Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Video Meet Mårten Mickos, Serial Open Source CEO (Video) 23

Marten was the MySQL CEO who built the company from a small-time free software database developer into a worldwide software juggernaut he sold to Sun Microsystems. Next, he became CEO of Eucalyptus Systems, another open source operation, which Hewlett Packard bought in 2014. Now Mårten is CEO of hackerone, a company that hooks security-worried companies up with any one of thousands of ethical hackers worldwide.

Some of those hackers might be companies that grew out of university CS departments, and some of them may be individual high school students working from their kitchen tables. Would a large company Board of Directors trust a kid hacker who came to them with a bug he found in their software? Probably not. But if Mårten or one of his hackerone people contacts that company, it's likely to listen -- and set up a bug bounty program if they don't have one already.

Essentially, once again Mårten is working as an intermediary between technically proficient people -- who may or may not conform to sociey's idea of a successful person -- and corporate executives who need hackers' skills and services but may not know how to find non-mainstream individuals or even know the difference between "hackers" and "crackers." Editor's note: I have known and respected Mårten for many years. If this interview seems like a conversation between two old friends, it is.

Video Harnessing Conflict in the Workplace (video) 93

Nigel Dessau has written a book titled Become a 21st Century Executive: Breaking Away from the Pack. One thing he mentions both in his book and in conversation is that you should harness conflict in the workplace rather than try to stop it. And the first name that came to mind was Linus Torvalds, and how kernel developer Sarah Sharp recently quit the kernel development team loudly and publicly because of Linus's 'Brutal' Communications Style. And now the Washington Post has put out an article under the headline, Net of Insecurity: The Kernel of the Argument, which is about Linus's management style and his recent conflicts with almost every Internet security maven within reach of his online writing. Meanwhile, at ZDNet, Steven J. Vaughan-Nichols calls the Post article "re-bundled old FUD about Linux and the internet's security."

Nigel likes Linus (as do most people who've met him in person) and points out that Linus can get away with being somewhat prickly because he's a genius. The same could be said about the late Steve Jobs and a number of other interesting leaders in the computer business. And Nigel's book and this interview also talk about something that may be more important in the long run than this year's small spate of Linux publicity, namely mentoring and how it can help millennials become productive workers in knowledge fields -- which a whole bunch of them need to start doing PDQ because all the baby boomers everybody loves to hate are either retired already or will be retired before long.

Video Can the Cloud Be More Secure Than Your Own Servers? (Video) 220

Sarah Lahav, CEO of Sysaid, believes "the cloud" can be more secure than keeping your software and data behind your firewall and administering it yourself, especially for small and medium-sized firms. Why? Because Amazon, Rackspace, and other major cloud and SaaS providers probably have lots more security experts and other IT people at their command than you do.

We've talked to Sarah before, and probably will again. She has strong opinions based on her experience in IT, and is happy to share those opinions. So take it away, Sarah...

Video F-Troop and the 'Internet of Thingies' (Video) 43

F-Troop? This is an interview with IT journalist Tom Henderson, who managed to get a mention of F-Troop into a serious(ish) discussion of "Internet of Things" insecurities. And, says Tom, the more things we hook to the Internet, the more potential security problems we create. Is it time to unplug everything because of the growing amount of unvetted software we're adding to our home and business networks? Hmmm....

Video Will 'Chip and Pin' Credit Card Technology Really Increase Security? (Video) 317

The answer seems to be: sort of, a little, but not a whole lot, according to Jerry Irvine, who is a member of the U.S. Chamber of Commerce Cybersecurity Leadership Council and CIO of Chicago-based Prescient Solutions. More security theater? It sounds that way when Jerry starts reeling off the kinds of attacks the new cards will do nothing to prevent. Even so, October 1 is the date after which merchants are supposed to be liable for fraudulent purchases made with old-style cards, and are supposed to have point of sale terminals that accept "chip and PIN" cards.

Video Security is an Important Coding Consideration Even When You Use Containers (Video) 57

Last month Tom Henderson wrote an article titled Container wars: Rocket vs. Odin vs. Docker. In that article he said, "All three are potentially very useful and also potentially very dangerous compared to traditional hypervisor and VM combinations."

Tom's list of contributions at Network World show you that he's not a neophyte when it comes to enterprise-level security, and that he's more of a product test/analytical person than a journalist. And afraid to state a strong opinion? That's someone else, not Tom, who got flamed hard for his "Container Wars" article, but has been proved right since it ran. Tom also says, in today's interview, that the recent Apple XcodeGhost breach should be a loud wake-up call for developers who don't worry enough about security. But will it? He's not too sure. Are you?

Video Veteran IT Journalist Worries That Online Privacy May Not Exist (Video) 44

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. And cynicism. Tom is a world-class cynic, no doubt about it. Why? Cover enterprise IT security and other computing topics long enough for big-time industry publications like ITWorld and its IDG brethren, and you too may start to think that no matter what you do, your systems will always have (virtual) welcome mats in front of them, inviting crackers to come in and have a high old time with your data.

Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).

Video How to Prepare for an IT Security Disaster (Video) 23

What should you do if your company's servers are hacked and your customers' credit card info or other data are stolen? Neill Feather, president of SiteLock, says you should have a plan of action tested and ready to go, the same way it's wise to hold fire drills so that everyone knows what to do in case of fire. Neill also recommends checking out the Online Trust Alliance and the many resources it makes available to businesses of all sizes whether or not they are OTA members. One document that would be a good place to start is their Data Protection & Breach Readiness Guide, which covers topics including liability and insurance considerations; basic forensics (to help catch the evildoers -- and prevent them from doing evil to you again); and even what information you should include in a letter to customers after a Target or Home Depot-type data theft. We can sum all of this up with the old saying, 'An ounce of prevention is worth a pound of cure,' but you should also know what to do if a problem happens, whether that problem is data theft, a ransomware attack or anything in between.

Video How 'The Cloud' Eats Away at Your Online Privacy (Video) 86

Tom Henderson, Principal Researcher at ExtremeLabs Inc., is not a cloud fan. He is a staunch privacy advocate, and this is the root of his distrust of companies that store your data in their memories instead of yours. You can get an idea of his (dis)like of vague cloud privacy protections and foggy vendor service agreements from the fact that his Network World columnn is called Thumping the Clouds. We called Tom specifically to ask him about a column entry titled The downside to mass data storage in the cloud.

Today's video covers only part of what Tom had to say about cloud privacy and information security, but it's still an earful and a half. His last few lines are priceless. Watch and listen, or at least read the transcript, and you'll see what we mean.

Video You Don't Need to Start as a Teen to be an Ethical Hacker (Video) 56

Meet Justin Whitehead. While a lot of his contemporaries were going to college, he became an Airborne soldier. After that he went to college, became an IT technian, got some experience as a Computer Forensic Analyst, and met people who looked like they were having a good time as penetration testers. So he took some recommended classes,got hired by One World Labs, and last week at B-Sides Austin, he and coworker Antonio Herraiz gave a talk titled 'Spanking the monkey/How pen testers can do it better.

Justin is 40, an age where a lot of people in the IT game worry about being over the hill and unemployable. But Justin's little video talk should give you hope -- whether you're a mature college student, have a stalled IT career or are thinking about a career change but want to keep working with computers and IT in general. It seems that there are decent IT-related jobs out there even if you're not a youngster; and even if you didn't start working with computers until you were in your 20s or 30s.

Video Simple IT Security Tactics for Small Businesses (Video) 32

Adam Kujawa is the lead person on the Malwarebytes Malware Intelligence Team, but he's not here to sell software. In fact, he says that buying this or that software package is not a magic bullet that will stop all attacks on your systems. Instead, he stresses coworker education. Repeatedly. Adam says phishing and other social engineering schemes are now the main way attackers get access to your company's information goodies. Hacking your firewall? Far less likely than it used to be, not only because firewalls are more sophisticated than ever, but also because even the least computer-hip managers know they should have one.

Video 'Never Miss Another Delivery' - if You Have a TrackPIN (Video) 85

The company is called TrackPIN, as is the product. Its creator, Mark Hall, showed it off at CES. Timothy pointed his camcorder at Mark as he explained how his product would let you get package deliveries safely when you aren't home by giving the UPS or FedEx (or other) delivery person access to your garage, as well as letting in selected people like your maid, your plumber, and possibly an aquarium cleaner. Each one can have a private, one-time PIN number that will actuate your garage door opener through the (~$250) TrackPIN keypad and tell your smartphone or other net-connected device that your garage was just opened, and by whom. You might even call this, "One small step for package delivery; a giant leap forward for the Internet of Things." Except those of us who don't have garages (not to mention electric garage door openers) may want to skip today's video; the TrackPIN isn't meant for the likes of us. (Alternate Video Link)

Video Chester Wisniewski of Sophos Talks About Secure Credit Card Transactions (Video) 17

Chester Wisniewski's nakedsecurity describes Wisniewski's specialty thus: "He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics." So he's obviously someone who might know a little about preventing future Target-style security debacles. We've also interviewed tech journalist Wayne Rash about this topic, and will probably interview another security expert or two. Many Slashdot users may find all this credit card security talk boring, but for those who handle security matters for a living, especially for retailers, it's vital information. So here's Tim Lord talking with Chet, who is a recognized security expert for Sophos, one of the big dogs in the IT security field, when Chet was in Texas for the latest iteration of Security B-Sides in Austin. (Alternate video link.)

Video Security for the 'Internet of Things' (Video) 106

What happens when your oven is on the Internet? A malicious hacker might be able to set it to broil while you're on vacation, and get it so hot that it could start a fire. Or a prankster might set your alarm to wake you up at 3 a.m. - and what if someone gets access to the wireless security camera over your front door and uses it to gain access to the rest of your home network, and from there to your bank account? Not good. With the 'Internet of Things' you will have many devices to secure, not just a couple of computers and handheld devices. Timothy Lord met Mark Stanislav of Duo Security at BSides Austin 2014, which is where this interview took place.(Here's an alternate link to the video.)

2 pints = 1 Cavort