Forgot your password?
typodupeerror

Comment: just start building linux servers at your job (Score 1) 298

by phek (#41137553) Attached to: Ask Slashdot: How Did You Become a Linux Professional?

Started using linux back in 95 because it was able to do some cool networking stuff that windows couldn't do (don't remember what that was any more). Used it for about a year until i got a new computer that had a win modem. Used it off and on for a few years after that. Got a job as a windows/novell sysadmin. Talked my bosses into letting me replace our broken sonic wall router with a linux based one. Started going into a linux help channel on irc and helping other people. Someone I helped came back a few months later asking if I wanted a job working from home on their linux based network. Eventually took their three shared hosted linux servers into a large, high availability network using nothing but linux devices (and a couple switches). Decided I had conquered linux and moved into software development which is what I had really been interested in all along.

Comment: Re:Technically inept and Corporate apathy (Score 1) 314

by phek (#36323456) Attached to: Embed a Video, Go To Jail?

that's only based on revenue. top 10 by market cap is apple, quanta, microsoft, google, ibm, asus, oracle, samsung, intel, cisco. 3 of the top 4 have a heavily vested interest in this. Even ibm, asus, intel and cisco have a slightly vested interest in it. Oh also, Sony only has about 12% of the market cap that apple has.

Comment: Re:PCI Compliance is basically a cover up. (Score 1) 306

by phek (#36089190) Attached to: Sony Running Unpatched Servers With No Firewall

section 6.6 isn't a penetration test. section 6.6 requires an automated scan of your network to find out what software and version is running and verify that there are no listed vulnerabilities for that version of the software in nvd. As for sony, i've heard people say that prior to this whole fiasco, their card wouldn't go through on PSN because the credit card company had them on the list of untrusted merchants. This would mean that sony probably wasn't pci certified.

Comment: Re:Pro tip about jury duty summons (Score 1) 528

by phek (#36077832) Attached to: When it comes to jury service, I ...

i've just thrown them in the trash immediately for the past 12 years. The first time i got a notice i was supposed to call in every day during some week to find out if i had to come in or not so i called for the first 2 days then quit calling. Never got any sort of warrant or notice of failure to show or anything. I have been planning on attending the next one I get, but it's been maybe 4 years since i got my last notice to appear.

Comment: Re:PCI Compliance is basically a cover up. (Score 1) 306

by phek (#36037718) Attached to: Sony Running Unpatched Servers With No Firewall

why would you even hire pen testers to point them at systems that don't contain the same software as your production? it's not like that's part of pci. As for the cost I can't really find anywhere that gives any cost of fines (though i have seen $500,000 per incident). I did however find an article saying it costs businesses on average $204 per customer for a data breach in the US (ranges from $750,000 to $31 million for total costs to companies).

http://www.securityprivacyandthelaw.com/2010/05/articles/cybersecurity-cybercrime/ponemon-study-finds-average-cost-of-data-breach-was-34-million-in-2009/

Comment: Re:Is this really relevant for PSN itself? (Score 1) 306

by phek (#36037696) Attached to: Sony Running Unpatched Servers With No Firewall

it shows that the company wasn't concerned with security. If a company was doing everything in it's power to keep it's networks/data secure it would be hard to fault them... if there is proof that they knowingly ignored security problems then they would have more liability for any security failures.

Comment: Re:Hardly possible (Score 1) 306

by phek (#36037468) Attached to: Sony Running Unpatched Servers With No Firewall

if it was "unpatched" that generally means that there were security bugs in the version of apache that was running (otherwise they would have just said it wasn't up to date which wouldn't matter). If this web server was within the same scope as their cc processing system that would probably be a pci failure (not sure what vulnerability was). No one is saying that this was some vulnerability that would have allowed an attacker to run arbitrary code as root on the server however it may have given an attacker information on how their network was set up allowing them to find a more dangerous security vulnerability. Also apache httpd server doesn't have a good record of being immune to attacks, it's just not known to have more than expected.

The following is a list of security vulnerabilities that have been fixed in just apache httpd server 2.2
http://httpd.apache.org/security/vulnerabilities_22.html

Comment: Re:Is Slackware still relevant? (Score 1) 266

by phek (#35969258) Attached to: Ubuntu 11.04, Slackware 13.37

i didn't see anything you just said mentioned in the article.

while i'm hear though, i might as well add that the reason i finally switched away from slackware after 15 years of use was that I just didn't have the time any more for the package management on it. Slackware really needs to introduce some sort of dependency setup for the packages along with repositories.

Stellar rays prove fibbing never pays. Embezzlement is another matter.

Working...