (#39081589) Attached to: Stealing Laptops For Class Credit

I think its just the opposite. They didn't tell them to let the students steal the laptops, they let them know in advance that if they catch someone taking the laptop that it may be legit. Just by mentioning this would have made it harder because laptop theft would be on the security teams mind making it easier to spot.

You are an insult to my intelligence! I demand that you log off immediately.

Working...