Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Practice (Score 1) 59

The advantage of having enemies with soft IT targets is you get to practice your cyber attacks and hone your skills with little downside risk that you are exposing your capabilities.

The U.S. has (at least up to now, we'll see) had some level of ethics preventing them from instigating territorial aggressions or just callously using small countries as target practice, and unlike traditional military where you can make a show of strength just by holding a parade, in cyber you'd be a fool to show off for fear of allowing adversaries to see your weapons and build defenses for them.

Comment Re:Retards (Score 2) 59

All physical and RF ports, actually, not just USB, plus all unnecessary services not needed on the OOB management network you may or may not be lucky enough to have instead of VPNing over the internet. And you have to keep them locked down as you upgrade tens to hundreds of different operating systems across multiple vendors across multiple device hardware models. Which means thoroughly testing that the vendor didn't accidentally break the option setting that turns them off... if you were lucky enough to have it in the first place.

People who are not in IT, or are in IT but have a nice monolithic setup where you have 2-3 server OSes, one monolithic datacenter top-of-rack OS/switch, and maybe an intellegent power strip and UPS in the mix and maybe a SAN or load balancer, have no idea what a challenge this actually is to accomplish in a large heterogeneous network that does a lot more than serve webpages, engage in HFT, or mine bitcoins.

Comment Re:Not sure what to think.... (Score 2) 794

Manning will definitely lose her right to own a gun and voting rights.

...the latter depends on the state she decides to reside in. Not all states prohibit it. Really, none should, it's a knee-jerk idiot policy, except in the case where a large jail population would run a local town government. But nationally or statewide, if your country has so many felons you have to take away their right to vote for fear of that sort of thing, your country has bigger problems.

Comment Re:Trust? (Score 1) 210

The point being, that dump is not human readable, and almost nobody at the company can really tell you "it has no keys in it" because they don't know, nevermind how to redact the keys. Basically you are left with two options: redact every bit of binary data that could possibly contain a key, possibly breaking the dump in a way that prevent TAC/engineering from using it (say, if they have a visualization tool that needs to load it, or they want to replicate by loading it onto test equipment.) Or, second option, fight with TAC over whether they need the data, drag your manager into the fight to insist that they fix the problem without the dump, and overall spend 20 times more hours on the problem than you would have otherwise.

Guess which one most IT staff choose. Now, since almost nobody puts their foot down on this, think how easy it is for PHB at the vendor to say "well apparently all our customers trust us, so let's just automate the data collection so we always have it on file, automatically."

It's all the same progressive disease riding in on devops coattails.

Comment Re:Trust? (Score 5, Interesting) 210

The problem is endemic far and beyond Microsoft. While the data on your PC is something people take personally, other companies performing tech support for products less often encountered by end-users are playing it fast and loose with their customer's data in the name of support.

In the networking space, if you call in any request to fix or enhance a product, the front line TAC these days has been told to have you collect a pretty thorough dump of the device configuration database. These databases are not necessarily in any sort of human readable form, but those who know what to look for can easily see that they often include private crypto keys, password hashes or sometimes even cleartext passwords, and more detail about the internal layout of the most sensitive parts of the customer's network than would be needed to solve a technical problem.

This is plausibly just because these companies have not had enough customers complain, and assigned development the task of omitting potentially sensitive data from these "tech dumps"; But it doesn't take horribly much tinfoil to imagine there could be compromised policy-setters at these companies who stand ready to step on any attempt to rectify this situation.

Finally, to top it off there is a trend to either transfer these files over email since huge attachments are no longer a problem on modern email systems, or to outsource file uploads to dropbox-ish cloud service providers.

So, it would not surprise me if there were quite a few spooks... foreign, domestic, and industrial... working at support departments in major corporations, though the more resourced agencies may not even need to do even that given the lack of hygiene exercised in transferring these files to and around the corporate TAC.

Comment Re: Tipping point (Score 1) 538

Considering nobody here will have money, due to being unemployed, why would they want to sell their products here?

In general, in order to be successful at trade, you have to maintain a fine balance between the extremes of protectionism and the derelictions of "free trade". Not to say our policies are perfect, but just slapping down tariffs won't end well.

(On this bill itself, I'm undecided... it sounds like a simple solution, but then... there is a saying about simple solutions. The bill probably is a bit more finessed than the description, though.)

Submission + - Study shows wearable sensors can predict illness

skids writes:

Wearable sensors that monitor heart rate, activity, skin temperature and other variables can reveal a lot about what is going on inside a person, including the onset of infection, inflammation and even insulin resistance, according to a study by researchers at the Stanford University School of Medicine. ... Participants wore between one and eight commercially available activity monitors and other monitors that collected more than 250,000 measurements a day. ... "We want to study people at an individual level," said Michael Snyder, PhD, professor and chair of genetics. ... "We have more sensors on our cars than we have on human beings," said Snyder. In the future, he said, he expects the situation will be reversed and people will have more sensors than cars do.

IT security being in the state it is, will we face the same decision about our actual lives that we already face about our social lives/identities: either risk very real hazards of misuse of your personal data, or get left behind?

Comment Re: Asteroid Billiards is a new idea.. interesting (Score 1) 135

It's a heck of a lot less energy than liftoff from earth.

You'll note that Rosetta was able to get it's relative velocity to its target comet down to about 775m/s using gravity assist maneuvers This compares to 11,200m/s for Earth escape velocity.

The real question is whether propellant can be manufactured on the mined object (an excess quantity of which, in fact, may be the whole reason to mine) Also the large timescales for efficient transit will make the economics interestingly slow.

Slashdot Top Deals

"You can have my Unix system when you pry it from my cold, dead fingers." -- Cal Keegan

Working...