Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: LifeEnsured ftw (Score 1) 402

by michaelaiello (#37912216) Attached to: Ask Slashdot: How To Securely Share Passwords?
I run a company http://www.lifeensured.com/ that exist for the explicit purpose of preventing these kinds of issues when someone passes away. We've got several happy customers, are backed by an irrevocable trust and get a feed of people who have passed away from the social security administration (in addition to letting people select someone to verify that they have passed away)

We've also put together http://www.deceasedaccount.com/ where we reviewed all of the privacy policies for major sites and pulled out the processes they require if someone passes away. We also had a lawyer pull relevant laws which you can use to help get access to things from internet companies if you are having trouble.

For the security minded. When we take a password, it is encrypted with a 2048 bit public key. The private key is stored offline. We only decrepit passwords when we have verified one of our clients has passed away and the process involves a human who has undergone a background check.

Comment: Be a doctor, not a cop. (Score 1) 363

by michaelaiello (#24735147) Attached to: Are IT Security Professionals Less Happy?

I work in IT security for a large financial firm. We've spent a good amount of time convincing the development community and the business that security is THEIR responsibility and have built processes to reinforce this (i.e. if folks want to do truly risky things, we can make them go get signoff from senior management). With check in place, I feel we take the approach of "doctors" for applications/architectures.

Dev team is building a new architecture to trade with an exchange? They ask us to review their architecture before they build (sort of like a checkup before going to climb a very dangerous Mt. Everest).

User accidentally e-mails confidential information to the wrong counterparty? We help them work with legal to get things cleared up, give training on appropriate data handling and add client controls to their outlook. (I.e. tell a kid not to run with scissors, take away the scissors and put band aids on the wounds)

In this light, I feel I'm proactively helping folks and treating those who have run intro trouble. Security folks are able to have a broad view of the solutions available to common problems (even outside of security) and teams get value out of this. I've even had folks say (and mean) thanks after meetings that involved them totally re-architecting their application. With the right approach, you can be more than a roadblock...

Power corrupts. And atomic power corrupts atomically.

Working...