Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Blameless employees? (Score 1) 340

by Ravaldy (#48666559) Attached to: Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't)

I appreciate your opinion even if I don't completely agree.

There are plenty of salesman that promise such things, however, who is going to have the access to set it up and then how are any of these things going to stop someone with physical access to the equipment?

This is where you get to thin the herd. Instead of 15 people with access you may only have 2. In addition some of these solutions are managed by 3rd parties which means the local admins have no access at all to the remote logs (A perfect system as far as I'm concerned). All the local admins can do is disable the service but that will only trigger a phone call to get it back on and possibly an investigation by the higher up.

Fact is that no ones job should go unmonitored especially when it comes to security. I have a friend who works in a gold processing plant and every single time they leave the building they are stripped of their lab close and searched. If gold processing labs warrants this it's because people when given an opportunity may take it. This is just as true for IT admins with access to sensitive data.

Comment: Re:Tesla owners keep telling me no... (Score 1) 133

by Ravaldy (#48654823) Attached to: Tesla About To Start Battery-Swap Pilot Program

Actually, don't take their word, take the submitter of the article posted a few months ago on /. I searched but there are so many topic including Tesla. It was an article talking about the rapid charging stations (30 minute charge time if I recall) and in that same article there was a statement from someone (not sure who) that Tesla would rather focus it's effort on charging stations due to the complexity in create an exchange network.

I also just spoke to my co-worker and he said that this information came directly from the dealers (months ago). He also mentioned that as a customer they get lots of inside information about the car and the car company's plans (information I'm sure is available to all). Being that Tesla owners tend to be enthusiast, I would take their word over a commenter on /. that doesn't own a Tesla.

According to my co-worker, the reason why charging stations are probably going to pop up before swap stations (where I live), is that the space requirements for batteries is hard to accommodate for many gas stations. In addition there needs to be a distribution system which handles the delivery and recovery of batteries. The other option is to have the gas stations themselves recharge the batteries but this isn't ideal for a few reasons:
1. The gas station will have to invest into chargers which will be obsolete before they are paid for
2. Extra staff required which means you either need volume or you need to charge the customer for the extra cost of storage, charging and labor. The $5.00 charge is now starting to look like $40 / charge.
3. You are relying on a minimum wage employee to take care of very expensive batteries
4. You are asking the gas station to get certified to carry large quantities of these batteries which in those quantities is considered to be a hazard


Comment: Re:Blameless employees? (Score 1) 340

If you can't trust the people with physical access to the equipment with the data on it then you have the wrong people.

That's an acceptable statement for small corporations but for large enterprises or corporations with outsource IT, its necessary to have security auditing as you cannot completely trust all your staff (Especially the ones you do not control). People change over the course of their employment. Some staff that may have been trust worthy may develop a sense of entitlement and power. This isn't always obvious to the naked eye. This is why one keeps live tabs on security changes. There is plenty of solutions out there to do this and all this secured from the admins themselves.

The same way call centers monitor their calls (as a deterrent for bad behavior), IT should monitor their staff's activity ESPECIALLY as the security access level.

Comment: Re:Tesla owners keep telling me no... (Score 1) 133

by Ravaldy (#48652931) Attached to: Tesla About To Start Battery-Swap Pilot Program

Because they get direct communication with their dealers. If you owned a Tesla you would understand how close a relationship they keep with their customers. Lots of communication via mail and many yearly appointments at the shop for maintenance. I work with 1 Tesla owner and player hockey with 2 others. I hear the same story from all 3.

Comment: Re:Blameless employees? (Score 1) 340

There are legitimate requests made via email that can be problematic for the individuals. Please don't dilute the legitimacy email because a few odd emails go offside.

FYI. By default only the user can view/edit his emails on Exchange UNLESS the IT grants himself permission. This is why large corporations perform security auditing to see if their own admins are granting themselves access to restricted data.

Comment: Re:Blameless Random Employees? (Score 1) 340

With the amount of data moving in/out of Sony daily, I doubt it would be noticeable. If done right nobody would see this happening at all

As for admin password policies and picking the right people... it's all rubbish. You can never pick the right people. You can only pick the least at risk people if that's even your choice as a CIO. Sometimes the worst person to give admin passwords to are the leaders, yet if they come to you asking for it you'll hand it over.

The fact is that until you get targeted by an elite group of hackers (don't know if this is the case here), you won't know if your systems are secure enough.

What this country needs is a good five dollar plasma weapon.