Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: I have been in cyber security exercises (Score 1) 124

by dremspider (#48801425) Attached to: Do We Need Regular IT Security Fire Drills?
I thought they would be awesone until I realized what they were. Mostly a way to show off to higher ups. The bulk of them end up being about showing off pretty charts and dashboards no matter how useless those charts are. How you can make these work is tell your staff that management will be hiring a pen test sometime in the next six months but they won't get any more detail. This allows you to test your staff whole making them be more on their toes in case a real attack happens.

+ - The Security Industry is Failing it's Customers->

Submitted by dremspider
dremspider (562073) writes "An op-ed article stating that security industry is failing its customers overall and how the industry can overall get better. Increased spending on security hasn't been helping the industry as has been seen in light of larger security breaches. This article is promoting that instead of having individuals who are trained in information security the industry as a whole needs to shrink and instead the responsibility of security needs to be propagated throughout the organization. This means that instead of trying to train a few in information security,everyone must be trained and how it relates to their roles."
Link to Original Source

Comment: My take on this... (Score 5, Insightful) 241

by dremspider (#48584967) Attached to: Is Enterprise IT More Difficult To Manage Now Than Ever?
I have been in IT for about 10 years, so I am not sure I am completely qualified to say since forever, but I would say that the issue is we are now competing with cloud providers as to the expectation of our customers. For example, Gmail offers you 15 GBs for free and IT customers wonder why they only have 2GBs at work. Most cloud services have pretty amazing up times, and people wonder why your IT dept. can't do the same thing (no matter how well staffed it is). People are seeing the consuming of resources as free and then trying to IT accordingly.

Comment: trust (Score 5, Insightful) 85

by dremspider (#47922967) Attached to: Why Is It Taking So Long To Secure Internet Routing?
Most of these solutions require some sort of central authority to manage the security of all the routes. Sounds great until you realize that there is no one that all the users of the Internet can trust. I am not even sure that users can trust their own governments to manage this without exploiting users for the sake of surveillance let alone other countries trust one another. If you can't trust one another the best thing to do is remain insecure but watch each other like hawks for any foul play.

Comment: Smart cards work (Score 2) 113

by dremspider (#47559037) Attached to: Ask Slashdot: Open Hardware/Software-Based Security Token?
I have had a smart card setup for a little while. I use it for both OpenVPN and SSH access. I created the card by making my own CA and then using OpenSC to write to the card itself. There are some other cool things you can do like us it for PGP signing. I got a whole kit for about $100 bucks that came with a reader/writer, 2 cards and one USB thing.

Comment: Re:Expensive Middle Class Sport Losing Patrons (Score 1) 405

by dremspider (#46804889) Attached to: In a Hole, Golf Courses Experiment With 15-inch Holes
BS... for one thing you can get into cycling paying from the $800 - $1200 range and get a pretty decent setup. Even if you spend more (in the $2-3000 dollar range) you can get a really nice set up. Of course if you wanted to buy a used bike then all these numbers would drop. If I bought cheap used clubs for $200 (not really fair because I am looking at crappy used clubs vs. a decent bike). The cost of entry would be lower, BUT you are forgetting one very important thing. I can use my bicycle as must as I want for free after that initial cost. Golfing costs me money every time I want to go play ranging from $8-10 to hit golf balls to $40+ to actually play at a real course. A well maintained bicycle will last at least 8 years even riding it pretty hard.

Fixed costs
$2000 for bike
$300 for clothes, shoes
Annual costs
$200 for maintenance (if you are able to do it on your own this would come down)
5 year total cost = $3300

Fixed costs:
$200 for used golf clubs just to go with your scenario
Annual Costs:
$750 for 15 rounds of golf at $50
$240 for 30 set of balls at a driving range $8
5 Year total cost : $5150
Keep in mind that with bicycling I can ride 3+ times a week. I would also argue that cycling is a better workout as well. Your crazy contrived situation is absurd. I am in a group with a number of people and all their bikes range from $600 to maybe $2000. Some of the bikes are well over 15 years old and none of us really care. The only reason you need to spend that much is if you are a) a professional or b) need to keep up with the Joneses.

Comment: Any plans of getting a proper auditing daemon? (Score 1) 290

by dremspider (#46410627) Attached to: Interview: Ask Theo de Raadt What You Will
I know there is systrace, but that really isn't what I am looking for. Will there be plans to have a proper auditing daemon be able to monitor system calls in a log file? Being security centric, I would think this would be something high on the list. I know it puts a lot more load on the system and may be difficult for smaller systems, but auditd logs are considered good practice in Linux and FreeBSD. Any chance this will make it into OpenBSD at some point?

Comment: Re:Wise (Score 1) 178

by dremspider (#45669863) Attached to: FreeBSD Developers Will Not Trust Chip-Based Encryption
Oh ye wise and knowledgeable anonymous coward. Pray tell how would like them to store the key to verify the server on another system? If they break into your system as root who the heck cares that they can now masquerade as your system? They already have access to YOUR system so what more damage can they do by man in the middling you as well? Tell us what you would do to fix it and what benefit it would provide.

"Text processing has made it possible to right-justify any idea, even one which cannot be justified on any other grounds." -- J. Finnegan, USC.