Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Re:It should read 'stoopid people hath spoken' (Score 1) 982

by Metzli (#32007386) Attached to: Terry Childs Found Guilty

Yes, but do you really want to go through the password recovery process on a device that someone else has been managing with free reign? What if the configuration wasn't written to the device, you reboot it, and then you're facing a pristine new configuration? Congratulations, you now get to start rebuilding a network by hand with no real idea how it's setup. On top of that the guy who built it is sitting in jail and _really_ doesn't want to help you. You may be locked out, but at least the network still functions.

Comment: Re:Soooo (Score 1) 982

by Metzli (#32006234) Attached to: Terry Childs Found Guilty

That may be, but there are some times when rules don't allow someone with a record to hold a privileged position. I've seen a few cases where people couldn't be allowed to do a certain job because of past actions. They were 20+ years earlier and, IMHO, rather minor. Regardless, sometime it's just not allowed.

Comment: Re:PGP (Score 4, Insightful) 542

by Metzli (#23500514) Attached to: How Would You Prefer To Send Sensitive Data?
I would agree with PGP, once the proper legalities and assurances are in place. However, I'd worry about the non-technical issues before working on a technical solution.

There are a number of issues to be resolved before worrying about how to get the data transferred. Has the consultant and/or their firm verified their security and controls to your firm's satisfaction with something like a SAS 70? Are there legal agreements in place concerning the proper controls of this data, the explanations or responsibilities in case of a disclosure, etc.? Has the idea been proposed to create bogus data for testing so that live data isn't used? Can the application be loaded on-site, so that a machine outside of your firm's control will not contain highly-sensitive employee data?

I'd ask a lot of questions like these and get answers to my satisfaction before I sent out any data. I would greatly prefer to have to explain to my management why I'm "holding up the train" than have to explain to my coworkers why I was involved in the disclosure of their personal information and mine.

"Consistency requires you to be as ignorant today as you were a year ago." -- Bernard Berenson