Unfortunately, many of the sheep in this country (and elsewhere, particularly Australia and the British Empire) simply don't care.
You are overruled. Move along...
Incidentally, on this day back in 2001 Richard Stallman talked about this same thing... it appears people really and truly don't care (enough) about the consequences of this. After all, people had 13 years to kick up a stink right?
http://news.slashdot.org/story...
I simply don't understand how or why people only ever have 1 email address and give it out unconditionally to anyone who asks for it. How can people live like that?
While I use these same techniques to limit spam to my email addresses, you and I are in the minority of people who have the resources, time and savvy to do this.
Without a wide-spread educational campaign I don't think it's fair to expect the average user to have the time or resources to do this, let alone even have the idea. The average user will prefer to rely on their provider supplied spam filter than mess about with 130 addresses.
Actually.. scratch the second option.... it's just plain dumb! Based on the excellent advice initially given.. you'll be a very rich scapegoat should you be fire because of "their" incompetence.
As an information security professional you have one job to do and that is reduce risk. If you have done all that is within your power to highlight the level of risk your company is facing and they effectively "sign off" on your report/comments (its best to get try and get this "sign off" in some formal document, failing that an email will suffice)then my friend your job is done.
They have decided, despite your professional opinion, given in your capacity as the designated security/IT expert, that this is an acceptable level of risk. If all goes tits up and the company goes to pot well.. it wasnt your fault now was it??? after all, those that held the purse strings kept them tightly closed now didnt they?
Having done infosec for about 10 years now, i have come to the conclusion that businesses will invariably do what they darn well want to.. its your job to ensure that they do it as safely as possible, based on what their risk apetite is.
Having had the inside scoop on identity fraud for a long while now I would just like to say that there is a lot that the media/banks and governments are not saying. The crux of it all is this The fraudsters already have your details and they have had them for a long while and when i say a long while i mean years!
Information security has only reached its peak in the last couple years. Prior to this, it was pretty lax especially during the height of companies outsourcing their call centers to foreign lands and not having a clue about data protection laws in said countries. There were multiple stories of fraudsters going to india with briefcases of cash and offering call center employees the equivalent of 1 years salary for them to pass on customer details. These people didnt pass on the names of one or two people, they passed on whole databases! http://news.bbc.co.uk/1/hi/uk/4121934.stm
Nowadays this is a lot more difficult to do, because information security is being taken a ot more seriously, and partly because thousands of people are getting stung.
IMHO, another reason why identity theft is so prevalent and will continue to be for the foreseeable future is that the weakest link will always be people. You cant bribe a computer system, but you can always bribe a call center employee or an equifax worker. I'll bet that no one reading this is more that 3 degree's of separation away from one of those two people. and besides, they say everyone has a price. If you can convince a couple of young men to blow themselves up, then personally i think it will be a peice of piss to get them to accept a bribe.
Just like everything else, fraud has and will continue to evolve. Initially it was stolen cheque books and credit cards, now you have elaborate schemes involving huge sums of money and lots of different people but using very little technology. For instance.
Nothing stops someone from spending a couple of grand putting ads in select newspapers offering loans etc. As soon as some unfortunate person bites, and say requests a loan for $5,000. The appropriate details are taken, and the sum of say $20000 is paid into the account. the recipient is called up a day later and told that themoney is in their account but they were overpaid and needs to send the excess of $15000 via money transfer or bank wire to X country/location ASAP. The "Mugu" at this point does so, and suddenly becomes liable for $20000 while the fraudsters vanish.
Now you may ask where did the initial $20K come from?? easy.
Well generally this comes from the account of someone with a lot of money in the bank. it is generally obtained by a frauduent person working in a bank. They will tend to get the details from accounts that they access as part of their job so as not to arouse suspicion. All that is done next is to match the details of this person with their credit report/ identity information obtained earlier, effect a wire transfer.. which can be done over the phone and voila, Robert is your father's brother!
They way we as humans do things, has to change. We want faster fast food, we open more fast food restaurants, and to cope with demand we pump the chicken full of hormones so that when it is slaughtered after 3 weeks its nice and fat. Then we start complaining about being obese, talking about being cruel to animals, worrying about what those hormones are doing to us. Yet we are the ones that demand faster fast food.
Its the same with banking, we want more convenience, we want to be able to bank online, but cant be bothered to secure our home computers against key loggers, we want lesser charges so banks operate call centers in far flung countries. Its all about what WE want. But we forget, that with the increases in our reliance on technology and our demands for "more" there are always risks that will have to be dealt with and until those risks are acknowledged there will always be victims. This goes for every facet of our existence.
I see no reason why my fellow./'ers are all so negative towards this issue. All he asked for was help, and not for everyone to shoot his dream down.
As for the things you can do, well that kind of depends on where you are. In the UK you will need to do a number of exams set by the securities and investments institute http://www.sii.org.uk/ Im not entirely sure what your requirements would be in the US. I used to work as a technology risk analyst for an investment bank and our entire team had to the introduction to securities and investments exam.
To get a job on a trading desk, you generally have to go through a whole heap of hoops, but in most cases, it helps if you are a desk support person *note* not trading support (which relates to the support of the hardware/software used by traders)
These jobs require a fair amount of training to be conversant with the setup, i.e. multiple screens,special phones etc. So banks generally train their staff at training centers dotted around the country/world just so they can see those that will cut the mustard
One thing i will say is that you should give day trading / spread betting a go. It will really test your nerve and help you decide if you really want to go ahead with this
From what i have read so far, this seems to be pretty much the norm in the US. Over here in blighty (England) that sort of this is pretty much unheard of. The law is very much on the side of the employee. You are generally obliged to give at least 1 months notice before you quit your job. For many senior positions, employees generally undergo what is known as "gardening leave". This is where they hand in their resignation, leave the organisation pretty much immediately, but continue to be at the beck and call of the company for a period of time (sometimes up to 2 months) so as to either make their exit as harmless to the company as possible or until they find a successor
Hmm with this technology its only a matter of time until Thinkgeek start selling canisters of odourless "chick" repellent which can be used discreetly on the overly biggoted and generaly annoying BigManOnCampus.
Over here in Blighty (London England) there is a weekly radio show called SoulWax which does exactly this.... play mashed up tunes for a few hours on Friday night.. iot only started about a month ago and is proving to be a big winner.. i dont know what the legal implications of this are but if they play it on London radio then hey go figure...
smart routers or inventing the wheel??
on
Smart Routers
·
· Score: 1
real email addy: kl3pto@hotmail.com :
MPLS Multi protocol Layer Switching
enables you to do the exact same thing using your existing high end routers. (that is if you use CISCO or Juniper equipment)
MPLS does this by utilising the TOS bit in the TCP header..
Check this out
http://www.cisco.com/univercd/cc/td/doc/product/so ftware/ios120/120newft/120limit/120s/120s5/mpls_te.htm#xtocid152642
Slashdot Mirror
I do not consent.
Unfortunately, many of the sheep in this country (and elsewhere, particularly Australia and the British Empire) simply don't care.
You are overruled. Move along...
Incidentally, on this day back in 2001 Richard Stallman talked about this same thing... it appears people really and truly don't care (enough) about the consequences of this. After all, people had 13 years to kick up a stink right? http://news.slashdot.org/story...
I simply don't understand how or why people only ever have 1 email address and give it out unconditionally to anyone who asks for it. How can people live like that?
While I use these same techniques to limit spam to my email addresses, you and I are in the minority of people who have the resources, time and savvy to do this.
Without a wide-spread educational campaign I don't think it's fair to expect the average user to have the time or resources to do this, let alone even have the idea. The average user will prefer to rely on their provider supplied spam filter than mess about with 130 addresses.
Orlando..
Dude.. you have 130 email addresses??
Actually.. scratch the second option.... it's just plain dumb! Based on the excellent advice initially given.. you'll be a very rich scapegoat should you be fire because of "their" incompetence.
As an information security professional you have one job to do and that is reduce risk. If you have done all that is within your power to highlight the level of risk your company is facing and they effectively "sign off" on your report/comments (its best to get try and get this "sign off" in some formal document, failing that an email will suffice)then my friend your job is done.
They have decided, despite your professional opinion, given in your capacity as the designated security/IT expert, that this is an acceptable level of risk. If all goes tits up and the company goes to pot well.. it wasnt your fault now was it??? after all, those that held the purse strings kept them tightly closed now didnt they?
Having done infosec for about 10 years now, i have come to the conclusion that businesses will invariably do what they darn well want to.. its your job to ensure that they do it as safely as possible, based on what their risk apetite is.
Having had the inside scoop on identity fraud for a long while now I would just like to say that there is a lot that the media/banks and governments are not saying. The crux of it all is this The fraudsters already have your details and they have had them for a long while and when i say a long while i mean years!
Information security has only reached its peak in the last couple years. Prior to this, it was pretty lax especially during the height of companies outsourcing their call centers to foreign lands and not having a clue about data protection laws in said countries. There were multiple stories of fraudsters going to india with briefcases of cash and offering call center employees the equivalent of 1 years salary for them to pass on customer details. These people didnt pass on the names of one or two people, they passed on whole databases! http://news.bbc.co.uk/1/hi/uk/4121934.stm
Nowadays this is a lot more difficult to do, because information security is being taken a ot more seriously, and partly because thousands of people are getting stung.
IMHO, another reason why identity theft is so prevalent and will continue to be for the foreseeable future is that the weakest link will always be people. You cant bribe a computer system, but you can always bribe a call center employee or an equifax worker. I'll bet that no one reading this is more that 3 degree's of separation away from one of those two people. and besides, they say everyone has a price. If you can convince a couple of young men to blow themselves up, then personally i think it will be a peice of piss to get them to accept a bribe.
Just like everything else, fraud has and will continue to evolve. Initially it was stolen cheque books and credit cards, now you have elaborate schemes involving huge sums of money and lots of different people but using very little technology. For instance.
Nothing stops someone from spending a couple of grand putting ads in select newspapers offering loans etc. As soon as some unfortunate person bites, and say requests a loan for $5,000. The appropriate details are taken, and the sum of say $20000 is paid into the account. the recipient is called up a day later and told that themoney is in their account but they were overpaid and needs to send the excess of $15000 via money transfer or bank wire to X country/location ASAP. The "Mugu" at this point does so, and suddenly becomes liable for $20000 while the fraudsters vanish.
Now you may ask where did the initial $20K come from?? easy.
Well generally this comes from the account of someone with a lot of money in the bank. it is generally obtained by a frauduent person working in a bank. They will tend to get the details from accounts that they access as part of their job so as not to arouse suspicion. All that is done next is to match the details of this person with their credit report/ identity information obtained earlier, effect a wire transfer.. which can be done over the phone and voila, Robert is your father's brother!
They way we as humans do things, has to change. We want faster fast food, we open more fast food restaurants, and to cope with demand we pump the chicken full of hormones so that when it is slaughtered after 3 weeks its nice and fat. Then we start complaining about being obese, talking about being cruel to animals, worrying about what those hormones are doing to us. Yet we are the ones that demand faster fast food.
Its the same with banking, we want more convenience, we want to be able to bank online, but cant be bothered to secure our home computers against key loggers, we want lesser charges so banks operate call centers in far flung countries. Its all about what WE want. But we forget, that with the increases in our reliance on technology and our demands for "more" there are always risks that will have to be dealt with and until those risks are acknowledged there will always be victims. This goes for every facet of our existence.
I see no reason why my fellow ./'ers are all so negative towards this issue. All he asked for was help, and not for everyone to shoot his dream down.
As for the things you can do, well that kind of depends on where you are. In the UK you will need to do a number of exams set by the securities and investments institute http://www.sii.org.uk/ Im not entirely sure what your requirements would be in the US. I used to work as a technology risk analyst for an investment bank and our entire team had to the introduction to securities and investments exam.
To get a job on a trading desk, you generally have to go through a whole heap of hoops, but in most cases, it helps if you are a desk support person *note* not trading support (which relates to the support of the hardware/software used by traders)
These jobs require a fair amount of training to be conversant with the setup, i.e. multiple screens,special phones etc. So banks generally train their staff at training centers dotted around the country/world just so they can see those that will cut the mustard
One thing i will say is that you should give day trading / spread betting a go. It will really test your nerve and help you decide if you really want to go ahead with this
Good luck.!
From what i have read so far, this seems to be pretty much the norm in the US. Over here in blighty (England) that sort of this is pretty much unheard of. The law is very much on the side of the employee. You are generally obliged to give at least 1 months notice before you quit your job. For many senior positions, employees generally undergo what is known as "gardening leave". This is where they hand in their resignation, leave the organisation pretty much immediately, but continue to be at the beck and call of the company for a period of time (sometimes up to 2 months) so as to either make their exit as harmless to the company as possible or until they find a successor
Hmm being the conspiracy theorist that i am.. that could all be spin!( http://www.rsu.edu/faculty/khicks/Essays/Spin.htm)
Anyhow.. have they looked on eBay?
Hmm with this technology its only a matter of time until Thinkgeek start selling canisters of odourless "chick" repellent which can be used discreetly on the overly biggoted and generaly annoying BigManOnCampus.
:)
I can see the results now...
How much do you want to bet that people will bulk buy these things just for the screens
hmm.. come to think of it.. i'll get my orders in now!!!
Dammit! i hate you!!! 2fP
Over here in Blighty (London England) there is a weekly radio show called SoulWax which does exactly this.... play mashed up tunes for a few hours on Friday night.. iot only started about a month ago and is proving to be a big winner.. i dont know what the legal implications of this are but if they play it on London radio then hey go figure...
real email addy: kl3pto@hotmail.com : MPLS Multi protocol Layer Switching enables you to do the exact same thing using your existing high end routers. (that is if you use CISCO or Juniper equipment) MPLS does this by utilising the TOS bit in the TCP header.. Check this out http://www.cisco.com/univercd/cc/td/doc/product/so ftware/ios120/120newft/120limit/120s/120s5/mpls_te .htm#xtocid152642