Forgot your password?
typodupeerror

+ - Ars Technica and Cisco Provide Another Example of Bad Security Reporting

Submitted by wjcofkc
wjcofkc (964165) writes "It was recently reported by Cisco, Ars Technica, and reported on Slashdot that Linux based web servers running the 2.6 series were being attacked and infected with Javascript intended to allow attackers to serve up a variety of malicious content to the visitor. White Fir Design begs to differ, pointing out that the websites are not even all running Linux, much less the Linux 2.6 Kernel."

Comment: Re:Interesting! (Score 1) 143

by velkro (#36212106) Attached to: American Airlines Expands Streaming In-Flight Movies
Correct. Provided the Aircraft has had EMI testing done, using WiFi isn't a hazard. Using your cellular radio is a waste of time, as you just drain the battery above about 10,000', but WiFi and Bluetooth work nicely. It's the same reason some airlines (I'm looking at you, Air Canada) now only allow earbud headphones connected to their IFE system during taxi/takeoff/landing. It's so they can get your attention if 'shut goes wrong'.

Comment: Re:Not shocking. (Score 1) 337

by velkro (#34542898) Attached to: SatPhones — Why Can't They Make It Work?

Look at the downside. Even the phones on planes tend to use ground towers because of cost.

Actually, most of the phones on planes use Satellites, since, well, there's no ground stations when you're flying over the ocean :) Aircell is the exception, but that only works over the continental US, and IIRC you need to be > 10,000 ft above ground.

Comment: Re:Try a VM setup. (Score 1) 395

by velkro (#29204993) Attached to: Company Laptop, My Data — Can They Co-exist?
I have exactly the same setup - personal MacBook Pro, running an official company sanctioned (and licensed) Windows XP image from the IT Dept. Works quite nicely. The image is backed up to Time Machine, so when I travel for personal reasons, I simply delete it and restore it when I come home.

It could get ugly legally, but with a decent lawyer you should be able to prove the logical separation, and let whomever needs it take the copy of the VM and do whatever they want with it while keeping your personal stuff intact and private. I wouldn't be surprised if this starts to become the norm in the tech industry, as it solves lots of problems for employees who frequently cross the work/home/life balance.

Note that I primarily work from home, which makes things a bit simpler.

Comment: Re:oh good... let's all bury our heads... (Score 4, Insightful) 270

by Obasan (#24541983) Attached to: Massachusetts Sues to Halt Defcon Subway Hacking Talk

I don't agree with the Massachusetts decision to attempt to stifle the presentation. This was foolish on a number of levels, not the least of which was it will probably help draw far more attention to the hack than it otherwise would have obtained.

That being said, it is perfectly reasonable to not "fix" a system if the cost of the fix is more than the cost of fare evasion. Look - in many cities "evading the fare" is as simple as getting on the bus and choosing not to pay. These systems depend on users for the most part obeying an honor system with periodic random enforcement by transit personnel checking for passes / ticket validation. This is done across Europe and in a number of cities in Canada (not sure about the USA). Why do this? For starters most people aren't jerks, and pay their fares. Second, there will ALWAYS be a way to evade a fare system without massive (expensive) enforcement that would cost far more than the added fare revenue. You would not get on one of the systems where there is no ticket check on entry and then crow about how you evaded the system (or you wouldn't without looking like a complete dork).

It's worth noting that this injunction is not analogous to software companies hiding known exploits in their systems where their customers may suffer the consequences. Boston IS the end user.

Moving people from place to place should always be the highest priority of transit authorities. In general most people are good about paying their fares. Dealing with smalltime one-off thieves is a waste of their resources.

If you use the system without paying, you are a thief and you are doing a tremendous disservice to your fellow citizens.

Businesses

+ - Business Week shows offshoring bad for the economy->

Submitted by
Obasan
Obasan writes "A 'gaping flaw' in the way economic numbers are computed may be the cause of a disconnect between GDP growth claims and actual growth, especially in terms of real wages, a phenomenon many of us are at least anecdotally familiar with. Business week calls this gap "phantom-GDP", gains in reported GDP that cannot be correlated with domestic production."
Link to Original Source

Comment: Re:Talk about internal benefits first (Score 1) 144

by velkro (#18979051) Attached to: How Would You Benchmark an IT/IS Department?
I just finished doing a bunch of paperwork for one run by Hackett (we also looked at the other 3 above). There are really too many things to compare, and your question was too vague. Do you want to compare performance (uptime, mttr, etc...), costs (cost per support call, costs per server, etc...), maturity (Standard Operating Procedures, compliance to ITIL, COBIT, etc... ) or maybe all 3?

In any case, the big 4 consulting companies can help with this... like legal advice, Slashdot isn't a good source for comparison :)

The biggest mistake you can make is to believe that you are working for someone else.

Working...