Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Industrial network (Score 1) 38 38

IF the people in charge are asking for it, find and suggest a solution that can do it safely.

I'm with you so far.

If they are not willing to pay for your solution, find another, albeit less safe solution and present it with a list of assumed risks. Rinse and repeat until you have a solution they are willing to pay for with risks they are accepting, then do that.

In my experience, any "solution" that you present will be understood to do everything that they wanted.

Even if you say that they cannot have X at $Y. They will give you $Y and then demand X.

When you cannot do so, a contractor will be brought in to set up a flawed implementation that will reduce your security BUT will provide X at a price point that you said could not be done.

Which is why we see this story pop up over and over and over again.

Comment Re:Urg. (Score 1) 43 43

Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.

Yep. Even easier if the information ("correct" answers) are available via Google.

But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.

Their thinking seems to be:

1. So, one username / password isn't enough.

2. A second password should be enough, but it will use the same username as in #1.

3. And that second password should be SUGGESTED to be based upon something that can be researched / socially engineered / tricked out of the person.

4. And entered using the same channel as #1.

Okay, if you cannot get two factor authentication then at least use a different email address for each bank AND ONLY FOR THAT BANK. Email addresses are free. And always use completely unique passwords. Not bankname1 and bankname2.

The same for the "security" questions. Always completely unique.

If you have to write them down, do so. Just keep the paper in a secure location. It's far less likely that someone will break into your house to look for passwords than it is that someone will crack your computer.

Comment Urg. (Score 4, Informative) 43 43

Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?

NO!!! It does NOT!!!

1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.

2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.

3. Find a bank / credit union that uses real two factor authentication.

Comment Mod parent up. (Score 2, Interesting) 576 576

Read carefully and you'll notice the government said he'd even have to accept the consequences of speaking out and engaging in constructive protest: they decree you can dissent against their rule, and that's well and good, as long as they can punish you for your dissent--which is precisely the situation in North Korea, where you may speak out against Kim Jong-Un, and, importantly, accept the consequences of speaking out against him.

Exactly.

If the end result of civil disobedience is the exact same in the USofA as in North Korea ... then what is the difference?

The politicians demanding martyrdom would be just as comfortable working for North Korea's government as they are working for the USofA's government.

And THAT is a very big problem.

Comment Re:Everybody List What You Think Went Wrong (Score 1) 545 545

Gamergate was ignored because gamergate is not news.

My problem with it is that even if the initial event happened EXACTLY AS CLAIMED then it is still nothing.

The "story" became the reactions to that nothing event.

And then the reactions to those reactions to that nothing event.

And now we have a post mod'ed +5 Insightful for claiming that Gamergate wasn't covered.

Comment Re:Translation (Score 3, Insightful) 576 576

And also, from TFA:

If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and â" importantly â" accept the consequences of his actions.

He IS dealing with the consequences. That's why he left.

What Lisa Monaco is pushing for is martyrdom.

We are supposed to be a country of laws. We should not have officials demanding martyrdom of those who oppose their policies.

Comment Mod parent up. (Score 3, Insightful) 115 115

What depresses me bout software is how often we JUST DO NOT LEARN!

And not just software. Look at security as well. And so many other computer-related areas.

Software development seems to be riddled with arrogant know nothings who think they can cut corners or reinvent the wheel because doing the right way isn't "7337".

For me it's more like ... someone "learned" one way of handing it when s/he was working ALONE.

Then that person never learned that the practices need to be changed when you are part of a TEAM.

And releasing your code to the public is being part of a team.

Comment Re:As a former expert (Score 2) 112 112

... the cost of breaking corporate software with an update (they just took out our scheduling program for 4 days) is very measurable and affects everyone in the company, ...

Where are your test systems and test cases?

If you want to win these fights, you have to present defensible numbers in units that the PHB's understand: Dollars or Euro.

And the core problem with estimating losses is that you are now trying to play in the realm of the PHB. You will always lose. That is because while you are spending time on productive work they are spending time on personal relationships and politics.

Any time they do not follow your advice and a disaster does NOT strike ... well it is obvious that they were right and you were wrong. So they SAVED/EARNED the company money by being more "productive". Those IT people are all "the sky is falling". Ha ha.

Right up until the systems are cracked and then they're going to blame you any way because it was your job.

Comment Re:What Security Experts Can Learn From Non Expert (Score 3, Interesting) 112 112

NOT training users not to download suspicious executables or engage in fantastic feats of memory regarding passwords.

Don't depend upon a user's memory. Tell them that it is GOOD to write down their passwords AS LONG AS THEY STORE THEM WITH THEIR CREDIT CARDS.

The solution, which security people hate to hear, is to get better at installing and maintaining multiple levels of firewall, application sandboxing and/or streaming applications for all office applications, improving intrusion detection and dynamic virus removal in real time.

The REAL problem with security is that the VENDORS do not place a priority on it.

It isn't that we hate to hear that.

We're already DOING that. But it doesn't help much when a CxO installs some infected software on his laptop (which he can because he is so important that he NEEDS admin-level access) and then brings it into the most firewalled section of the network.

Right now I'm focusing on knowing when a site is compromised rather than trying to get EVERYONE to follow the best practices EVERY TIME on EVERY SYSTEM.

Comment Re:Seriously... (Score 1) 245 245

Actually, there is a problem. Which is why the schools with less money do worse on standardized tests than schools with more money.

And the problem is that the tests are written to a specific curriculum that is clearly identified in the text books associated with those tests.

So even if a student knows MORE about a subject than is taught in a specific text book, that student can still FAIL the standardized test because s/he does not provide the answer identified in the text book.

Such as ... what are the 3 main reasons for X.

In math it is more about how the word problems are written. If the student is familiar with the way the problems are phrased it is easier for him/her to get a higher score.

Comment Re:They're worthless. (Score 1) 213 213

Maybe. Maybe not.

In my experience the tests "test" you on your knowledge of how the VENDOR would like you to "solve" a "problem".

I haven't seen any test were there is something objectively "wrong" about any of the questions or answers.

But I have seen a lot of questions and answers that are phrased somewhat inaccurately for someone with more experience than just the vendor's training materials.

So if you know the subject, a quick read of the vendor's materials should tell you where the "tricky" areas are. But if you want to skip that step, you should be able to pass most certifications without a problem.

Comment Re:IT workers and the cloud (Score 2) 138 138

Other than some common generic services you still have to engineer solutions to fit your business needs.

And even those generic services will still need someone to provide them. Whether that person is directly employed by your company or is an employee of the "cloud" company you're contracting with.

People who "know how it works", or IT people will still be needed regardless.

Most definitely. Particularly when there is a problem with your company's Internet link and everything "in the cloud" is unavailable.

Or a problem with the "cloud" company's Internet link.

In either case, you will be dealing with someone who will view you as just-another-client. It doesn't matter if you're not happy. Or if your business suffers. Because your payments will not make-or-break THEIR company.

Comment Mod parent up (Score 2) 549 549

So many times I'm driving correctly and then some idiot pulls into the "safe" space that I had AND THEN HITS HIS BRAKES BECAUSE HE ALMOST HITS THE GUY IN FRONT!!!

With an autonomous car the situation will still be the same BUT there will be a lot more data showing the circumstances that lead to the accident.

Comment Re:Against Vaccines or About Against Vaccines? (Score 2) 273 273

I see it as three different cases:

1. The health nut who is already healthy but attributes their health to this one weird secret that only a few, special, people know about. Because everyone else isn't as smart as they are.

2. Someone with a bad disease who wants some hope that they'll get better so they'll try anything.

3. Munchausen syndrome

There are worse things in life than death. Have you ever spent an evening with an insurance salesman? -- Woody Allen

Working...