Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment The impossible: DELIVERED! (Score 1) 497

I think you know what you're asking for is impossible, John. Is that your point?

Physical penetration tests can validate the presence of password lists in wallets, in desks, and in caches on workstations. I think I can say with confidence that there are no sources of metrics for what you have specifically asked.

So where are we then? No one can prove anything and therefore we can all claim to be correct? That's awful. That's also the state of the security industry; mountaintop sages and so called best practices sold by vendors.

Your suggestion on having a little book with them is also pretty bad. It breaks the password model of being something you know to something you have.

Remember everyone, multi-factor authentication should be a combination of something you are, something you have, and/or something you know.

If everyone did as you suggest, all thieves would have to do would be to throw an admin in the back of a van. In fact, I'm surprised that we haven't been seeing more of that anyway.

Comment Password aging and complexity = lists (Score 2, Interesting) 497

If anyone gathered metrics on such practices, I would bet that for most environments, they would find that it yields the opposite effect of what is intended.

It makes strong passwords and lots and lots of password lists under keyboards, in text files, and on post-it notes.

I gave a little talk at a Toorcon event a couple years ago where I included some pictures of password lists found in the wild.

I think everyone competent knows about these things, they just choose not to say anything about it because it is a "best practice."

Comment I've been paid for it (Score 1) 735

As a consultant, I was paid quite a lot for being available for an on-call basis; several thousand a month.

I also didn't have to do much when things happened. I would join a call, establish that it was not my problem, and then drop off.

If you're deeply concerned for your jobs, get better at your jobs and leave your bad gigs. Retention and performance problems should correct this problem of thinking that management assholes can get people to work for free. They would never work for without compensation. Why should people who are smarter than them?

The Internet

Submission + - SPAM: Malware knocks out U.S. Marshals Service network

coondoggie writes: "Malware Wednesday crippled Windows-based computer systems at the U.S. Marshals Service, which hunts federal fugitives and operates the country's witness protection program, knocking the agency's network offline. The agency's press office confirmed it was having network problems and that its e-mail system was down this morning, but it was unclear if the outage extended across the entire network. The press office said a statement would be issued today, but has yet to be released. [spam URL stripped]"
Link to Original Source
Linux Business

Submission + - Italian firm: Microsoft Out. RedHat and IBM In. (

ruphus13 writes: In what is being hailed as a good win for Open Source and IBM, Gruppo Amadori has begun to phase its 6,000 employees off Microsoft products and on to Red Hat and IBM's Lotus Symphony. From the article, "Italian food company Gruppo Amadori [is] rolling out Red Hat Enterprise Linux with desktops running IBM software, much of which is free, and some of which has open source roots. About 1,000 of the company's 6,000 employees use computers and will move to Red Hat's platform and IBM Lotus Symphony--a free software suite with long-standing open source roots, although it's not developed as open source any longer. The company will also switch from Microsoft Exchange to an IBM Lotus Notes and Domino environment hosted on Red Hat Enterprise Linux."

Submission + - MS Nailed with $200M MS Word Patent Infringement

nandemoari writes: "Microsoft has been slapped by a heavy hand for including a Canadian company's technology in Microsoft Word. A Texas federal court recently decided that the Redmond-based firm infringed on Toronto-based i4i's XML-based patent. Unfortunately for Microsoft, on Wednesday a Texas judge agreed with i4i's complaint that MS violated the patent through its system for processing Word files via embedded codes that show instructions on how information is presented. Microsoft's not taking the $200 million ruling lying down. According to Microsoft spokesman David Bowermaster, the company will request that the court overturn the order."

Submission + - Adobe uses DMCA on protocol it promised to open

An anonymous reader writes: Despite promising in January to open RTMP Adobe has apparently issued a DMCA take down request for an open source implementation of RTMP. The former SourceForge project page of rtmpdump now reports "Invalid Project". rtmpdump has been used in tools such as get_iplayer and get-flash-videos. Adobe is no stranger to the DMCA, having previously used it against Dmitry Sklyarov.

Submission + - Another Invasionary Species by the USDA? (

gpronger writes: USDA proposes to use a Spanish wasp for weed control along Mexican-US border. Carrizo Cane, a tall reed that grows along river banks, etc has spread rapidly along the Rio Grande. The height of the reed, and the density that it grows, gives cover to illegal immigrants. The wasp lays it eggs inside the stem, causing the plant to dwarf or die.

The question to ask though, is what other agricultural plants it may go after once released?

Have we ever had a purposeful release of a foreign species that went as planned?

Life in the state of nature is solitary, poor, nasty, brutish, and short. - Thomas Hobbes, Leviathan