Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment "It depends" (Score 5, Interesting) 75

We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?

Comment Re:Unfortunate (Score 1) 360

Agreed - but one minor clarification: Hollywood negotiates with the theaters for profits percentages for new releases. Opening weekend, Hollywood takes 100% of ticket sales, and the theaters ONLY make money on the crap food they sell you. Several days/weeks later (depending on the release), the theater now starts getting incrementally more percentage. So they have to charge $5 for a box of popcorn to make any money.

Comment Finally - a 'cloud' solution (Score 1) 138

Yes, pun intended, but seriously: many dispensaries are still getting raided by the feds, who take their computers and customer lists. Maybe a cloud-based ERP solution would be a good way to get around this, assuming you could crypto the fuck out of it. Just figure out how to remember the password before you toke up, and don't write the password down on rolling papers.

Comment Re:Dropbox IPS sig from EmergingThreats (Score 1) 168

I'm sorry, I know this is /., but did you not RTFA?

I completely understand the concept of facilitating employee communications - we have a solution for that - secure file transfer (SFT), which we implemented after our FTP server was hacked and sensitive files went god-knows-where. SFT is quantifiable, controlled, and far more secure than something like dropbox, especially when you consider the issues described in TFA.

And I disagree with the anon poster below who compares this to flash drives or CD's. Again, anybody, anywhere, can access dropbox files once you get the .db file. At least with removable media you still need physical access.

And I did look at a few user's systems - large MP3 collections and yes, sensitive business documents.

I am trying to PROTECT the profitability of my company.

Comment Dropbox IPS sig from EmergingThreats (Score 2) 168

My IPS sensors went berzerk today after I updated my sigs from

emerging-all.rules:alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Offsite File Backup in Use"; flow:established,to_server; uricontent:"/subscribe?host_int="; uricontent:"&ns_map="; uricontent:"&ts="; content:"|0d 0a|"; classtype:policy-violation; sid:2012647; rev:2;)

I was shocked how many users have this installed and running on their systems. Now I just need to convince management why I should change this rule to BLOCK. TFA and the /. comments will sure come in handy.

Kudos to the folks at ET and the community that writes these sigs. Simply amazing.

Comment Why not a live virus? (Score 1) 366

Perhaps a better learning experience would be to connect the lab (or a handful of the students own computers) to the Internet, and stick a box running Snort ( with Emerging Threats ( signatures in between. If, by some miracle (or the fact that they're all Mac's) you don't have any immediate indicators of infection, then head on over to teh Googles and search for 'smiley tool bar' or 'free porn' with the I'm-Feeling-Lucky button. That ought to do the trick.

Get a full packet capture of the session so you can dissect how the virus was able to get on the machine, where it left hooks, how its similar and different to other types of malware, etc.

I agree that a review of a simple virus is a worthwhile endeavor, but perhaps that's best learned via a good book or whitepapers on the Internet. Save the demo for something that's relevant and 'live'.

And on second thought, maybe its best if you set up a demo machine to be infected. That way you can nuke it from space afterwards, just to be sure.

Comment pre-meeting meetings (Score 1) 263

Many years ago I worked at a Boston-based mutual fund company. We not only had pre-meeting meetings (where the people on your "side" would all agree on what they'd say/agree to in the actual meeting), but then we started have pre-pre-meeting meetings - where a smaller subset of the people on your side would agree on what they'd say/agree to in the pre-meeting meeting, and then what they'd actually say in the actual meeting. (!!!)

Confused? You betcha. Backstabbing was considered an acceptable way to get your job done, especially if it had ANYTHING to do with the Marketing department.

Comment Re:Yeah consumers! (Score 1) 557

They have competition, but not enough so in the enterprise market. Every year when it comes time to renew our support/licensing agreements, there is NO negotiation. They basically say "this year its $X." That's it, end of story. Pay up or else. They might as well be sticking a gun in our back. REAL competition might not get us to switch away from Microsoft, but it will at least bring them back to the table for actual discussions on price.

Comment Re:Is it pronounced DOHS or DAHS? (Score 3, Funny) 426

The other posters are correct. You only say "DAHS" if you're from Boston, as in: "Oh My Gawhd, some retahd on slashdaht is still writing DAHS bahtch files. Why don't we just fihre up Windows fah Workgroups while we're aht it."

Seriously though - I think nmap can send PCL commands via the nmap scripting engine, which is written in LUA. How about wrapping that with what some of the other posters are suggesting?

Comment Facebook addicts (Score 1) 126

There are two things I don't understand:

1) people who are addicted to Facebook, and feel the need to post every single one of their inane thoughts on FB
2) how those inane thoughts have any marketing value and/or how it affects the users "privacy".

I understand the PII (Personally Indentifying Information) issues like birthday, hometown, etc, but does ANYONE really care that one of my friends from High School (whom I haven't spoken to in over 18 years but 'friended via FB) is proud that his daughter scored her first goal in soccer today?? (True story, btw.)

Is someone actually mining that random piece of trivia into an actionable data point that can then be used to generate revenue? I guess what I'm saying is that I'm not sure what all the fuss is about.

Comment Racktables! (Score 1) 113 is a very good, Free / Open Source solution to your problem. From the SourceForge description:

Racktables is a nifty and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and much, much more!

It lets you lay out racks, assign IP Address to assets, yadda yadda. Live Demo here:

Last code update was 2010-02-17, and the guy seems to be good about maintaining it and adding new features. Its not "sexy" in the sense that your not looking at actual Visio diagrams of the gear in the racks. If you really need that, then I would suggest the RackWise solution (, which has two offerings: 1) SaaS, where you pay by rack, at roughly $300 per rack. Its a plug-in to Visio, and your rack models are stored up in the cloud., 2) onsite appliance, where you pay through the nose (!!) but get the added benefit of integrating power management functionality into the solution.. i.e. how much power is this rack drawing, what PDU's is it attached to, etc. Option #2 is for large-ish (100+ rack) datacenters, IIRC.

Slashdot Top Deals

Work is the crab grass in the lawn of life. -- Schulz