Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:How do we prevent flooding the phone system? (Score 2) 351

Liability is the key issue. Unlike literally everything else you purchase, you don't own software, you obtain it under a license which typically indemnifies the manufacturer from liability. Allowing product liability suits against software developers for issuing hazardous products would dramatically alter the landscape.

Comment Concepts (Score 1) 212

So, physical security needs to accomplish, in chronological order, the following against the threat of a potential intrusion: 1) Deter. The area you are trying to protect should ideally scream "Try somewhere else." Steel doors, solid frames, deadbolts, restrictive window coverings (bars), visible tamper proof cameras, etc. There are also a number of devices available these days designed to make a home look occupied, Google "Fake TV" for a number of cheap products designed to make it appear as though a TV is running inside the house. 2) Delay. Given sufficient time and resources, any target can be penetrated eventually; your doors, windows, and locks don't have to hold out forever, just long enough for a potential thief to decide it's taking too long to get in. 3) Detect. Ideally you want some kind of alert if somebody gets in. I'm laying this out for you because the security system is largely associated with number three, meaning you're skipping the most important aspect of all, deterrence. Many if not most break-ins are literally break-ins; they're not subtle. The wooden back door is smashed in or hinge pins knocked out in a matter of seconds. The thieves spend five minutes tops inside searching for stuff that can be easily hauled away in a gym bag. Your detection setup is generally pretty worthless; it's highly unlikely that the cops will even bother looking at the images you captured, much less beat the bushes hunting for mooks who kicked in your door. So focus on making your place look too hard to get in to. Further, since if somebody does get in they're not going to spend a lot of effort searching your nooks and crannies, keep the stuff that has the most meaning for you / is expensive in a special hidey hole; you can build one yourself or purchase something you can set into the wall or floor. If you have a camera, precious objects, spare laptops, external hard drives, don't leave them lying on your desk; lock them up.

Comment Good, cheap, reliable system (Score 1) 189

I've been using Mi Casa Verde (now Vera) for three years. Most of the stuff I use is Z Wave based but the Vera (appears / is) capable of integrating anything but bluetooth (at least on the models I've worked with). Very reliable. Very easy to set up. Easy to program and capable of significant complexity. http://getvera.com/

Comment To actually respond to your question... (Score 1) 127

Iris recognition is the easiest and most reliable; the reason it's less popular is it was wildly overpriced until the patents on the technology expired a few years ago, but since then a number of players have entered the market and you can actually play with free software that will perform iris recognition via a Webcam, which might be all you need. Retinal scanning feels extremely invasive to users; you generally need people to put their forehead up against a rest and hold still and users typically won't accept it outside of an extremely sensitive environment. In contrast iris scans can be performed from several feet away, very quickly, and generally work through glasses and contacts. Iris recognition typically also works well with people who have a number of different diseases (like diabetes, which can dramatically affect retinal patterns over a very short timeframe) or conditions that affect the eye, unlike retinal scanning, including most of the common conditions that cause blindness (except cataracts). Fingerprint recognition has gotten a bad rap because in general use people don't want to have any false negatives, so operators tune the environment to be less sensitive, leading to lots of false positives (my fingerprints get read as your fingerprints). But it's true that prints can be affected by things like dehydration and the local environment; they can also be simulated if you're sufficiently motivated, but that's made infinitely more difficult if you combine your biometric with a PIN (though it can't be argued that prints are left lying around everywhere, so it's probably not the best biometric you could choose). In addition a surprisingly large number of people -- like maybe two percent -- simply do not have usable fingerprints; it's actually a diagnostic criteria for some medical conditions. (I have actually had a couple of jobs that dealt directly with use of biometrics as a form of authentication).

In general I think the other comments are on the money: Keypad and PIN sounds like the way to go. If you're trying to create something automated, then contactless cards / dongles are the other solution but as others have noted, this isn't bulletproof since without some other factor (something you know or something you are) it's possible for one person to use somebody else's device.

Comment Re:Yeah, but Tulsa (Score 1) 118

Each college offers its own coursework; there are hundreds of colleges certified as NSA centers of excellence; some of them are indeed excellent, and some of them are...not. The last time I checked out the Tulsa program, it emphasized teaching programming principles in java. Some programs have no coding requirements at all; they train you to be a policy specialist. Many, if not most, programs are very hard core in terms of technical requirements.

Comment Re:Wake me up when a BA becomes affordable (Score 1) 118

To reiterate: The Cyber Corps program can and is being used by undergraduates; it will take care of two years of your 4 year degree; if you've got the ability to get your undergrad degree in three years, you'd only have to pay for one year if you were in the Cyber Corps. And if you were to go into college with no debt and no significant obligations -- like a car payment -- you could probably make enough from your stipend and summer jobs to take care of that one year.

I am very sympathetic to your position; I was extremely poor as an undergrad, but I got great scholarships; federal grants took up most of the slack, with jobs and very small loans finishing up. But that was almost 40 years ago; it would be impossible to do that now. that's why programs like this are so important. I urge you to explore it if you're at all interested in infosec as a career.

Comment Re:Open Enrollment / Full Courses Available? (Score 2) 118

Excellent argument. The government-employed medical doctors doing cutting edge research developing treatments no private sector company will touch because there's not enough profit in it: Clearly corrupt. Those firefighters who parachute in to disaster areas with nothing but a shovel and desire to save whoever they can: Obviously corrupt. People battling for meaningful financial reform against incredibly powerful opponents: Corruption incarnate. The only moral choice is to do nothing; anybody who says they're in government to try and do the right thing is obviously lying.

Comment Re:I'm one of those, but to be the best (Score 1) 118

To recap: You do *not* have to work for the NSA (that article was awful). You do have to work for the government, but you only have to do that for two years (the amount of time you're in school under the program). A masters degree from Carnegie Mellon would cost you something like six figures. And after that all you have is a degree with no experience. Cyber Corps offers you a *free* degree *plus* a monthly stipend, *plus* a virtually guaranteed job, meaning in four years you have no debt, a solid degree and a real resume. I can't say enough good things about the program.

Comment Re:I went through this program!! (Score 1) 118

No, I am not a coder on any significant level. You should definitely check out a few schools. Tulsa is not much of a coding program, but they do teach you principles in java; Purdue has an interdisciplinary program that is heavy on programming theory but you can get out with little to no programming; Syracuse has a pure policy program where I think no coding is required at all.

Slashdot Top Deals

"Don't talk to me about disclaimers! I invented disclaimers!" -- The Censored Hacker

Working...