Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment PCI Compliance instead? (Score 2) 205

Have you considered offering PCI Compliance rather than pen testing? While there are guidelines its a lot easier of an industry to break into without prior experience. A good pentesting service can test a really wide variety of things - a company that I used to work for would not only do the standard scans/attacks with ~40 different commercial and free tools, but also social engineering tests, mailing people usb sticks with autorun exploits, and stuff like that. I didn't get the specifics, just kind of the vague outline. While it's def not impossible to get into that, its something you should def do professionally before offering it as a service. Either way, PCI Compliance testing is like a watered down pentest, in which you're not actually supposed to break into anything. It also has a really wide variety of much smaller customers that are required to have it performed for various payment industry related reasons. A PCI scan can be anything from a half-arsed SAINT scan with minor notations, to a fairly comprehensive set of manually verified tests for things like SQL injections and XSS vectors.

Comment That question is actually a class of questions (Score 2) 252

I'm pretty sure that no student taking that test would perceive that question as being an example of how to write a program. The AP Computer Science exam takes a perverse delight in double checking that every student can read deliberately confusing code. The posted question is just a mild example. I feel that criticisms of questions of that type should be leveled at exactly what's being tested - reading rather than creating code. I know I personally minded that a large number of such questions on the test when I took the exam were fairly spacial in nature - like predicting the bitmap output of a function.

Comment I would do exactly what you outlined (Score 1) 137

A place I worked for did exactly that. There are a few details that you should attend to - give out ip addresses based on the ssl certificate used by the openvpn client (and make sure you don't deploy the same ssl cert to two servers!), and have a method of restarting openvpn every time it crashes/disconnects (and exits). You'd be surprised how flaky enterprise internet connections can be. From there my work kept a database of all the openvpn servers and used it to generate a nagios config. Honestly, I've never loved nagios since it frequently doesn't QUITE do what I want, but it's good enough. If your clients are all internet accessable, I've been using a slightly expensive commercial service call Monitis which I really like. Contrary to what a number of people here have said, I don't think you need a network admin at all, if you can get the vpn stuff working with a simple acl (to keep clients' interns from bothering each other) then you should be set.

Comment My Dad did that (Score 2) 419

My dad did that, but for fairly different reasons. His friends convinced him that their area of Yugoslavia was pretty unimpacted by fighting, so we visited. It was honestly one of the more interesting vacations I've taken; the entire country was completely economically devistated. Fortunately I don't think any of the involved governments (we're American) ever found out about that somewhat irresponsible vacation.

Comment Re:DH, FTW (Score 1) 178

Their service is pretty inconsistant. I think most of their customers get frustrated when they're initially filling the server - they don't do a lot of administrative oversight into what goes onto their servers, and it really shows in the first 3-4 months you are a customer of theirs. The reason they come up however, is they offer all of the stated services except VOIP. And I wouldn't use their VPN, though they offer VPN services. You can always use SSH Tunnels. I think there's a real logistics problem in offering that wide a variety of services, which is why most hosting companies won't do so. The original poster may have 5 providers, but each of those providers only has to stock admins to deal with 2-3 of the requested services.

Comment iMail has a history of infinate recursion (Score 4, Interesting) 158

This isn't the first infinate recursion iMail bug. Around five years ago I worked for a webhost at which we had customers complaining about there being nothing in their INBOX. When we checked, we'd find a giant tree of INBOX folders - for some reason iMail would create a new subirectory called INBOX every time it logged in, and then make the *new* INBOX folder the default INBOX. All the mail would still be delivered to the original inbox...

Slashdot Top Deals

The universe seems neither benign nor hostile, merely indifferent. -- Sagan