Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Practical certs like GIAC help and hold value (Score 1) 317

by Minupla (#48552261) Attached to: Ask Slashdot: Are Any Certifications Worth Going For?

+1 to CISSP, I had essentially the same experience as the OP, and decided that IS manager tedious. I went and wrote my CISSP, got 'lucky' a couple of times with breach issues and poof, 5 yrs later I'm a Sr Infosec Manager.

While it doesn't have a practical component, I've met very few people who honestly say they left the exam knowing if they passed or failed. Most nerve wracking test I've ever sat for anyways. And most of infosec (absent specialties such as pentest, and even then arguably) is 90% thinking anyways. Very seldom is it important to know what command to type. Much more important to know the theory like the back of your hand.

All that having been said, if you don't like handling people, infosec is likely a poor fit. You'll top out soon if you can't have a coherent argument with someone that doesn't degenerate into "Because I said so".



Comment: I've hired people with misdemeanors before (Score 4, Informative) 720

by Minupla (#48542609) Attached to: Ask Slashdot: Can a Felon Work In IT?

I've hired people with misdemeanors before.

Be honest about the crime, don't have it be a surprise that I find out during the background check part of the hiring process.

I also know other managers who've done the same. Its tough to find good people. A drug offense 5 yrs ago, with proof of a completed drug treatment program for instance isn't going to stop me from hiring a good IT worker.


Comment: Re: Check your local community first (Score 1) 112

by Minupla (#48395405) Attached to: Ask Slashdot: Who's the Doctors Without Borders of Technology?

I did YKnet around the same era then, out of Whitehorse. Set up an 8 line dial up pop in Old Crow, using bound analog sat channels.

I also did a stint down in the Eastern Carribean. I remember the bribes, favors, etc required to get a UPS from the dock to our building, and members of our team blocking off the main drag in town while we used the (borrowed) cargo forklift from the docks to lift the UPS up the side of the building. While we were discussing how to get it in the window the forklift driver disappeared, leaving the UPS balancing on top of a power pole. Driver was asleep under the lift. Waiting for the ex-pats to make up their minds.

Cricket games were something else too!


+ - Silk Road 2.0 Seized By FBI, Alleged Founder Arrested In San Francisco

Submitted by blottsie
blottsie (3618811) writes "The FBI has arrested the online persona "Defcon," identified as Blake Benthall, a 26-year-old in San Francisco, who the agency claims ran the massive online black market Silk Road 2.0. Benthall's FBI arrest comes a year after that of Ross Ulbricht, also from San Francisco, who's alleged mastermind of the original Silk Road and still awaiting trial.

The largest of those reported down is Silk Road 2.0. But a host of smaller markets also seized by law enforcement include Appaca, BlueSky, Cloud9, Hydra, Onionshop, Pandora, and TheHub."

Comment: Re:Just ask your bank to send you (Score 2) 126

by Minupla (#48306573) Attached to: Flaw in New Visa Cards Would Let Hackers Steal $1M Per Card

proper Faraday cage has to have no gaps,

Acutally not quite accurate - a faraday cage that blocks at all wavelengths would need to have a very small mesh. Rule of thumb is you want your mesh to be less then 1/4(c/freq) m.

Since freq in the case of NFC is 13.56 MHz, that will yield us with 22/4=5.5 meters (excuse the rounding, you get the point) so anything you can wrap around your wallet is going to do the trick.

Google NFC blocking wallets for some selections.

Source: I attend hacker conferences. All my credit cards are NFC enabled. I don't want to have conversations with my CC company that starts with "I was at Defcon when..." - those don't end well!

Comment: Re:Good luck with that. (Score 5, Interesting) 558

by Minupla (#48238167) Attached to: Rite Aid and CVS Block Apple Pay and Google Wallet

Actually, post Chip+Pin (and RFID interact flash for that matter) this sort of attack isn't possible. That's because the chip inside the card creates a unique one time approval for the transaction. The approval is un-replayable,

At worst, attack wise, you might be able to perform a turnstile attack on it (Interac flash reader, taped to a turnstile say), but transactions over Interac flash are capped at under 100$ and every 5 transactions you have to re-auth with a full chip and pin, so the banks' risk is pretty limited there.

Disclaimer: I've not done an indepth analysis of the security controls myself. I know there were some weaknesses in the Euro implementation around not signing the list of allowable transaction verification mechanisms or somesuch (look up the blackhat talk if you need to know) but it's a LOT more difficult these days then inserting a skimmer on the terminal and video recording the pin. (Interac was always two factor, until interac flash).


Comment: Re:Until we upgrade the dumb bunnies (Score 1) 384

by Minupla (#48202743) Attached to: Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

World wide 2013 air crash fatalities: 29
World wide 2010 traffic crash fatalities 1,250,000 (est)

So unless you're going to argue that I'm 4310300% more likely to walk away from a fatal car crash, we're better off spending money there, looking at it from an objective point of view.

Fear drives us to make poor decisions. I fly a lot, but I understand that I'm just as dead from making an error at 70 mph as I would be asleep in my seat when the back end falls off my 737. Just 4310300% more likely to experience the former then the latter.

*disclaimer: Yes, I know, I mixed statistics from 2013 and 2010 above. I was too lazy to go back and find 2010 air crash statistics, but I seriously doubt it impacts the statistical analysis any more then the rounding error in the world wide traffic fatality stat.


Comment: Re:Until we upgrade the dumb bunnies (Score 1) 384

by Minupla (#48202647) Attached to: Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

On traffic safety, agreed, long term, autonomous cars are the way to go. Some of the answer there is time and market forces, but I suspect a billion or two from the war on terrorism could move that along nicely. Faster technology evaluation and approval pipeline, more money for NSF funded core research, etc. But nearer term there are technologies that exist in high end cars that would lower traffic fatalities tomorrow if available in all cars. Blindspot object detection, lane departure alerts, etc. If the concern is about an objective attempt to lower the number of people who die each year, a dollar spent in this area is going to save more people than a dollar spent in airport security.

On diseases, if you're talking about a billion dollars to paradrop a few thousand doctors into africa to do contact tracing, then you have my support. If on the other hand you're discussing mobilizing the national guard to protect North America from Ebola, not so much, spend the money on the flu, which kills many more people world wide. If we do the right things in Africa, Ebola will never be more then a hideous way for a couple of people to die in the US. This is one of those situations where the "Protect the Homeland" mantra is worse then useless.


Whom computers would destroy, they must first drive mad.