Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:Well.. (Score 1) 63 63

It's actually the main Facebook app that I uninstalled. Messenger is OK for its intended purpose, but the main one was what doing sketchy things I didn't want. I now use a mobile browser instead, so their functionality is limited to what the browser and phone ecosystem will permit.

Comment Bell Media only hires peckerheads? (Score 1) 408 408

It seems like every time one of their senior execs opens their mouths in public, they blather on and on to show us just how clueless and tone deaf they are. It's like their recruitment process has a required check box:

[X] Yes, I am a twat!

Comment Consulting (Score 1) 420 420

Even if the job is mostly remote (as mine is), many clients want to see you once in a while. Or, maybe you are doing internal testing which requires you to be on-site, but only project-focused, not all the time. I've managed to off-shore myself (literally, on an island), while being responsive to clients and still able to travel in a reasonable period of time when needed.

Comment Pretty close use case recently (Score 1) 288 288

I forget which case it was, but there was one in the news a little while back. Some dark market guy, living on his Uni campus and doing his thing. Apparently the bust tried to do the DPR thing, but he had an encrypted, battery-less laptop and he was able to yank the power cord out.

Comment Re:Fairly easy way to protect data. (Score 1) 77 77

I find that's one of the more useful bits about PCI, is that at some point, somebody tells the company to get their house in order. Maybe not the whole thing, but there's some value to moving all of the CC data tot he closet and locking THAT.
My general security side says they should apply that principle elsewhere, but it's a harder sell when the rest isn't directly tied to cash flow.

Comment Re:Lots of tools, not a lot of experience (Score 1) 77 77

These companies seem convinced there is financial reason to keep everyone else's data, and maybe there is. If so, it behooves them to do so correctly, according to the value of what they hold. If they think the data is worth less, a painful lawsuit judgement may change their minds. (See Ford, and Pinto gas tanks.)

Comment Re:Fairly easy way to protect data. (Score 1) 77 77

I'm in the security industry, and this approach pretty much sums up what I try to instruct my clients to do. It differs of course from the piles of unprotected, unaudited, unmanaged fluff that some management wanker thought might be handy to keep around. Even restricted to such a constrained, specific scope as credit card data makes them blanche, I can't imagine them making the leap to more loosely guarded information without a business case.

Comment This grief can bite you a few ways (Score 1) 204 204

I deal a lot with clients who have compliance requirements such as PCI. This sort of thing is an endless source of grief, where the, "it doesn't matter, it's just an appliance" phrase comes up all the time. You have devices put into PCI-scoped network zones to do a job, but which are either using a dusty version of a commodity OS under the hood, or don't support a bunch of requirements like account controls such as password complexity and account lockouts.
Being big-name security appliance and networking companies, it's tough to justify taking them all out back to the shooting range. But I'd love to...

Comment Securing cloud data (Score 2) 24 24

What they need to do is implement client-side encryption before it gets uploaded. Sure, we can use something like EncFS to let Dropbox host only files I've already encrypted, but other cloud-storage companies like SpiderOak have written themselves out of access to my file contents.

Comment Yikes. This handles people's money (Score 1) 348 348

In my humble experience, POS systems are those most forgotten, and least protected once you get on to the network. Few patches if any, and the vendors often squawk about only supporting ancient versions of Windows XP. Yes, the POS systems are probably Windows. Probably no AV either, and quite likely all administered with shared accounts that everybody knows. A firewall is by far the least they should be doing.

My mother is a fish. - William Faulkner

Working...