I read this and I have to think "no big surprise there." People are people. Some are good, some are bad, some doo good work, some do terrible work. Of course, if you only seek out the worst repair shops you're likely going to get the worst repairmen and worst service. This is a pretty big sampling bias, so it's no surprise that they found the bottom-feeders of the PC repair industry.
I initially started in the IT field working for myself doing computer and minor networking work for individuals and small businesses. I was always surprised at how well I was received as I was pretty young and, admittedly, not as knowledgeable as I am now. Turns out that these people were thrilled with my service because they had either had an awful experience with an IT company before or had heard of someone who had. I think that a lot of customers who weren't necessarily knowledgeable about computers were still perceptive enough to know that they weren't being ripped off (and, when with certain previous IT companies, were being ripped off).
Fast forward a bit and I've held a number of different positions in the IT industry. I got out of PC repair because I really don't enjoy directly charging customers for service, even if it was fair, dependable service). I have found in my travels that a lot of folks started out in a similar manner as myself. This leads me to my eventual point (my apologies, kind of rambling here!), which is that it's tough to make much as a PC repairman unless you own/mnage the company. And, if you do own/manage the company you're probably not actually repairing computers. Thus, your PC is more than likely being repaired by someone who's either entry-level or incompetent. While salary and experience level don't excuse the privacy/morality violations they do help explain the incompetence they ran into in TFA.
I would definitely, definitely agree with that statement.
How could we possibly be at fault for this problem? We hired a [Insert security cert here]-certified professional so I can't fathom how this could be our fault.
You could really argue this point either way and the truth, like most things, lies somewhere in the middle. The argument is [obviously] subjective since there are no real metrics to base 'how effective' someone is. Instead these opinions are, in my experience, formed based on experiences. I run into a fair number of folks who think that certs are useless because they ran across someone who was heavily certified and their company/client was breached or they were flat our incompetent. On the other hand I've run into people who were hired for jobs on the basis of their resume/interview/papers - with no certs - and were terrible security professionals.
As I noted above, the truth is somewhere in the middle. Certs prove that you have the dedication to actually get certified and, in some cases, the skill to go with it. Of course, InfoSec certs are no different than other IT-industry certs. Some are better than others and some prove different things than others. I'd argue that a GIAC cert proves more knowledge than something like a Security+ since the GIAC certs tend to require some critical thinking and application of concepts rather than (mostly) straight memorization.
Security professionals are like other IT professionals in that it's often tougher to hire someone based on a resume. If, for instance, I'm interviewing two guys for CEO and one made his company $100 million and the other made his $10, I at least have a metric there. As for IT hiring, I prefer to use a defense-in-depth mindset in hiring. That is to say that your best bet is to check resume, references, certs, and probably give some kind of hands-on test.
No, the certs aren't perfect, but they definitely help.
Anyway, as a dutch person who has biked in the states (Knoxville, TN area) I was absolutely appaled by the risks bikers have to take on americans roads. I was trying to make my way from my parents house to knoxville, a minor 10 mile ride, and at one point found myself forced to take an interstate... holding to the shoulder of course but it was rocky and all... worthless and dangerous.
To paint the picture, in the Netherlands you could cycle the whole country without having to share a lane with a car once... we have a pretty good infrastructure with bike lanes and even seperate bike paths with run parallel to the roads.
Netherlands Size: 16,033 sq mi
US Size: 3,794,066 sq mi
No surprise that it's easier to build an extensive biking network in The Netherlands than the US.
Why shouldn't an ATM run Windows? Cue the standard Windows-bashing, but a decently hardened copied of XP is more than sufficient for the minimal work that an ATM has to do.
Also, anyone with any network design sense would vlan & firewall the ATMs off of the rest of the network.
Yes, it's Windows. But without crazy Aunt Judy trying to install her cat screensavers Windows should be fine for the task.
Hah, I agree completely. I don't mind good friends and close family, but I get irritated when my best friend's wife's sister calls for tech support, when my friend's parents call for tech support, or when the uncle I see once every two years wanted me to completely analyze his website for SEO (not my normal field, BTW).
For the folks (family and friends) that seem to think I'm a free computer repair store I told them to go buy a cheap USB hard drive and just set up a quick and dirty batch file to back things up nightly (or weekly, depending on how big their files are).
I've told them to do this or there's a good chance that I won't be able to recover their files if their PC crashes. This is an easy solution, cheap, and requires virtually no end-user interaction. That last bit is especially important since I've found that they typically ignore even the easiest backup procedures (e.g. copy C:\My Documents to D:\).
As for the original question, I still do attempt file recovery for the stubborn ones who ignore my backup advice. I've had moderate success with various pieces of software. Just Googled "hard disk recovery software." Interestingly enough, different programs have recovered different data on the same HDDs...
Sorry, but this is not a real big deal outside of communities like/.
Beta is just another one of 'those fancy tech terms' for most folks, so regardless of whether or not Gmail is beta or not in beta millions of people will still use it as their primary mail service.
Not sure how long ago you tried to do this, but there are a number of colleges (Bachelors and post-grad) that offer solid Infosec programs now (disclaimer, there are just as many that offer crappy Infosec programs).
In-depth training and certification is available for most major/widely-deployed Infosec products, such as Snort (http://www.sourcefire.com/services/education).
Also, there are professional training organizations (e.g. SANS) that offer excellent [mostly] vendor-neutral Infosec training.
Infosec as an actual field is fairly young, so it's not surprising that there isn't an Infosec program at every college in the country, but there are numerous high-quality training options available.
In the most controversial move, the SANS Institute, an independent organization, plans to organize the Network Attack Competition, which challenges students to find and exploit vulnerabilities in software, compromise enemy systems and steal data.
Can someone explain to me why this is controversial? SANS is one of the leading security organizations in the world...
Slashdot Mirror
Can we call it the Jolt Cola mutation?
Tetris!
In case anyone's wondering: http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionTracking
I initially started in the IT field working for myself doing computer and minor networking work for individuals and small businesses. I was always surprised at how well I was received as I was pretty young and, admittedly, not as knowledgeable as I am now. Turns out that these people were thrilled with my service because they had either had an awful experience with an IT company before or had heard of someone who had. I think that a lot of customers who weren't necessarily knowledgeable about computers were still perceptive enough to know that they weren't being ripped off (and, when with certain previous IT companies, were being ripped off).
Fast forward a bit and I've held a number of different positions in the IT industry. I got out of PC repair because I really don't enjoy directly charging customers for service, even if it was fair, dependable service). I have found in my travels that a lot of folks started out in a similar manner as myself. This leads me to my eventual point (my apologies, kind of rambling here!), which is that it's tough to make much as a PC repairman unless you own/mnage the company. And, if you do own/manage the company you're probably not actually repairing computers. Thus, your PC is more than likely being repaired by someone who's either entry-level or incompetent. While salary and experience level don't excuse the privacy/morality violations they do help explain the incompetence they ran into in TFA.
I am concerned that a sizable government department can't repel attacks from - allegedly - North Korea.
My DARE officer got caught stealing lawnmowers from Wal-Mart. Seriously.
How could we possibly be at fault for this problem? We hired a [Insert security cert here]-certified professional so I can't fathom how this could be our fault.
As I noted above, the truth is somewhere in the middle. Certs prove that you have the dedication to actually get certified and, in some cases, the skill to go with it. Of course, InfoSec certs are no different than other IT-industry certs. Some are better than others and some prove different things than others. I'd argue that a GIAC cert proves more knowledge than something like a Security+ since the GIAC certs tend to require some critical thinking and application of concepts rather than (mostly) straight memorization.
Security professionals are like other IT professionals in that it's often tougher to hire someone based on a resume. If, for instance, I'm interviewing two guys for CEO and one made his company $100 million and the other made his $10, I at least have a metric there. As for IT hiring, I prefer to use a defense-in-depth mindset in hiring. That is to say that your best bet is to check resume, references, certs, and probably give some kind of hands-on test.
No, the certs aren't perfect, but they definitely help.
Netherlands Size: 16,033 sq mi
US Size: 3,794,066 sq mi
No surprise that it's easier to build an extensive biking network in The Netherlands than the US.
I guess we're going to have to stop using those 'wireless power' jokes that pop up whenever we come across equipment that's been unplugged!
Thanks. Spent enough time in England to know that you cue the music and queue in line!
Also, anyone with any network design sense would vlan & firewall the ATMs off of the rest of the network.
Yes, it's Windows. But without crazy Aunt Judy trying to install her cat screensavers Windows should be fine for the task.
Hey, you could live in South Carolina!
... If only I could get one of those damned long straight blocks to finish my Tetris!
Thank you, this almost made me spit my coffee out! Sounds like the plot of this movie I saw on HBO at 2 AM one ti... ah, nevermind!
Anyway, I like your policy.
For the folks (family and friends) that seem to think I'm a free computer repair store I told them to go buy a cheap USB hard drive and just set up a quick and dirty batch file to back things up nightly (or weekly, depending on how big their files are).
I've told them to do this or there's a good chance that I won't be able to recover their files if their PC crashes. This is an easy solution, cheap, and requires virtually no end-user interaction. That last bit is especially important since I've found that they typically ignore even the easiest backup procedures (e.g. copy C:\My Documents to D:\).
As for the original question, I still do attempt file recovery for the stubborn ones who ignore my backup advice. I've had moderate success with various pieces of software. Just Googled "hard disk recovery software." Interestingly enough, different programs have recovered different data on the same HDDs...
http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx
Sorry, but this is not a real big deal outside of communities like /.
Beta is just another one of 'those fancy tech terms' for most folks, so regardless of whether or not Gmail is beta or not in beta millions of people will still use it as their primary mail service.
Not sure how long ago you tried to do this, but there are a number of colleges (Bachelors and post-grad) that offer solid Infosec programs now (disclaimer, there are just as many that offer crappy Infosec programs). In-depth training and certification is available for most major/widely-deployed Infosec products, such as Snort (http://www.sourcefire.com/services/education). Also, there are professional training organizations (e.g. SANS) that offer excellent [mostly] vendor-neutral Infosec training. Infosec as an actual field is fairly young, so it's not surprising that there isn't an Infosec program at every college in the country, but there are numerous high-quality training options available.
Can someone explain to me why this is controversial? SANS is one of the leading security organizations in the world...
Maybe they could take a tricycle into the Naval Observatory Bunker?