I hope you have some good phishing protection, and have your intranet behind a firewall even internally. A user can get phished, malware installed, and the malware goes after the 2003 box. It's all botnet automated too. Is your company running it's own Exchange server? But even some of my clients run old server OS's. Many have been virtualized and the hardware long gone. Just last month I had to walk some Indian "admin" through installing IIS on win2k after it's database app glitched the whole thing. Lucky they had a paper backup still or flights would be grounded...the press blamed it on the iPads but we are still "investigating root cause" lol.
so your answer is yes. All platforms of Windows are (is?) always under attack. Any product that ships with NSA_KEYS has been compromised before it even hit the market. It will be attacked more, yet it's market share will decline and the OS will be less of a threat target. Only small businesses, criminals, and geeks will keep it running much longer, at least in any exposed mode. Most bigger corps have already transitioned to 2008/2012 for anything with a PAT/NATed port.
Glad I can humor you, Grammer Nazi. The Dean of Canterbury who wrote "The Queen’s English" just called from 1864 and said they want their rule book back.
I had a theory the recent Chinese break in was to see how their already-placed agents scored on these background checks...plus it gives them intel on how their spies can overcome our checks in the future.
seems to be similar policy. Manning should have never been able to use a USB stick on an Army system. Snowden should have never been given so much access to various systems. These "failures" are the fault of the organization, not the individuals. The concept of "compartmentalization" exists for a reason. Personally I am glad both people were able to do what they did...but with proper security in place this would have never happened.
"terrorism-related category codes" what does this even mean? And "initial for a first name and missing social security numbers", those get a free pass too per OIG-15-98. "Social security number (SSN) is not currently a required field on the aviation worker credential application" quite surprising, as that is the primary means for tracking a worker. And "TSA did not receive certain terrorism-related category codes as part of the watchlist extract they used for vetting" tells me that it wasn't the TSA but whomever is compiling the list FOR the TSA that screwed up on this.
I finally found http://www.gpo.gov/fdsys/pkg/C..., which has a list on page two. Still don't know if these are the "category codes" as mentioned though...it's all rather obscure. Interesting that "controlled substances" is mentioned twice as much as murder.
This is pretty much what the security people associated with that audit said. There is a program for "fast tracking" airline passengers, with pre-screening (like CAPPS) and such. Yet very few know about it, and the TSA doesn't really advertise it very well.
In a somewhat related note, the TSA has almost grounded all flights by not doing proper change management. They repeatedly will begin some server / database maintenance without telling anyone, so we who monitor those systems start getting all sorts of alarms. The last time the TSA pulled down the no-fly database for some maintenance we were about 5 minutes out from alerting the FAA and the whole system going into a lock-down. After some frantic phone calls the TSA was just like "oh yeah, we forgot to tell anyone". From my perspective, they are just as "dangerous" as these "terrorists". Even the terrorists would have a hard time grounding all flights without any violence like has almost happened.
Even in Oklahoma I had to enter my policy number, insurance NIAC number, tag, driver's license number, etc to get my new tag two weeks ago. Your experience could be your DMV being lazy as opposed to the law lacking said requirements.
another question is...does MS even have a newer "embedded" OS? I've seen some beta embedded on MSDN, but nothing that had the adoption rate and support of XP. Pretty much guarantee that zero of those devices running XPE even have a MS path for upgrades for that hardware. Some startup could make a killing with an embedded OS that directly supports the hardware for upgrading all those devices.
Under 50 devices, Lansweeper is 0$. I use it at my house...but I personally have more computing power than many "small businesses" lol. ESXi box, HPV box, fileservers, clients, etc.
We have dozens of different programs, apps, scripts, etc that scrape data. It all gets dumped back into an ITIL compliant system, that uses "standard definition" that has 50-100+ different tags. Different hardware platforms need different ways to get this info, so anyone can write something to scrape their asset info if they have hardware that doesn't easily "fit". SMNP, Powershell, whatever. Unfortunately we also make HPSM (Service Manager) which I personally find hideously complex.
I guess it's this...do you want a New World process (ITAM) or an Old World process (ITIL)? ITAM started in Mexico, ITIL is from the UK. From my perspective (at the soon to be spun off HP Enterprise) we are big into ITIL. It goes way further than just asset tracking though...one of the big things we use it for is EDI between our ticketing system and our clients to push out help desk tickets between different companies. When it properly works that is, but that's not my department (the actual data exchange). For example, one of our clients is National Grid, in the UK (and northeast US). Our helpdesk can access NG's asset database and assign their asset info to our tickets, then push out a repair request to say Verizon for telecom issues, Wipro for code issues, etc. Since everyone is using the same asset tracking policy it's supposedly easier.
I don't remember the domain, but a few months ago a friend and I were on FB chat, He was trying to send me a link to some redirector he set up for his minecraft server and FB chat wouldn't let either of us put the domain in the chat window. It kept giving some error, the error had a link about "highly abused URLS" or something. So yes, there is some kind of real time blocking lists going on.
In a big datacenter running VmWare, it is an otfen-broken support policy of not having your scratch somewhere out on the LAN. At least for 5.5x, "scratch memory across a LAN/vlan is not supported", but it still seems to work so it's done. I believe a good chunk of my companies servers already don't have local storage...although I don't know if this is a "standard policy" for us, or even if we managed those servers or just hosted them. The sys admins told me the scratch went across the vlan. I assume it's "not supported" as it might cause higher latency acriss the VLAN as opposed to local disk?
Re:Not surprising after Tron: Uprising was gutted
on
Tron 3 Is Cancelled
·
· Score: 1
I totally agree! If people like TRON and want a deeper exploration of that universe, they need to check it out ASAP. T:U was far more of an anime than a cartoon, people should watch it.
You should think about instead of going all the way to CCIE, go for a lower level Cisco. We support hundreds of physical servers, two data centers, and (I think) 8 SABRE mainframes; yet we have maybe 8-10 network engineers who are FTE employees. Better yet might be to branch out into an MS cert, and a VMWare cert or three. My location does a tremendous amount of virtual servers, like 20-50 blades on a rack with 10-15 VMs each. I haven't seen any of the virtual networking yet, but that really isn't within my job scope unless it has some severe issues...it's probably in there too. Yet some networking, combined with virtualization...toss in some ITIL, policy management, project management and you could leverage your current skill set and find a new niche. I've seen situation management positions at Goldmans starting at $250k for ITSM analysts positions, even a few around $300k...so you know if you where seriously looking you could find even higher pay.
Since you already code, learning the ITIL process should be pretty easy. The VmWare you can practice in your home lab (you DO have a home lab, right? Cause if your going cisco you'll need one LOL) I never know what issues will crop up, sometimes it's a server with bad hardware, switch sup card going out, someone pushed a bad script that jacks up some Oracle databases, etc. It's also a path into management if you want, since you really get a chance to network with vendors, programmers, network engineers, clients, etc and have to really flow with the severity and get stuff fixed. ITIL is also a world-wide standard, many corps are moving to it to manage change.
At my location, I think there are around maybe 8 people working as actual "network engineers" that are at our physical site. There's always someone there 24/7/365, sometimes 2-3. I work over nights, so I don't know how many people are there normally during the day now but I know the team size. I think though that we have far more than any other shop on average; we support thousands of servers, multiple networks, multiple data centers, and have the SABRE mainframes in our basement. There are also teams in other places that support other "legacy" networks, like airlines that my main client bought out. At the actual data centers (there's one right down the road) there might be one on-site tech, they usually rotate 8 hours and are "on call". The server admins are mostly overseas already.
and this is their IT department? So, when your getting computers ready for deployment, you what..."book" several desks? Although at that kind of place I wouldn't be suprised if your company didn't actually provide any PCs, and make employees got buy their own laptops
At my HP location, our new "command center" is kinda OO, but with eight monitors per station and only a few other people close by, I still have some privacy. We still have cubes, even though mine is on a different floor and I never actually sit there. I've actually brought some old PC stuff from home and use it as "storage". They had the chance to make it all OO, at least on one floor. Total remodel, tore down almost all the internal walls, new carpet, ceiling tiles, network runs...but they put all the cubes back. Perhaps this is a benefit of living in a conservative area, maybe in 10-15 years they will finally do some OO.
Honestly, if I was forced into some weird OO at my current job, I'd probably try to claim some type of "accommodation" due to my ADHD. It's already "on record", I'm sure I could press for a "reasonable accommodation" via the ADA. And I would have to, because my productivity would drop to zero in an OO.
Slashdot Mirror
"Obama lied...and our privacy died"
I hope you have some good phishing protection, and have your intranet behind a firewall even internally. A user can get phished, malware installed, and the malware goes after the 2003 box. It's all botnet automated too. Is your company running it's own Exchange server? But even some of my clients run old server OS's. Many have been virtualized and the hardware long gone. Just last month I had to walk some Indian "admin" through installing IIS on win2k after it's database app glitched the whole thing. Lucky they had a paper backup still or flights would be grounded...the press blamed it on the iPads but we are still "investigating root cause" lol.
so your answer is yes. All platforms of Windows are (is?) always under attack. Any product that ships with NSA_KEYS has been compromised before it even hit the market. It will be attacked more, yet it's market share will decline and the OS will be less of a threat target. Only small businesses, criminals, and geeks will keep it running much longer, at least in any exposed mode. Most bigger corps have already transitioned to 2008/2012 for anything with a PAT/NATed port.
Quite true, but from an ITSEC standpoint the fact that the USB ports aren't physically disabled seems to be just asking for a leak.
Glad I can humor you, Grammer Nazi. The Dean of Canterbury who wrote "The Queen’s English" just called from 1864 and said they want their rule book back.
I had a theory the recent Chinese break in was to see how their already-placed agents scored on these background checks...plus it gives them intel on how their spies can overcome our checks in the future.
seems to be similar policy. Manning should have never been able to use a USB stick on an Army system. Snowden should have never been given so much access to various systems. These "failures" are the fault of the organization, not the individuals. The concept of "compartmentalization" exists for a reason. Personally I am glad both people were able to do what they did...but with proper security in place this would have never happened.
"terrorism-related category codes" what does this even mean? And "initial for a first name and missing social security numbers", those get a free pass too per OIG-15-98. "Social security number (SSN) is not currently a required field on the aviation worker credential application" quite surprising, as that is the primary means for tracking a worker. And "TSA did not receive certain terrorism-related category codes as part of the watchlist extract they used for vetting" tells me that it wasn't the TSA but whomever is compiling the list FOR the TSA that screwed up on this.
I finally found http://www.gpo.gov/fdsys/pkg/C..., which has a list on page two. Still don't know if these are the "category codes" as mentioned though...it's all rather obscure. Interesting that "controlled substances" is mentioned twice as much as murder.
This is pretty much what the security people associated with that audit said. There is a program for "fast tracking" airline passengers, with pre-screening (like CAPPS) and such. Yet very few know about it, and the TSA doesn't really advertise it very well.
In a somewhat related note, the TSA has almost grounded all flights by not doing proper change management. They repeatedly will begin some server / database maintenance without telling anyone, so we who monitor those systems start getting all sorts of alarms. The last time the TSA pulled down the no-fly database for some maintenance we were about 5 minutes out from alerting the FAA and the whole system going into a lock-down. After some frantic phone calls the TSA was just like "oh yeah, we forgot to tell anyone". From my perspective, they are just as "dangerous" as these "terrorists". Even the terrorists would have a hard time grounding all flights without any violence like has almost happened.
Indeed, the most "stable" vehicle is a reverse tri-wheel....two wheels in front and one on the back. But very little cargo space.
Even in Oklahoma I had to enter my policy number, insurance NIAC number, tag, driver's license number, etc to get my new tag two weeks ago. Your experience could be your DMV being lazy as opposed to the law lacking said requirements.
another question is...does MS even have a newer "embedded" OS? I've seen some beta embedded on MSDN, but nothing that had the adoption rate and support of XP. Pretty much guarantee that zero of those devices running XPE even have a MS path for upgrades for that hardware. Some startup could make a killing with an embedded OS that directly supports the hardware for upgrading all those devices.
Under 50 devices, Lansweeper is 0$. I use it at my house...but I personally have more computing power than many "small businesses" lol. ESXi box, HPV box, fileservers, clients, etc.
We have dozens of different programs, apps, scripts, etc that scrape data. It all gets dumped back into an ITIL compliant system, that uses "standard definition" that has 50-100+ different tags. Different hardware platforms need different ways to get this info, so anyone can write something to scrape their asset info if they have hardware that doesn't easily "fit". SMNP, Powershell, whatever. Unfortunately we also make HPSM (Service Manager) which I personally find hideously complex.
I guess it's this...do you want a New World process (ITAM) or an Old World process (ITIL)? ITAM started in Mexico, ITIL is from the UK. From my perspective (at the soon to be spun off HP Enterprise) we are big into ITIL. It goes way further than just asset tracking though...one of the big things we use it for is EDI between our ticketing system and our clients to push out help desk tickets between different companies. When it properly works that is, but that's not my department (the actual data exchange). For example, one of our clients is National Grid, in the UK (and northeast US). Our helpdesk can access NG's asset database and assign their asset info to our tickets, then push out a repair request to say Verizon for telecom issues, Wipro for code issues, etc. Since everyone is using the same asset tracking policy it's supposedly easier.
I was just able to post a link to https://www.stopfasttrack.com/... public, it also allowed me to save the link. So...very weird.
I don't remember the domain, but a few months ago a friend and I were on FB chat, He was trying to send me a link to some redirector he set up for his minecraft server and FB chat wouldn't let either of us put the domain in the chat window. It kept giving some error, the error had a link about "highly abused URLS" or something. So yes, there is some kind of real time blocking lists going on.
In a big datacenter running VmWare, it is an otfen-broken support policy of not having your scratch somewhere out on the LAN. At least for 5.5x, "scratch memory across a LAN/vlan is not supported", but it still seems to work so it's done. I believe a good chunk of my companies servers already don't have local storage...although I don't know if this is a "standard policy" for us, or even if we managed those servers or just hosted them. The sys admins told me the scratch went across the vlan. I assume it's "not supported" as it might cause higher latency acriss the VLAN as opposed to local disk?
I totally agree! If people like TRON and want a deeper exploration of that universe, they need to check it out ASAP. T:U was far more of an anime than a cartoon, people should watch it.
You should think about instead of going all the way to CCIE, go for a lower level Cisco. We support hundreds of physical servers, two data centers, and (I think) 8 SABRE mainframes; yet we have maybe 8-10 network engineers who are FTE employees. Better yet might be to branch out into an MS cert, and a VMWare cert or three. My location does a tremendous amount of virtual servers, like 20-50 blades on a rack with 10-15 VMs each. I haven't seen any of the virtual networking yet, but that really isn't within my job scope unless it has some severe issues...it's probably in there too. Yet some networking, combined with virtualization...toss in some ITIL, policy management, project management and you could leverage your current skill set and find a new niche. I've seen situation management positions at Goldmans starting at $250k for ITSM analysts positions, even a few around $300k...so you know if you where seriously looking you could find even higher pay.
Since you already code, learning the ITIL process should be pretty easy. The VmWare you can practice in your home lab (you DO have a home lab, right? Cause if your going cisco you'll need one LOL) I never know what issues will crop up, sometimes it's a server with bad hardware, switch sup card going out, someone pushed a bad script that jacks up some Oracle databases, etc. It's also a path into management if you want, since you really get a chance to network with vendors, programmers, network engineers, clients, etc and have to really flow with the severity and get stuff fixed. ITIL is also a world-wide standard, many corps are moving to it to manage change.
At my location, I think there are around maybe 8 people working as actual "network engineers" that are at our physical site. There's always someone there 24/7/365, sometimes 2-3. I work over nights, so I don't know how many people are there normally during the day now but I know the team size. I think though that we have far more than any other shop on average; we support thousands of servers, multiple networks, multiple data centers, and have the SABRE mainframes in our basement. There are also teams in other places that support other "legacy" networks, like airlines that my main client bought out. At the actual data centers (there's one right down the road) there might be one on-site tech, they usually rotate 8 hours and are "on call". The server admins are mostly overseas already.
if I could go hunt for shrooms on my break, and could get high speed net access and power...sure thing!
and this is their IT department? So, when your getting computers ready for deployment, you what..."book" several desks? Although at that kind of place I wouldn't be suprised if your company didn't actually provide any PCs, and make employees got buy their own laptops
Did you work at the Tetragrammaton Council office off the movie "Equilibrium"?
At my HP location, our new "command center" is kinda OO, but with eight monitors per station and only a few other people close by, I still have some privacy. We still have cubes, even though mine is on a different floor and I never actually sit there. I've actually brought some old PC stuff from home and use it as "storage". They had the chance to make it all OO, at least on one floor. Total remodel, tore down almost all the internal walls, new carpet, ceiling tiles, network runs...but they put all the cubes back. Perhaps this is a benefit of living in a conservative area, maybe in 10-15 years they will finally do some OO.
Honestly, if I was forced into some weird OO at my current job, I'd probably try to claim some type of "accommodation" due to my ADHD. It's already "on record", I'm sure I could press for a "reasonable accommodation" via the ADA. And I would have to, because my productivity would drop to zero in an OO.