Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment No, that's not insecure at all... (Score 5, Insightful) 333

"You'll be able to ask it to make a note, play music, set a reminder, and lots more without ever logging in. "

All I can think when reading that is "attack vector." No matter how much they claim it's limited, sand-boxed, walled off and segregated from the rest of the system, someone will figure out a way to gain system access through it. Microsoft may as well advertise Windows 10, Now With Built In Password Bypass!

Comment Poor system design (Score 5, Interesting) 58

Every time I read about these, it strikes me that it all goes down to poor system design. The computers and functions dealing with the operation of the car need to be isolated from the entertainment systems, including WiFi, at least so far as inputs are concerned. Apps that allow the user to unlock the doors or start the engine, WiFi and OnStar systems that allow on-the-air updates of control software, these are all inherently insecure and always will be! They tie into systems that need to be air-gapped and only accessible via physical access to the car.

Security is almost always a trade off with utility or convenience. But auto makers have gone way too far, to the point of threatening public safety. These car computer systems need to be redesigned from the ground up with proper security practices and risk assessments in place.

Comment Tee Shirt (Score 1) 363

I want a tee shirt that says "Star Wars", written in the Babylon 5 font, at the top of the graphic, and "To boldly go...", written in the Blade Runner font, at the bottom. The main graphic should be Serenity, with Tricia Helfer as 6 standing behind it. I will wear it to Comic Con. Gonna troll somebody, troll 'em all.

Comment A single life (Score 1) 492

I did tech support for AMD back in the 90's, and stumbled upon this idea back then. A friend had an old camper-van that I could buy cheap; AMD was a 24-hour campus with cafeteria, gym and other amenities. A cell phone and PO Box was all that was needed to complete the picture.

If I wasn't married, I might have tried it. Things were not nearly as expensive back then as they are now, but AMD paid their tech support folks crap; I would have been hard pressed to afford a one-bedroom apartment in the area on my salary. If you're willing to live simply, it's definitely a viable option.

Comment Jurisdiction (Score 1) 189

FBI must have been watching too much CSI of late. Black Rock Desert is about 500 miles outside LVPD's jurisdiction (and 140 miles outside Reno, for you Reno 911 fans). Plus, it's Federal land, overseen by the BLM. The FBI would actually have more jurisdiction there than LVPD ever would.

Comment As always, "It Depends" (Score 2) 213

Some certs have value in the training and experience requirements that come with them.

Some certs add prestige to a resume or company masthead.

Some certs equal a bump in pay.

Some certs do other things that may benefit either the person getting the cert or the company that employs them.

And some certs do none of these, are a complete waste of time, and only add value to the instructor's, governing body's and test facility's bank accounts.

And when it comes down to it, the only person that can make that determination is the person looking at the cert.
All blanket statements are wrong.

Comment Re:Incognito mode (Score 2) 308

IANAL, but I would think if you consistently use incognito mode, you could make the case that it's just how you work and was not an action taken in response to any sort of criminal activity or investigation. I'm not aware of any law that requires people to maintain evidence as part of their daily lives....

Comment Easy as 3.14159 (Score 1) 205

First off, start playing. Grab a free VM tool like VirtualBox, load up some raw Linux and Windows VMs in it, launch Kali, and start poking around. Break things, but in a manageable, recoverable, legal way. Never, ever, ever poke at something where you don't have written permission from the owner. If you want something a little less random, Lamp Security had some guided CTF exercises out there a few years ago that took you through the pen test process.

Look into formal training. In my experience, SANS has some decent hands-on classes, and you get a fancy certification to go with it. A better option would be to look into Black Hat Training class, and stay for the briefings and Defcon.

Talk to people in the profession. There are a lot of security folks on Twitter - Jack Daniel, Jeff Moss, Dan Kaminsky, Johnny Long, HD Moore and Deviant Ollam to name a few. Follow them, ask questions, join in conversations. Meet up with them at conferences. Security professionals love to tell war stories, and we love to educate people who are interested and want to learn.

Speaking of certifications, don't make the mistake of making them a goal. For what you're looking at, the so-called "big name" certifications (like CISSP) are pretty meaningless. CEH (Certified Ethical Hacker) would probably be worthwhile to have, since it would relate directly to the work you're doing. But realize that certs are mainly viewed as window dressing - great for the business card and marketing department, but all they prove is that you're good at taking tests. Make sure you're getting the knowledge that goes with the cert, and can demonstrate it in the field. The skills and abilities are far more important than the letters in your signature block.

Slashdot Top Deals

Everything should be made as simple as possible, but not simpler. -- Albert Einstein