Anyone can write code, but not everyone has the ability to think outside of the box. Brain teasers are probably a great way to weed out those that aren't creative, provided you follow them up with questions showing they know how to do the job.
I serriously doubt Google doesn't follow up with relevant skill questions. Fail the brain teaser first; you save interviewers time, and leave no question to why you didn't get the job.
Recent versions allow quarenting on behaviors, like flashxxx.ocx tries to write to c:\windows\.... Figure out the function hook, and you can bypass these actions before they occur.
In addition, any encryption keys embedded would be fair game. possibly allowing to impersonate a live update server.
Reasons it's not relevant: Any decent virus writer has disassembled it more than a Jetta in your average chop shop.
Corporate IT departments rarely read Vendor best practices and miss the boat on writing to system directories, registries, and other common ways to infect a machine.
Impersonating/Man in the middle attempts with encryption keys are a PITA to employe, more effort than anyone skimming account numbers would care to carry out. Now targeted attacks are another story.
Amen, but if you are developing the application, encrypting the data stored in the DB is a must and in some cases a requirement for PII.
It's probably just as if not more important as sanitizing input and keeping an OS up to date because you don't know who in tech support will have access, and where they store the backups.
It won't work in real people's houses, because people will walk past and curtains will flutter in the wind! If it works as said, it tracks object motion, no motion. Technology is out there for facial recognition. Tracking wouldn't be that hard, assuming it doesn't kill the CPU.
It will never get any decent games! It's a glorified Key mapper, no one needs to support it: Users can then program the emulation based on the game they want to control and the object(s) they want to control the game with.
If you RTFM'd, you'd see his reason for "accepting" is not the same as mine, very generic, and could have more holes shot in it than you could imagine. He is just doing his typical lambaste something as insecure without considering what security really is. Malicious activities are only a portion, and have nothing to do with the overall definition, and as usual, his article misses that point.
All that matters in security is that Revenue - (expected loss and repercussions from the risk) > Revenue - Revenue gained from Risk =~ you can sleep at night knowing your money is there, or your CEO can sleep at night knowing his job will not be impacted.
I swear, he makes some good points, but as a security professional he should understand why they accept it. The amount of business they'd loose by not accepting it is worth more than the potential loss if they didn't.
Of course, now that the cat's out of the bad, they'll need to reevaluate.
Sales of Blu-Ray discs tripled in early 2008 after HD-DVD disappeared. You don't hear it because just last week it was announced that 3 times increase translated to 5% BR vs. 95% DVD.
Basically, they are making a video version of SACD. The move makes sense, especially since it could segway into reviving HD-DVD.
They need to convince people that the DVD can look as good as BR. People have been putting HD movies on DVD for a while now, but overcoming perception is another story. People already think this is only a "super" upconverting DVD player. Throw in perceptions of the last war, and you've got yourself a sequel for the Titanic.
Fortunately, they are probably recycling already researched/developed technology, so the sinking ship is more like a canoe.
Safeties on guns, seat belts, helmets, and many other saftey devices have failed, but we still use them. If Cisco had any AV solution that was worth advertising to sop up your budget, they'd be singing a different tune.
The whole point of any security device is to stop as much as it can so we can focus our time on important issues, like improving security. Only a fool would would think it stops everything, but even considering the alarming studies showing what gets missed, you can bet it stops enough to justify it in your budget.
Nothing in security is perfect. All I need is a server in a 3rd world country to idle scan your network without giving away my location. Doesn't mean I'm throwing my firewall and IDS. With this mentality my spam filter would have been tossed within an hour of use.
Not necessarily. If the logger has access to applications, like say a web form that has the password hidden, but not encrypted, you're fubar. Now, if you remote desktop in to a trusted machine and use a java keyboard, that would do the trick.
Fsecure blog just reported more breaking news: It could rain today......
It has been years since the viral jpeg, pdf, etc, etc, and viruses have been getting packed in archival formats to avoid detection for ages. I can't say this is earth shatteringly surprising news.
And 99% of the port sweeps aren't a hacking war. It's people looking for places to store warez. I'm not saying there is no hacking war, but I think it gets hyped up by a lot of unrelated traffic.
Slashdot Mirror
You know, if Joss Whedon takes over writing AND directing, it might actually work.
Spoiler Alert: Luke Skywalker dies in a epic battle with Darth Whedon, news at 11.
I have to admi, it doesn't have a bad ring to it.
Didn't he recently say the US won't have an African American president any time soon?
Anyone can write code, but not everyone has the ability to think outside of the box. Brain teasers are probably a great way to weed out those that aren't creative, provided you follow them up with questions showing they know how to do the job.
I serriously doubt Google doesn't follow up with relevant skill questions. Fail the brain teaser first; you save interviewers time, and leave no question to why you didn't get the job.
Recent versions allow quarenting on behaviors, like flashxxx.ocx tries to write to c:\windows\.... Figure out the function hook, and you can bypass these actions before they occur.
In addition, any encryption keys embedded would be fair game. possibly allowing to impersonate a live update server.
Reasons it's not relevant:
Any decent virus writer has disassembled it more than a Jetta in your average chop shop.
Corporate IT departments rarely read Vendor best practices and miss the boat on writing to system directories, registries, and other common ways to infect a machine.
Impersonating/Man in the middle attempts with encryption keys are a PITA to employe, more effort than anyone skimming account numbers would care to carry out. Now targeted attacks are another story.
# This part slows down the computer if the license is not renewed
Nah. That would indicate they wrote it in Perl, and perl is fast at finding things. Oh wait, it could also mean TCL.....
Amen, but if you are developing the application, encrypting the data stored in the DB is a must and in some cases a requirement for PII.
It's probably just as if not more important as sanitizing input and keeping an OS up to date because you don't know who in tech support will have access, and where they store the backups.
Ask and it shall be given, for an extra 10 mil.
And to think I thought virtualization was going to take off.
Users can then program the emulation based on the game they want to control and the object(s) they want to control the game with.
and that's how to swallow......
If you RTFM'd, you'd see his reason for "accepting" is not the same as mine, very generic, and could have more holes shot in it than you could imagine. He is just doing his typical lambaste something as insecure without considering what security really is. Malicious activities are only a portion, and have nothing to do with the overall definition, and as usual, his article misses that point.
All that matters in security is that Revenue - (expected loss and repercussions from the risk) > Revenue - Revenue gained from Risk =~ you can sleep at night knowing your money is there, or your CEO can sleep at night knowing his job will not be impacted.
I swear, he makes some good points, but as a security professional he should understand why they accept it. The amount of business they'd loose by not accepting it is worth more than the potential loss if they didn't.
Of course, now that the cat's out of the bad, they'll need to reevaluate.
Damn Kaos of the Internet. It's only a matter of time til I start leaving the e off of Blue.
Basically, they are making a video version of SACD. The move makes sense, especially since it could segway into reviving HD-DVD.
They need to convince people that the DVD can look as good as BR. People have been putting HD movies on DVD for a while now, but overcoming perception is another story. People already think this is only a "super" upconverting DVD player. Throw in perceptions of the last war, and you've got yourself a sequel for the Titanic.
Fortunately, they are probably recycling already researched/developed technology, so the sinking ship is more like a canoe.
There's no reason one can't use the cup and the other can't use the sink. I'm sure there's a cubby hole that could serve as a back alley.
Safeties on guns, seat belts, helmets, and many other saftey devices have failed, but we still use them. If Cisco had any AV solution that was worth advertising to sop up your budget, they'd be singing a different tune.
The whole point of any security device is to stop as much as it can so we can focus our time on important issues, like improving security. Only a fool would would think it stops everything, but even considering the alarming studies showing what gets missed, you can bet it stops enough to justify it in your budget.
Nothing in security is perfect. All I need is a server in a 3rd world country to idle scan your network without giving away my location. Doesn't mean I'm throwing my firewall and IDS. With this mentality my spam filter would have been tossed within an hour of use.
Be on the WAN, while on the can.
Not necessarily. If the logger has access to applications, like say a web form that has the password hidden, but not encrypted, you're fubar. Now, if you remote desktop in to a trusted machine and use a java keyboard, that would do the trick.
Calm down everyone. It will be a non-issue as soon as they release SP1 for SP1.
Fsecure blog just reported more breaking news: It could rain today......
It has been years since the viral jpeg, pdf, etc, etc, and viruses have been getting packed in archival formats to avoid detection for ages. I can't say this is earth shatteringly surprising news.
I wasn't trying to insert quarters, and when I mentioned I could give her an American Express, she thought I was talking about my credit card.
Hmmmm, maybe I have an addiction to hot chicks who won't give me the time of day.
And 99% of the port sweeps aren't a hacking war. It's people looking for places to store warez. I'm not saying there is no hacking war, but I think it gets hyped up by a lot of unrelated traffic.
Come on. HD looks great on a 42". I'm sure everyone who sits the maximum THX recommended max distance of 3ft, even after the eye strain sets in.