Its more than that. Digital movies are much easier and cheaper to distribute (I'm talking from the studio to the theatres here). My wife used to run a small theatre and it was no fun lugging three massive spools of film up a narrow stairway to get to the project room, then splice them together, along with the theatres ads, trailers, etc.
Because there's no enterprise management behind Truecrypt, which pretty much eliminates it. I haven't looked at BitLocker for a while, but I seem to recall it had its share of issues as well. I've used Safeboot, and its not terrible.
Regardless, its not as simple as saying, "here, install this".
First, anti-malware tools (like MSE) don't wait until after the infection occurs. For a piece of malware ot infect something (lets say you open an email with a trojan or some other malware), before anything happens, the tool scans the email. The malicious code doesn't have a chance to run before it is scanned. Now, to detect the malware, it does rely on definitions which come from previously seen malware.
FIM and HIDS on the other hand do wait until after the infection and then tells you about it later.
Now McAfee has a tool (and I cant' think of the name... Artimus maybe) that instead of relying on definitions, looks at what the code is going to do and tries to determine from there if its malware. For example it might let an executable designed to update core components of Windows run if the code is signed by MS, but if there's no signature, it would prevent it. However, its certainly not free.
As for the article you linked, its not talking about the casual web surfer. Its talking about advanced adversaries with resources behind them and more or less directed attacks. Anti-malware tools like MSE are going to be relatively useless in these situations.
Not only is it a reasonably good anti-malware tool, its the least intrusive one I've ever used, both as far as annoying popups and abusing system resources. My first download on any new Windows install.
But who is writing the exams? If its all self taught people, then you're in a self-reinforcing stereo type situation.
Certs are an indicator that someone can learn information in a formal setting. There are benefits to this over someone who learned as they went, from a book, or from a website. How do you know they actually know industry standards, best practices, and are going to give you a quality product at the end of the day.
That's not to say that everybody with a certificate is the best candidate, that's as far from the truth as the reverse. I've held several certificates over the last number of years, some I've renewed (GIAC) and some I have (various MS certificates), based on what position I'm in. If someone shows me that they hold a GIAC certification, I'm going to move them to the "interview/test" pile assuming they have some working experience as well. If they don't, I'm going to study their resume a bit closer before I make that decision.
Lets look at the possible number of passwords (so we're talking about a brute force attempt on the hashed password).
Blizzard's setup is not case sensitive, and they disallow a significant number of special characters. Lets say they have 40 possible values for each. A good password setup should have around 75 (or more).
So lets see how many possible values there are for a 7 character password in each setup: Blizzard 4.456764032636319e+34 Good: 1.6883055225799413e+64
That's quite a difference. Lets see how many characters it would take in a Blizzard password to get into the same ballpark. Turns out its 37 which gives: 1.9782022283855447e+64
So, I guess a restricted character set is okay, if you go with REALLY long passwords.
That's all fine and dandy until you realize that Blizzard doesn't differentiate case in passwords. They either covert them all to upper or lower case, not sure which. The forums were alive with this recently. So, all of a sudden brute forcing isn't so tough, especially when they also only allow a reduced set of special characters.
FTA: "In another case, the judges found that movie theatres shouldn't be charged for the music that's part of a soundtrack.
The court ruled that a “soundtrack” that accompanies a movie is not the same as the Copyright Board’s definition of a “sound recording” because the soundtrack is meant to be part of the movie and includes preexisting sound recordings.
And finally, the court ruled that performance royalties do not need to be collected for music used in downloaded video games."
So the industry wanted to charge movie theatres extra because of the music in the movie? Shouldn't that have been deal with long before when the production company (or whoever) got permission to include the song? Same thing for video games. Did they actually expect consumers to buy a game for $x and then later get charged $y for the music in the game?
I do like living in Saskatchewan... No DST, though there's a significant portion of the population that think we're backwards for not changing our clocks twice a year.
Can anyone explain a bit about how this drug works? I understand CF is caused be a genetic "error", but is this an exon skipping drug (similar to what they're working on with muscular dystrophy) or is this something different?
I live is SE Saskatchewan. This winter is hardly a fair example (its been very warm here with the exception of the past week). However, even in an average winter, we would rarely see as cold as -25C as a high for more than a few days in a row. So what this says to me, is even though I thought the opposite, the Volt may actually be a reasonable car here. Even if its not the most efficient choice during the extreme cold, we're talking maybe less than a week on average in any give year that it drops below those temperatures. That means, that >98% of the time, this is the most efficient choice of vehicle in these climates.
I've looked at them a bit, and from what I can tell... its more or less a link that does the same thing a torrent file does. It contains the infohash (unique identifier), file name, size of the file, trackers, etc
syslog the application or syslog the protocol? syslog the application? Yes, its past due, and things like rsyslog are much better.
syslog the protocol is fine.
The problem with this proposed replacement is that it does not fix anything. The only advantage it gives is to be able to tell if the logs were altered. That's it. You're far better off with a secondary/centralized logging system. Store your logs in text, compressed, encrypted, in a database, it doesn't matter. Just get them to a different location and then not only can you tell that the originals were altered, you can tell what was removed. All while using existing tools.
Here's the fear I have with "self-taught" people. How much do you really know?
Making a website work or look good, or both, is not enough. How well is it coded? Do you know best practices, not only for performance, but for security? My employer hired a relatively well respected company to build a web based application that would house medical data. It was my job to put a server in place for them (RHEL) and more or less make sure that their code would run on it.
Well, they used PHP, and since I know PHP quite well, I thought I'd check how they did a few things. I was horrified when I reviewed some code and saw basically:
$sql = "INSERT INTO table_name (col1,col2,col3) VALUES(" . $_POST['blah'].....
Now, formal education does not mean you're going to learn these types of things, but what it does tell me is that you can learn in a formal environment, and if need be, I can put you in training and expect you to absorb the material in a meaningful way.
There is no real problem this solves. You are far better off logging remotely. This does not stop an attacker from hiding his tracks, you'll just know the logs were altered, but you won't know what was removed, or likely if/when you can start trusting them again. Log remotely, use encryption, and use TCP. You're central/remote logger is your trusted source for logs. You close everything except incoming logs. Parse and alert on the logs from there. Its simple to do, its real time, and solves a lot more issues than this type of solution ever will.
Question is, when will it be available for those of us on Google Apps. I really don't want to have to sign into google with two different accounts all the time.
I was of the same opinion on the $50 startup + $15/month. I had been playing Guild Wars for quite some time, and enjoyed it quite a bit. Most of my regular gaming group was moving over to WoW and I finally gave in and got a trial from a friend of mine. The difference was incredible. Far more developed game play and polished interface. There's a massive community developing addons that further make the game more enjoyable. In the end, I felt that the monthly fee was worth it for a few months. The first few months, I didn't really see the point of a guild, and to be honest, it doesn't provide that many advantages if you're in a relatively casual one like I am. I still do most of my leveling solo. When I do daily heroic dungeons, I generally do it with a public group, not my guild. There are more serious guilds out there, but that's not really my preference.
For anyone that hasn't tried WoW, and is curious, why not give it a shot. If you don't like it, all you've lost is some bandwidth and time. If you do, you've been sucked into a monthly fee like the rest of us... nothing to be ashamed of:)
It wouldn't surprise me at all that it was aging. I only mentioned the Ritalin because it was a major change in my life at that point, and I initially attributed it to being on the drug. However, after being off the drug for months (and years now), I doubt it had any affect on losing that ability. I still miss having it, but with GPS in the car (and on smartphones) its not as necessary as it once was.
Up until a few years ago, I could be put in just about any given room in any given city, and if I took a minute, closed my eyes, I could point almost due North without any aid. I never knew how it worked, but I was pretty accurate. When I closed my eyes, I imagined I was standing on the south end of a major road in a city I was very familiar with. With my eyes closed, I'd picture looking up the street (North) as I slowly turned around. As I turned, the image just seemed to feel right, and I knew I was looking more or less North. I'd guess I was never out more than about 10 degrees.
I've since lost that ability. I was on Ritalin for a while in my early 30s, and I don't know if it was the Ritalin, or aging, but the ability went away. Even after I went off the drug, the ability never really returned. At the point I was losing the ability, I didn't realize it, and nearly got my wife and I lost in a city I'd only driven in a few times. I was sure I was headed North, and after years of trusting this instinct, even over other people with a map, I couldn't understand how we weren't getting where I was trying to go. She was insisting we were going the wrong way, and I wouldn't believe her. After I finally realized we weren't getting to our destination, I finally pulled over, looked at the map, and saw she was right. Spent a lot of time apologizing to her for that one.
Yup... we're in the beginning stages of trying to roll out DLP at work. Its not as simple as installing some software and configuring a few policies. There's a heck of a lot more to it than that. Where is data stored? Who is allowed to access it? How can they access it? Are they allowed to read/copy/edit/delete/etc? What data needs to be protected at what level? What needs to be encrypted? What doesn't need to be encrypted?
And that's just a start to the questions you need to ask.
This isn't something that gets setup in a matter of weeks in any reasonably sized organization. Data classification itself can take years. On top of all that, you've got to incorporate other things like PCI, HIPA (for us in Saskatchewan), PIPEDA (Canadian), and other various certifications, act, and legislation. Sorting through all that, comparing your data to each and determining what applies and what doesn't takes time.
Slashdot Mirror
Its more than that. Digital movies are much easier and cheaper to distribute (I'm talking from the studio to the theatres here). My wife used to run a small theatre and it was no fun lugging three massive spools of film up a narrow stairway to get to the project room, then splice them together, along with the theatres ads, trailers, etc.
That doesn't really stop the virus once its already infected a host, and it does nothing until people actually apply the patch.
Hardly the "Best" way.
Because there's no enterprise management behind Truecrypt, which pretty much eliminates it. I haven't looked at BitLocker for a while, but I seem to recall it had its share of issues as well. I've used Safeboot, and its not terrible.
Regardless, its not as simple as saying, "here, install this".
First, anti-malware tools (like MSE) don't wait until after the infection occurs. For a piece of malware ot infect something (lets say you open an email with a trojan or some other malware), before anything happens, the tool scans the email. The malicious code doesn't have a chance to run before it is scanned. Now, to detect the malware, it does rely on definitions which come from previously seen malware.
FIM and HIDS on the other hand do wait until after the infection and then tells you about it later.
Now McAfee has a tool (and I cant' think of the name... Artimus maybe) that instead of relying on definitions, looks at what the code is going to do and tries to determine from there if its malware. For example it might let an executable designed to update core components of Windows run if the code is signed by MS, but if there's no signature, it would prevent it. However, its certainly not free.
As for the article you linked, its not talking about the casual web surfer. Its talking about advanced adversaries with resources behind them and more or less directed attacks. Anti-malware tools like MSE are going to be relatively useless in these situations.
Not only is it a reasonably good anti-malware tool, its the least intrusive one I've ever used, both as far as annoying popups and abusing system resources. My first download on any new Windows install.
But who is writing the exams? If its all self taught people, then you're in a self-reinforcing stereo type situation.
Certs are an indicator that someone can learn information in a formal setting. There are benefits to this over someone who learned as they went, from a book, or from a website. How do you know they actually know industry standards, best practices, and are going to give you a quality product at the end of the day.
That's not to say that everybody with a certificate is the best candidate, that's as far from the truth as the reverse. I've held several certificates over the last number of years, some I've renewed (GIAC) and some I have (various MS certificates), based on what position I'm in. If someone shows me that they hold a GIAC certification, I'm going to move them to the "interview/test" pile assuming they have some working experience as well. If they don't, I'm going to study their resume a bit closer before I make that decision.
Perhaps you should try eating some fruits and vegetables as well.
Lets look at the possible number of passwords (so we're talking about a brute force attempt on the hashed password).
Blizzard's setup is not case sensitive, and they disallow a significant number of special characters. Lets say they have 40 possible values for each. A good password setup should have around 75 (or more).
So lets see how many possible values there are for a 7 character password in each setup:
Blizzard 4.456764032636319e+34
Good: 1.6883055225799413e+64
That's quite a difference. Lets see how many characters it would take in a Blizzard password to get into the same ballpark. Turns out its 37 which gives: 1.9782022283855447e+64
So, I guess a restricted character set is okay, if you go with REALLY long passwords.
(I used the password calculator at http://www.csgnetwork.com/optionspossiblecalc.html with 4 for a minimum length to determine those numbers).
That's all fine and dandy until you realize that Blizzard doesn't differentiate case in passwords. They either covert them all to upper or lower case, not sure which. The forums were alive with this recently. So, all of a sudden brute forcing isn't so tough, especially when they also only allow a reduced set of special characters.
FTA: "In another case, the judges found that movie theatres shouldn't be charged for the music that's part of a soundtrack. The court ruled that a “soundtrack” that accompanies a movie is not the same as the Copyright Board’s definition of a “sound recording” because the soundtrack is meant to be part of the movie and includes preexisting sound recordings. And finally, the court ruled that performance royalties do not need to be collected for music used in downloaded video games." So the industry wanted to charge movie theatres extra because of the music in the movie? Shouldn't that have been deal with long before when the production company (or whoever) got permission to include the song? Same thing for video games. Did they actually expect consumers to buy a game for $x and then later get charged $y for the music in the game?
http://www.builditsolarblog.com/2012/07/cooling-without-power.html
I do like living in Saskatchewan... No DST, though there's a significant portion of the population that think we're backwards for not changing our clocks twice a year.
Exactly this.
There are plenty of better certifications out there to judge if a candidate has at least some professional training and experience with IT security.
Can anyone explain a bit about how this drug works? I understand CF is caused be a genetic "error", but is this an exon skipping drug (similar to what they're working on with muscular dystrophy) or is this something different?
I live is SE Saskatchewan. This winter is hardly a fair example (its been very warm here with the exception of the past week). However, even in an average winter, we would rarely see as cold as -25C as a high for more than a few days in a row. So what this says to me, is even though I thought the opposite, the Volt may actually be a reasonable car here. Even if its not the most efficient choice during the extreme cold, we're talking maybe less than a week on average in any give year that it drops below those temperatures. That means, that >98% of the time, this is the most efficient choice of vehicle in these climates.
I've looked at them a bit, and from what I can tell... its more or less a link that does the same thing a torrent file does. It contains the infohash (unique identifier), file name, size of the file, trackers, etc
syslog the application or syslog the protocol? syslog the application? Yes, its past due, and things like rsyslog are much better.
syslog the protocol is fine.
The problem with this proposed replacement is that it does not fix anything. The only advantage it gives is to be able to tell if the logs were altered. That's it. You're far better off with a secondary/centralized logging system. Store your logs in text, compressed, encrypted, in a database, it doesn't matter. Just get them to a different location and then not only can you tell that the originals were altered, you can tell what was removed. All while using existing tools.
Here's the fear I have with "self-taught" people. How much do you really know?
Making a website work or look good, or both, is not enough. How well is it coded? Do you know best practices, not only for performance, but for security? My employer hired a relatively well respected company to build a web based application that would house medical data. It was my job to put a server in place for them (RHEL) and more or less make sure that their code would run on it.
Well, they used PHP, and since I know PHP quite well, I thought I'd check how they did a few things. I was horrified when I reviewed some code and saw basically:
$sql = "INSERT INTO table_name (col1,col2,col3) VALUES(" . $_POST['blah'].....
Now, formal education does not mean you're going to learn these types of things, but what it does tell me is that you can learn in a formal environment, and if need be, I can put you in training and expect you to absorb the material in a meaningful way.
There is no real problem this solves. You are far better off logging remotely. This does not stop an attacker from hiding his tracks, you'll just know the logs were altered, but you won't know what was removed, or likely if/when you can start trusting them again. Log remotely, use encryption, and use TCP. You're central/remote logger is your trusted source for logs. You close everything except incoming logs. Parse and alert on the logs from there. Its simple to do, its real time, and solves a lot more issues than this type of solution ever will.
Question is, when will it be available for those of us on Google Apps. I really don't want to have to sign into google with two different accounts all the time.
I was of the same opinion on the $50 startup + $15/month. I had been playing Guild Wars for quite some time, and enjoyed it quite a bit. Most of my regular gaming group was moving over to WoW and I finally gave in and got a trial from a friend of mine. The difference was incredible. Far more developed game play and polished interface. There's a massive community developing addons that further make the game more enjoyable. In the end, I felt that the monthly fee was worth it for a few months. The first few months, I didn't really see the point of a guild, and to be honest, it doesn't provide that many advantages if you're in a relatively casual one like I am. I still do most of my leveling solo. When I do daily heroic dungeons, I generally do it with a public group, not my guild. There are more serious guilds out there, but that's not really my preference.
For anyone that hasn't tried WoW, and is curious, why not give it a shot. If you don't like it, all you've lost is some bandwidth and time. If you do, you've been sucked into a monthly fee like the rest of us... nothing to be ashamed of :)
It wouldn't surprise me at all that it was aging. I only mentioned the Ritalin because it was a major change in my life at that point, and I initially attributed it to being on the drug. However, after being off the drug for months (and years now), I doubt it had any affect on losing that ability. I still miss having it, but with GPS in the car (and on smartphones) its not as necessary as it once was.
Up until a few years ago, I could be put in just about any given room in any given city, and if I took a minute, closed my eyes, I could point almost due North without any aid. I never knew how it worked, but I was pretty accurate. When I closed my eyes, I imagined I was standing on the south end of a major road in a city I was very familiar with. With my eyes closed, I'd picture looking up the street (North) as I slowly turned around. As I turned, the image just seemed to feel right, and I knew I was looking more or less North. I'd guess I was never out more than about 10 degrees.
I've since lost that ability. I was on Ritalin for a while in my early 30s, and I don't know if it was the Ritalin, or aging, but the ability went away. Even after I went off the drug, the ability never really returned. At the point I was losing the ability, I didn't realize it, and nearly got my wife and I lost in a city I'd only driven in a few times. I was sure I was headed North, and after years of trusting this instinct, even over other people with a map, I couldn't understand how we weren't getting where I was trying to go. She was insisting we were going the wrong way, and I wouldn't believe her. After I finally realized we weren't getting to our destination, I finally pulled over, looked at the map, and saw she was right. Spent a lot of time apologizing to her for that one.
Yup... we're in the beginning stages of trying to roll out DLP at work. Its not as simple as installing some software and configuring a few policies. There's a heck of a lot more to it than that. Where is data stored? Who is allowed to access it? How can they access it? Are they allowed to read/copy/edit/delete/etc? What data needs to be protected at what level? What needs to be encrypted? What doesn't need to be encrypted?
And that's just a start to the questions you need to ask.
This isn't something that gets setup in a matter of weeks in any reasonably sized organization. Data classification itself can take years. On top of all that, you've got to incorporate other things like PCI, HIPA (for us in Saskatchewan), PIPEDA (Canadian), and other various certifications, act, and legislation. Sorting through all that, comparing your data to each and determining what applies and what doesn't takes time.
They do however, come with the product key. Acquire an install disc and do the install yourself.