Can we call it the Jolt Cola mutation?

Tetris!

In case anyone's wondering: http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionTracking

I read this and I have to think "no big surprise there." People are people. Some are good, some are bad, some doo good work, some do terrible work. Of course, if you only seek out the worst repair shops you're likely going to get the worst repairmen and worst service. This is a pretty big sampling bias, so it's no surprise that they found the bottom-feeders of the PC repair industry.

I initially started in the IT field working for myself doing computer and minor networking work for individuals and small businesses. I was always surprised at how well I was received as I was pretty young and, admittedly, not as knowledgeable as I am now. Turns out that these people were thrilled with my service because they had either had an awful experience with an IT company before or had heard of someone who had. I think that a lot of customers who weren't necessarily knowledgeable about computers were still perceptive enough to know that they weren't being ripped off (and, when with certain previous IT companies, were being ripped off).

Fast forward a bit and I've held a number of different positions in the IT industry. I got out of PC repair because I really don't enjoy directly charging customers for service, even if it was fair, dependable service). I have found in my travels that a lot of folks started out in a similar manner as myself. This leads me to my eventual point (my apologies, kind of rambling here!), which is that it's tough to make much as a PC repairman unless you own/mnage the company. And, if you do own/manage the company you're probably not actually repairing computers. Thus, your PC is more than likely being repaired by someone who's either entry-level or incompetent. While salary and experience level don't excuse the privacy/morality violations they do help explain the incompetence they ran into in TFA.

Perhaps folks will take Infosec more seriously given the regularity with which we see these headlines?

I am concerned that a sizable government department can't repel attacks from - allegedly - North Korea.

My DARE officer got caught stealing lawnmowers from Wal-Mart. Seriously.

I would definitely, definitely agree with that statement.

How could we possibly be at fault for this problem? We hired a [Insert security cert here]-certified professional so I can't fathom how this could be our fault.

You could really argue this point either way and the truth, like most things, lies somewhere in the middle. The argument is [obviously] subjective since there are no real metrics to base 'how effective' someone is. Instead these opinions are, in my experience, formed based on experiences. I run into a fair number of folks who think that certs are useless because they ran across someone who was heavily certified and their company/client was breached or they were flat our incompetent. On the other hand I've run into people who were hired for jobs on the basis of their resume/interview/papers - with no certs - and were terrible security professionals.

As I noted above, the truth is somewhere in the middle. Certs prove that you have the dedication to actually get certified and, in some cases, the skill to go with it. Of course, InfoSec certs are no different than other IT-industry certs. Some are better than others and some prove different things than others. I'd argue that a GIAC cert proves more knowledge than something like a Security+ since the GIAC certs tend to require some critical thinking and application of concepts rather than (mostly) straight memorization.

Security professionals are like other IT professionals in that it's often tougher to hire someone based on a resume. If, for instance, I'm interviewing two guys for CEO and one made his company $100 million and the other made his $10, I at least have a metric there. As for IT hiring, I prefer to use a defense-in-depth mindset in hiring. That is to say that your best bet is to check resume, references, certs, and probably give some kind of hands-on test.

No, the certs aren't perfect, but they definitely help.

Anyway, as a dutch person who has biked in the states (Knoxville, TN area) I was absolutely appaled by the risks bikers have to take on americans roads. I was trying to make my way from my parents house to knoxville, a minor 10 mile ride, and at one point found myself forced to take an interstate ... holding to the shoulder of course but it was rocky and all ... worthless and dangerous. To paint the picture, in the Netherlands you could cycle the whole country without having to share a lane with a car once ... we have a pretty good infrastructure with bike lanes and even seperate bike paths with run parallel to the roads.

Netherlands Size: 16,033 sq mi

US Size: 3,794,066 sq mi

No surprise that it's easier to build an extensive biking network in The Netherlands than the US.

I guess we're going to have to stop using those 'wireless power' jokes that pop up whenever we come across equipment that's been unplugged!

Thanks. Spent enough time in England to know that you cue the music and queue in line!

Why shouldn't an ATM run Windows? Cue the standard Windows-bashing, but a decently hardened copied of XP is more than sufficient for the minimal work that an ATM has to do.

Also, anyone with any network design sense would vlan & firewall the ATMs off of the rest of the network.

Yes, it's Windows. But without crazy Aunt Judy trying to install her cat screensavers Windows should be fine for the task.

Hey, you could live in South Carolina!

... If only I could get one of those damned long straight blocks to finish my Tetris!

Thank you, this almost made me spit my coffee out! Sounds like the plot of this movie I saw on HBO at 2 AM one ti... ah, nevermind!