Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Urg. (Score 1) 39 39

Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.

Yep. Even easier if the information ("correct" answers) are available via Google.

But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.

Their thinking seems to be:

1. So, one username / password isn't enough.

2. A second password should be enough, but it will use the same username as in #1.

3. And that second password should be SUGGESTED to be based upon something that can be researched / socially engineered / tricked out of the person.

4. And entered using the same channel as #1.

Okay, if you cannot get two factor authentication then at least use a different email address for each bank AND ONLY FOR THAT BANK. Email addresses are free. And always use completely unique passwords. Not bankname1 and bankname2.

The same for the "security" questions. Always completely unique.

If you have to write them down, do so. Just keep the paper in a secure location. It's far less likely that someone will break into your house to look for passwords than it is that someone will crack your computer.

Comment Urg. (Score 4, Informative) 39 39

Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?

NO!!! It does NOT!!!

1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.

2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.

3. Find a bank / credit union that uses real two factor authentication.

Comment Mod parent up. (Score 2, Interesting) 497 497

Read carefully and you'll notice the government said he'd even have to accept the consequences of speaking out and engaging in constructive protest: they decree you can dissent against their rule, and that's well and good, as long as they can punish you for your dissent--which is precisely the situation in North Korea, where you may speak out against Kim Jong-Un, and, importantly, accept the consequences of speaking out against him.

Exactly.

If the end result of civil disobedience is the exact same in the USofA as in North Korea ... then what is the difference?

The politicians demanding martyrdom would be just as comfortable working for North Korea's government as they are working for the USofA's government.

And THAT is a very big problem.

Comment Re:Everybody List What You Think Went Wrong (Score 1) 498 498

Gamergate was ignored because gamergate is not news.

My problem with it is that even if the initial event happened EXACTLY AS CLAIMED then it is still nothing.

The "story" became the reactions to that nothing event.

And then the reactions to those reactions to that nothing event.

And now we have a post mod'ed +5 Insightful for claiming that Gamergate wasn't covered.

Comment Re:Translation (Score 3, Insightful) 497 497

And also, from TFA:

If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and â" importantly â" accept the consequences of his actions.

He IS dealing with the consequences. That's why he left.

What Lisa Monaco is pushing for is martyrdom.

We are supposed to be a country of laws. We should not have officials demanding martyrdom of those who oppose their policies.

Comment Mod parent up. (Score 3, Insightful) 108 108

What depresses me bout software is how often we JUST DO NOT LEARN!

And not just software. Look at security as well. And so many other computer-related areas.

Software development seems to be riddled with arrogant know nothings who think they can cut corners or reinvent the wheel because doing the right way isn't "7337".

For me it's more like ... someone "learned" one way of handing it when s/he was working ALONE.

Then that person never learned that the practices need to be changed when you are part of a TEAM.

And releasing your code to the public is being part of a team.

Comment Re:As a former expert (Score 2) 112 112

... the cost of breaking corporate software with an update (they just took out our scheduling program for 4 days) is very measurable and affects everyone in the company, ...

Where are your test systems and test cases?

If you want to win these fights, you have to present defensible numbers in units that the PHB's understand: Dollars or Euro.

And the core problem with estimating losses is that you are now trying to play in the realm of the PHB. You will always lose. That is because while you are spending time on productive work they are spending time on personal relationships and politics.

Any time they do not follow your advice and a disaster does NOT strike ... well it is obvious that they were right and you were wrong. So they SAVED/EARNED the company money by being more "productive". Those IT people are all "the sky is falling". Ha ha.

Right up until the systems are cracked and then they're going to blame you any way because it was your job.

Comment Re:What Security Experts Can Learn From Non Expert (Score 3, Interesting) 112 112

NOT training users not to download suspicious executables or engage in fantastic feats of memory regarding passwords.

Don't depend upon a user's memory. Tell them that it is GOOD to write down their passwords AS LONG AS THEY STORE THEM WITH THEIR CREDIT CARDS.

The solution, which security people hate to hear, is to get better at installing and maintaining multiple levels of firewall, application sandboxing and/or streaming applications for all office applications, improving intrusion detection and dynamic virus removal in real time.

The REAL problem with security is that the VENDORS do not place a priority on it.

It isn't that we hate to hear that.

We're already DOING that. But it doesn't help much when a CxO installs some infected software on his laptop (which he can because he is so important that he NEEDS admin-level access) and then brings it into the most firewalled section of the network.

Right now I'm focusing on knowing when a site is compromised rather than trying to get EVERYONE to follow the best practices EVERY TIME on EVERY SYSTEM.

Comment Re:Seriously... (Score 1) 245 245

Actually, there is a problem. Which is why the schools with less money do worse on standardized tests than schools with more money.

And the problem is that the tests are written to a specific curriculum that is clearly identified in the text books associated with those tests.

So even if a student knows MORE about a subject than is taught in a specific text book, that student can still FAIL the standardized test because s/he does not provide the answer identified in the text book.

Such as ... what are the 3 main reasons for X.

In math it is more about how the word problems are written. If the student is familiar with the way the problems are phrased it is easier for him/her to get a higher score.

Comment Re:They're worthless. (Score 1) 213 213

Maybe. Maybe not.

In my experience the tests "test" you on your knowledge of how the VENDOR would like you to "solve" a "problem".

I haven't seen any test were there is something objectively "wrong" about any of the questions or answers.

But I have seen a lot of questions and answers that are phrased somewhat inaccurately for someone with more experience than just the vendor's training materials.

So if you know the subject, a quick read of the vendor's materials should tell you where the "tricky" areas are. But if you want to skip that step, you should be able to pass most certifications without a problem.

Comment Re:IT workers and the cloud (Score 2) 138 138

Other than some common generic services you still have to engineer solutions to fit your business needs.

And even those generic services will still need someone to provide them. Whether that person is directly employed by your company or is an employee of the "cloud" company you're contracting with.

People who "know how it works", or IT people will still be needed regardless.

Most definitely. Particularly when there is a problem with your company's Internet link and everything "in the cloud" is unavailable.

Or a problem with the "cloud" company's Internet link.

In either case, you will be dealing with someone who will view you as just-another-client. It doesn't matter if you're not happy. Or if your business suffers. Because your payments will not make-or-break THEIR company.

Comment Mod parent up (Score 2) 549 549

So many times I'm driving correctly and then some idiot pulls into the "safe" space that I had AND THEN HITS HIS BRAKES BECAUSE HE ALMOST HITS THE GUY IN FRONT!!!

With an autonomous car the situation will still be the same BUT there will be a lot more data showing the circumstances that lead to the accident.

Comment Re:Against Vaccines or About Against Vaccines? (Score 2) 273 273

I see it as three different cases:

1. The health nut who is already healthy but attributes their health to this one weird secret that only a few, special, people know about. Because everyone else isn't as smart as they are.

2. Someone with a bad disease who wants some hope that they'll get better so they'll try anything.

3. Munchausen syndrome

Comment Re:magic is the same as science? (Score 5, Insightful) 273 273

Remember, it isn't "magic" if you say it's "quantum mechanics".

Quantum physics is a branch of physics that understands the interrelationship between matter
and energy. This science offers clear explanations as to why homeopathic remedies with seemingly no chemical trace of the original substance are able to resolve chronic diseases, why
acupuncture can offer patients enough pain relief to undergo surgery without anesthesia, why meditation alone
can, in some instances, reduce the size of cancerous tumors.

No it does not.

And as part of the "course goals":

Understand the difference between Newtonian physics and Quantum physics and their corresponding impacts
on biology.

Bullshit.

Intelligently address the concerns of those afraid of alternative medicine or skeptical about its efficacy.

It's called the placebo effect.

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.

Working...