Buy typical cable trays, and 3D print some sort of fancy colorful casings for them. You can use a variety of designs and colors for aesthetic appeal. Plus even if it doesn't look all that great it will still be "cutting edge" technology in use, which will likely appeal to your business folks. Plus you can throw a 3D printer in your budget...
Geeze not only did you read the article, but you googled the terms. The point of the example was that you want to ask a question the interviewee can reasonably be expected to not know the answer to. OP should probably choose something relevant to the interview he will be conducting. The question I asked was relevant to an interview I had conducted.
Its also an extremely bad idea to ask a question you don't know the answer to, logically you will need to be able to determine when an interviewee lies... Its always possible the liar was right and I was wrong, if that was the case then he probably wouldn't have wanted to accept the job offer I didn't make.
A similar strategy I use a lot of times is ask them a question they don't know the answer to. The purpose of the questions isn't to make them look bad, but to gauge their reaction. For example in some interviews I've asked "Can you define and explain the purpose of ASLR and DEP?" for a technical interview. The answer I'm looking for in this case is "I don't know, but I'll find out." But I've gotten people who got flustered, confused, and worst totally lied.
Its an interesting strategy I think to find someone with an open mind who can be honest with themselves. You also want to be prepared to provide the answer, and let them know "I didn't expect you to know that, its something you would learn or blah blah blah." Either way the reaction to tough questions is the most valuable tool I have as interviewer I think.
Here is an example for you as well regarding the sharing of information. If I am a bank and I have a bunch of customers with stolen credit cards, already compromised and being used for fraud. I can't legally provide those to the FBI for both legal and regulatory reasons. The customers are already taking losses, as a bank I am taking losses, and the bad guys have no issues. I can point law enforcement to the carding site (IE Dark Market) above, or I can prompt them to subpoena me for information I can't tell them about?
CISPA is terrible legislation as far as I am concerned, but don't shit on a legitimate and valuable organization because you don't understand it. Sacrificing mod points, because this is an organization that helps more than it hurts.
This is an absurd characterization of the NCFTA and the work they do. As someone who's worked with the NCFTA and actively opposed CISPA, SOPA etc I can say for certain they do very different work. NCFTA facilitates a common sense exchange of "personal" data in order to better combat fraud across the board. The NCFTA is a great organization and does very good work preventing internet based crime.
For a good example do a little reading on Dark Market and the take down the occurred there. Throwing the NCFTA and CISPA/SOPA into the same container is completely ignorant end poor journalism imo.
"Rich asshole"? Seriously, a pacemaker isn't just for the rich asshole. Failing to assess these devices for security controls would be ridiculous negligence. Malicious software has a tendency to spread where it can, it doesn't need a reason to compromise a pacemaker if its able to. I guarantee that if proper security controls aren't implemented in medical devices you will see deaths related to failed or compromised devices. It doesn't even have to be intended malice, if a piece of malware compromises a device and decides a reboot is necessary, guess what happens to the heart behind the pacemaker...
A lot of software does report back, but to quote op "that does some spying and reporting on you." That doesn't sound like its going to be a legitimate implementation of some minor reporting back to the parent company. Especially given his goal of then filing a lawsuit against the violators with "big pockets". Of course firewalls should be able to identify outbound connections, but the point isn't that the implementation is weak. The point is that its a bad idea from the start.
Lets take a moment to remember Jibekn, and the humor he brought to slashdot. We can only hope that the rural ass prison he was incarcerated in will get that dial up line soon so he can join us again.
Its awesome this was modded up "Interesting" I will get my three year old nephew on here, the mods will be shocked and amazed at all the stuff he saw at the Zoo the other day. Although he only will accept a low UID for the cred, so not sure how that is gonna work out.
While you make a good point that Visa and MC won't sit on their asses about data, that is only from a PCI perspective. And realistically its trivially easy to maintain PCI compliance and have an insecure product.
What I would recommend however is work through a professional service like Secunia: https://secunia.com/company/blog_news/news/271. They can lend credibility to your claim and they provide what I personally would describe as an ethical approach to remediation. I would strongly not recommend any further testing on your part unless you are prepared to deal with legal consequences. Not that I agree with companies going after researchers, but it does happen.
"I've noticed that you have cleaning products under your sinks. Didn't you know that those chemicals could be combined to make a bomb. I'm sorry, I'll have to take you to jail now. Whats that, you want to resist arrest, how silly. I'm sorry about your daddy 2 year old son, but he was a terrorist. Now please ready yourself to be probed for further explosives by our professional TSA agent."
Slashdot Mirror
Buy typical cable trays, and 3D print some sort of fancy colorful casings for them. You can use a variety of designs and colors for aesthetic appeal. Plus even if it doesn't look all that great it will still be "cutting edge" technology in use, which will likely appeal to your business folks. Plus you can throw a 3D printer in your budget...
Geeze not only did you read the article, but you googled the terms. The point of the example was that you want to ask a question the interviewee can reasonably be expected to not know the answer to. OP should probably choose something relevant to the interview he will be conducting. The question I asked was relevant to an interview I had conducted.
Its also an extremely bad idea to ask a question you don't know the answer to, logically you will need to be able to determine when an interviewee lies... Its always possible the liar was right and I was wrong, if that was the case then he probably wouldn't have wanted to accept the job offer I didn't make.
A similar strategy I use a lot of times is ask them a question they don't know the answer to. The purpose of the questions isn't to make them look bad, but to gauge their reaction. For example in some interviews I've asked "Can you define and explain the purpose of ASLR and DEP?" for a technical interview. The answer I'm looking for in this case is "I don't know, but I'll find out." But I've gotten people who got flustered, confused, and worst totally lied.
Its an interesting strategy I think to find someone with an open mind who can be honest with themselves. You also want to be prepared to provide the answer, and let them know "I didn't expect you to know that, its something you would learn or blah blah blah." Either way the reaction to tough questions is the most valuable tool I have as interviewer I think.
Blame Research In Motion for that one, no surprise that google wouldn't return useful results for someone looking for a job at RIM.
Since you were too lazy to comprehend what I wrote, or google what I wrote here is a decent summary of some good work:
http://en.wikipedia.org/wiki/DarkMarket
Here is an example for you as well regarding the sharing of information. If I am a bank and I have a bunch of customers with stolen credit cards, already compromised and being used for fraud. I can't legally provide those to the FBI for both legal and regulatory reasons. The customers are already taking losses, as a bank I am taking losses, and the bad guys have no issues. I can point law enforcement to the carding site (IE Dark Market) above, or I can prompt them to subpoena me for information I can't tell them about?
CISPA is terrible legislation as far as I am concerned, but don't shit on a legitimate and valuable organization because you don't understand it. Sacrificing mod points, because this is an organization that helps more than it hurts.
This is an absurd characterization of the NCFTA and the work they do. As someone who's worked with the NCFTA and actively opposed CISPA, SOPA etc I can say for certain they do very different work. NCFTA facilitates a common sense exchange of "personal" data in order to better combat fraud across the board. The NCFTA is a great organization and does very good work preventing internet based crime.
For a good example do a little reading on Dark Market and the take down the occurred there. Throwing the NCFTA and CISPA/SOPA into the same container is completely ignorant end poor journalism imo.
"Rich asshole"? Seriously, a pacemaker isn't just for the rich asshole. Failing to assess these devices for security controls would be ridiculous negligence. Malicious software has a tendency to spread where it can, it doesn't need a reason to compromise a pacemaker if its able to. I guarantee that if proper security controls aren't implemented in medical devices you will see deaths related to failed or compromised devices. It doesn't even have to be intended malice, if a piece of malware compromises a device and decides a reboot is necessary, guess what happens to the heart behind the pacemaker...
Actually I believe he was going for 640 companies broken into, and that really ought to be enough for anyone.
Because it gets awkward buying girl scout cookies.
That code is not real, it was a fake release from yesterday. Actual POC code is available in a number of places though and looks very similar.
Windows Server 2008 64 bit is vulnerable to the POC, I've confirmed it myself.
If we judge the majority of slashdotters by the content in that thread, then sadly most of us probably shouldn't be commenting on technology news:
A charming example:
by (Sanitized to predict the innocent) Alter Relationship on Tuesday October 23 2001, @01:52PM ...
Raise your hand if you have iTunes
Raise your hand if you have a FireWire port ...
Raise your hand if you have both ...
Raise your hand if you have $400 to spend on a cute Apple device ...
There is Apple's market. Pretty slim, eh? I don't see many sales in the future of iPod.
A lot of software does report back, but to quote op "that does some spying and reporting on you." That doesn't sound like its going to be a legitimate implementation of some minor reporting back to the parent company. Especially given his goal of then filing a lawsuit against the violators with "big pockets". Of course firewalls should be able to identify outbound connections, but the point isn't that the implementation is weak. The point is that its a bad idea from the start.
To the already great questions above, I would also add:
How will you feel when your product is flagged by Anti-Virus companies as malicious, and what will the impact be to your reputation?
Really.... http://en.wikipedia.org/wiki/2011_England_riots
or perhaps this.... http://en.wikipedia.org/wiki/2011_England_riots#Police_shooting_of_Mark_Duggan
Doesn't matter where you live, people can still lose it...
The more I hear about Kinect the more it makes it seem like one of the more revolutionary products that Microsoft has ever come out with...
I can name all three, I don't have the memory of an infant you insensitive clod!
Awesome!
Lets take a moment to remember Jibekn, and the humor he brought to slashdot. We can only hope that the rural ass prison he was incarcerated in will get that dial up line soon so he can join us again.
"I'm only waiting to see how the iPhone 5 changes things."
Then you don't have to worry, I am sure it will change everything.
Its awesome this was modded up "Interesting" I will get my three year old nephew on here, the mods will be shocked and amazed at all the stuff he saw at the Zoo the other day. Although he only will accept a low UID for the cred, so not sure how that is gonna work out.
BTW if you want to google that you might be surprised at how hard that is to find, try this "google ceo privacy quote"
"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," Eric Schmidt
Not quite... but close.
While you make a good point that Visa and MC won't sit on their asses about data, that is only from a PCI perspective. And realistically its trivially easy to maintain PCI compliance and have an insecure product.
What I would recommend however is work through a professional service like Secunia: https://secunia.com/company/blog_news/news/271. They can lend credibility to your claim and they provide what I personally would describe as an ethical approach to remediation. I would strongly not recommend any further testing on your part unless you are prepared to deal with legal consequences. Not that I agree with companies going after researchers, but it does happen.
Good luck.
Not quite:
"I've noticed that you have cleaning products under your sinks. Didn't you know that those chemicals could be combined to make a bomb. I'm sorry, I'll have to take you to jail now. Whats that, you want to resist arrest, how silly. I'm sorry about your daddy 2 year old son, but he was a terrorist. Now please ready yourself to be probed for further explosives by our professional TSA agent."
You were close, but not quite there.