Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:I can't find the commercial speech section (Score 1) 239

by omglolbah (#49255397) Attached to: FAA Says Ad-Bearing YouTube Drone Videos Constitute "Commercial Use"

He's monetizing the videos on youtube and earning advertising money himself. His case is weak as hell as a result...

From article: "Hanes told me that his videos are technically "monetized" on YouTube but that he has never received a payment from Google and the revenue he's technically earned from Google’s ads is less than a dollar."

Comment: Re:I can't find the commercial speech section (Score 2) 239

by omglolbah (#49255395) Attached to: FAA Says Ad-Bearing YouTube Drone Videos Constitute "Commercial Use"

The guy has flagged his videos as monetized and earn advertising money from views.

If the videos were NOT monetized he would have a much better case...

From article:
"Hanes told me that his videos are technically "monetized" on YouTube but that he has never received a payment from Google and the revenue he's technically earned from Google’s ads is less than a dollar."

Having low views and not making much from it is hardly a defense.

As much as I hate to say it, he is monetizing his drone flights and is sort of screwed...

Comment: Re:What took them so long? (Score 1) 212

by omglolbah (#48648417) Attached to: Cyberattack On German Steel Factory Causes 'Massive Damage'

Virtually all oil and gas rigs in the North Sea are connected (through firewalls of course) to the corporate office network.

Most of them are now moving to "Integrated Operations" which is a buzzword they came up with for "remote control room and maintenance" where the network is extended to vendor locations so that we do not have to send people out to the rig to look at stuff. We just call the rig and ask them to open the 'gate' so to speak and we get full raw network access to the secure network from a dedicated switch at our offices.
This is of course all tunneled across the internet... *sigh*

It is going to go horribly wrong at some point, I just hope I am on-shore when it happens.....

Comment: Re: What took them so long? (Score 1) 212

by omglolbah (#48648393) Attached to: Cyberattack On German Steel Factory Causes 'Massive Damage'

A safety valve -should- go into a safe position when power is lost. Virtually all such valves will be hydraulic anyway (at least in the oil/gas business where I work anyway) and can be operated manually with stored pressure.
The issue in the case of the steel plant is knowing what a 'safe' state is for the valves. That requires a proper consequence analysis with a resulting "cause and effect" matrix for executing safe shutdown. It is tedious as fuck, and expensive as all hell, but mostly worth it. Alas people tend to overestimate the rarity of such events and go or the "save us a bit of money now" solution :(

Comment: Re:What took them so long? (Score 1) 212

by omglolbah (#48648337) Attached to: Cyberattack On German Steel Factory Causes 'Massive Damage'

With sufficiently 'annoying' security practices, people stop following them.

We were issued password-protect usd sticks for secure use at work, and a month later we got ones without passwords. Why?
People found the encrypted and protected sticks "too cumbersome" and just went out and bought a cheap 16 gig stick for themselves....

I bet the procedures will not be properly followed until one of the oil rigs get taken down. It pains me to know the issues and have zero ways to affect it....

Comment: Re:What took them so long? (Score 1) 212

by omglolbah (#48648309) Attached to: Cyberattack On German Steel Factory Causes 'Massive Damage'

Except things that we regularly bring to oil rigs and plug into the 'secure' side of the network: .xlsx and .docx files containing installation instructions and checklists .pdf files with 'red markups' of changed logic .exe files fetched from manufacturer websites with firmware upgrades
A ton of files in proprietary file formats we have no actual way to check the contents of other than trusting the software which created the files.

We essentially have to trust that McAfee and MS endpoint protection will keep stuff out... (office net scans with endpoint, secure side with mcafee)

It is far far faaaar from perfect, and the staff there make it less so by putting usb sticks on their KVM boxes so every time they hop from office->secure and back they re-mount the drives automatically... it is cringeworthy for sure, but nobody sees the issue, or they plain dont care.

Comment: Re:fire them (Score 5, Interesting) 110

by omglolbah (#48626803) Attached to: Hackers Compromise ICANN, Access Zone File Data System

We have a document control system at work, it has grown to such a degree that adding a document is a 3 day process involving a document controller and various other tasks. If the document does not fit a corporate template it may get rejected.

At that point people tend to go "fuck it" and just send around work copies until it is finalized and THEN go through the hassle.

It is unfortunate, but I've seen it happen in two different companies so far... both multinational, both ignoring their own procedures for sensitive data.

Comment: Re:Shocking (Score 1) 224

by omglolbah (#48462401) Attached to: Top Counter-Strike Players Embroiled In Hacking Scandal

Valve has done a huge job in getting rid of those sorts of hacks. But this is and has always been a big arms race.

VAC did defeat most of this crud for quite a while, but there will always be people willing to create new hacks as long as there is money or 'lulz' involved.

Best we can really do is be vigilant and weed out those who ruin the game for the rest. Be it with hacks or just general asshatesque behavior.

Comment: Re:Various hacking tools? (Score 4, Informative) 224

by omglolbah (#48459543) Attached to: Top Counter-Strike Players Embroiled In Hacking Scandal

Wall-hacking and tracking stuff mostly. Since your client knows the location of all the players for the purpose of generating 3d sound etc you can extract that info. These hacks were distributed through steam workshop due to a flaw in that system, and were thought to be hidden from VAC.. until the bans hit ;)

How can you work when the system's so crowded?

Working...