Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:Intrusion Detection Systems (Score 1) 156

Some people with network connections do not bother running an IDS, as it is easily bypassed, and often offers little value added. Additionally, if one were to have an IDS, what good would it do you unless you are actually watching it, and tuning it? The staffing required for something like this on a national scale would be prohibitive.

We also have to consider that to monitor all of the traffic with an IDS, you must have access to all of the traffic. Although we believe this is already occurring, you can be certain that your traffic will be watched if a country-wide IDS system is in place, and there will not be a law preventing the US govt from spying on you and others.

The USA and Britain are losing so many rights in the name of security today. It is alarming.

Comment Use Social Networking to Defend Your Reputation (Score 4, Insightful) 474

Social networking sites can be one avenue in which you lose your privacy. However, there is another side to this coin. Namely, do you want to be able to make your identity online, or do you want others to determine your identity?

By using LinkedIN, Facebook and others, you can craft a very professional image that is put forth. In kind, you can be selective as to who you allow as a 'friend' or 'contact.' Therefor, your professional image retains intact.

Obviously you want to avoid posting pictures of you doing your last beer bong, or wearing a lampshade on your head, whilst posting white papers, and pictures of you presenting at conferences.

Comment Re:It's not about the government (Score 4, Insightful) 269

Canada clearly has a distinct culture, that many of its people want to preserve. However, it does seem that some Canadians do go a bit overboard with it.

When traveling across Europe, or Australia or NZ, it is quite easy to pick the Canadians out. It seems that a very large percentage keep a Maple leaf somewhere on their body or clothing. Evidently, they do not like people assuming that they are Americans due to their accent, so they over compensate.

Since many people have noticed this attitude from Canadians, they usually will not ask someone if they are American if they meet them, so as to avoid offending the Canadians. Instead, they inquire whether one is from Canada, since it seems rare for an American to be insulted by this question.

I think this is a little like a little brother / big brother rivalry. Although Canada is large geographically, it clearly does not have the population of the USA. As such, there is not a concerted effort of Americans trying to implement imperialism over Canada, it just happens due to the numbers. We can see similar examples of this in NZ and Australia. Another example would be Wales and England.

I cannot blame Canadians for trying to get their culture out there. However, going overboard just makes one look a bit silly.

Comment Pubs (Score 0) 146

Clearly the usual joke is how business in the pubs will increase due to this. However, I think there may be some truth to the joke.

Often times those with drinking habits/problems look for excuses as to why it is ok for them to drink. Some use silly rules such as I only drink after 5pm, others say they only binge on the weekends, and others say they are going to die anyway.

Depending on how this is reported, we may begin to see people lower their inhibition, or at a minimum be willing to take more chances with drinking, and use this as their enabler.

On the bright side, this is really cool stuff, and it is nice to see that lives may be able to be saved.

Comment Interesting -- Train is not in the list? (Score 5, Interesting) 887

It is interesting that trains are not listed in the poll, as it has been my experience that this is one of the most convenient methods of transport in large metropolitan areas. (At least outside of the US.)

I used to ride a bus to work, and then a Ferry back home in the evening. What a great way to set your mind right before getting home. Riding a boat and having a beer. :)

Now I ride the train to and from work, and have about a 10 minute walk on each side of the commute. Whilst this certainly is not as enjoyable as riding a ferry back home, it is healthier since I have to walk, and do not get the beer.

Comment Hiring the Right One(s) (Score 1) 93

It is rare that I would get into a discussion like this, since it often will devolve into the equivalent of a perl vs python war, or at a minimum, vendors will try to sell their warez.

When hiring a company for an application penetration test, I like to look towards those who are actively involved in research within the security community, and hire people that contribute to the community heavily as well. For example, does the firm have people on staff that discovered and disclosed new vulnerabilities? Does the company have people that bring new ways of attacking to market, and what tools do they make available to the community.

Quite often this rules out a number of the large companies, like the big auditing firms. (Whilst in some cases they have intelligent people, I have met an awful lot of tool monkies that worked for these companies.

Some companies that I would usually consider include NGS software (David & Mark Litfield ... known for a number of Oracle vulnerabily disclosures), Immunity Security (Dave Aitel, Kostya Kortchinsky, and Nico. These guys are very well known in the community, and are the brains behind Canvas, Spike Proxy, and others...), (Paul Craig, released iKat for kiosk hacking.), and finally, insomnia security (Brett Moore, this guy knows heaps about heaps.).

Which of these are the best will depend on the particular assessment you are having performed, and what the goal of the test is. These guys are damn smart, and very professional. Go to their sites and see what they do, and then talk to references. In the end you have to be comfortable with the company.

I hope this helps..



Why Most Published Research Findings Are False 259

Hugh Pickens writes "Researchers have found that the winner's curse may apply to the publication of scientific papers and that incorrect findings are more likely to end up in print than correct findings. Dr John Ioannidis bases his argument about incorrect research partly on a study of 49 papers on the effectiveness of medical interventions published in leading journals that had been cited by more than 1,000 other scientists, and his finding that, within only a few years, almost a third of the papers had been refuted by other studies. Ioannidis argues that scientific research is so difficult — the sample sizes must be big and the analysis rigorous — that most research may end up being wrong, and the 'hotter' the field, the greater the competition is, and the more likely that published research in top journals could be wrong. Another study earlier this year found that among the studies submitted to the FDA about the effectiveness of antidepressants, almost all of those with positive results were published, whereas very few of those with negative results saw print, although negative results are potentially just as informative as positive (if less exciting)."

Comment Re:Doesn't seem to practical (Score 2, Insightful) 122

Whislt you have somewhat of a point, the odd occasion where one may forget something and try to access the LAN at his car is an outlier to the data set. If the system notices someone from that location connecting to the network, and can either force a new authentication event requiring a local cert, or can simply shut down the AP the external person is connecting to. (Preferably shutting it down.)

As an aside, the company can also have a policy explicitly forbidding access from the parking lot. If what they had to do is so important, they can either go into the building, or wait until they are home and use their VPN connection.

Dinosaurs aren't extinct. They've just learned to hide in the trees.