In my experience, many smaller companies, especially ones who offer a specific one-off product, this is a common attitude. This means they've done no real security testing on their product, or how their product is deployed and managed in a customers environment. I think it stems from a couple of things: 1) They aren't security literate. They know how to code or deploy, but they can't be bothered to learn and implement security. They have enough to worry about as it is, and security isn't one of them. It's nothing less than willful ignorance. 2) Sometimes it's more nefarious. They don't want anything impacting their customer experience. Two factor authentication? Firewalls? Application white-listing? Those things get in the way of a customer using their code they paid for. They will not endorse or support it. More over, if YOU implement, it could violate your warranty and null any SLA's. Read the fine print. Ultimately, the (real professionals) answer is this: Defense in depth. For a small business (assuming 1-2 workstations as you've described), a premise (ISP) router based firewall will suffice, and then host based firewalls for each individual client/server/workstation. Keep AV installed, and signatures up to date. Implement a basic change management procedure, and ensure everything stays patched and up to date. All of those things can be done for relatively low cost and high yield for security return. Heck, just doing those basic things puts you head and shoulders above many peers.

Yeah. It's a subscription fee to be able to use Netflix. That's a bummer, but it is what it is. And honestly, in bits and pieces, it could still pan out for a nice al la carte service. Xbx, Netflix, and throw in TV service w/DVR, and heck, that's probably way cheaper than Verizon/Comcast. But maybe that's just wishful thinking on my part.

Steve Jobs took a dig at XBOX Live today during the WWDC. "In just 9 months we have 50 million Game Center users. To put that into perspective Xbox Live has been around for about eight years and they have around 30 million users." It's not the same. A one time purchase of Angry birds doesn't compare to a subscribing, active user of XBOX live. For all of Microsoft's missteps and gaffs (and there have been plenty), XBOX live seems to be the one thing they got right. It's a great UI, and it has some great content from outside providers (Netflix, ESPN). Make my XBOX a DVR and stream quality TV through it, and I don't need much else for my entertainment needs. If we could just upgrade the blasted XBOX360 hardware, and get better QA, I'd be good to go.

No, not necessarily. A polygraph is not required for a Top Secret security clearance, not even a TS/SCI. If you work for the FBI, CIA, NSA,DIA, or work in the Whitehouse, you will need what's called a Full Scope polygraph, or a polygraph that is a combination of two polygraphs usually administered separately. The CI poly is for actual counter intel - "Are you a spy?" type questions. The other test is called a Life Style poly, and up until 15 years ago, you could ask if someone was Gay, or engaged in 'deviant' behaviors. It's since changed to be more PC, but it's still unpleasant. Other things that can require a polygraph are certain defense contracts, where the customer stipulates that to have access to the data, you must pass either a CI, or a life style poly, or both. Outside of those situations, you are not required to have a poly to have a TS.

Oh man, me too. hi5.

It's not over yet for Spirit! Still, should the unfortunate happen, I'll pour out a bottle of Ye Olde Fortran in memoriam.

I'd like to see a director's cut when this goes to DVD. I know Cameron had an extremely rich back story, and most of it didn't make the cut to get into the movie, since it weighed in at 2 hours 40 minutes long. I also think it would help flesh out a story that was somewhat bland. Ah, who am I kidding? I wanna see more bad-ass CGI explosions. Screw the plot, bring on the blue alien sex.

I've used XOHM, the Spring WiMax service in Baltimore. I tested it at 3 mbps down, 1.5 up, and you can buy in daily blocks if you don't use it every day (like, 10 a day I think). I stream my Netflix with it, and it's pretty fast, haven't tried any gaming with it though. The monthly service is way cheaper than what Comcast is offering. Sucks to be in Portland.

I think the current cyber security guy quit for a number of reasons, not the least of which was the NSA - he also couldn't get much support from his own team in DHS. For those who actually swim in those waters, everyone major three letter government agency has their own 'cyber taskforce'. And they'll be dammned if they're going to share or collaborate any of their work with others - just mention the word 'cyber', and congress will start dumping a ton of funding on you. You start taking that away, and suddenly things get personal - now you're talking cash, and you always want more funding. It's also aggravated by mission creep - suddenly another three letter agency adopts a mission similar to yours, but this is YOUR mission, you're the experts, everyone else can go hang. Most agencies will not bow to another no matter how the executive office structures it, plain and simple. While I think that the executive office taking the lead role is probably a sound move, a part of me wonders if it's just more bureaucratic shuffling that achieves nothing.

Same for me, I work for a DoD shop. Funny thing, we had ordered endpoint control software to integrate with AD, and then this came down. Frankly, I'm surprised it took this long. I know users that have huge handfuls of USB drives in their briefcases, and you could hear their wails of displeasure when the edict came down from on high banning them. So far we've confiscated all USB drives, and we're creating a tighter inventory system by physically etching serial numbers on all the devices, and tiding up our inventory database. Honestly, it's kind of crappy. It's hurt productivity in my shop a bit, since now we have to burn CD-R's for even the smallest file move between machines. Blank CD media hoarding is going on too, since we now use a prodigious amount of them every day. No one expects DoD to relent on allowing the devices until they can come up with a DoD wide system to manage endpoints, and then, in typical DoD fashion, they'll probably ham-handedly demand everyone use the one solution they decided on. I think I'm hardly alone when I say things will get worse before they get better for DoD shops.