I was there and he answered this in his talk. There were hundreds of VPN services that still supported using it. He pointed out that iPredator (VPN service for the Pirate Bay) ONLY supports MS-CHAPv2. The ubiquity of use and support has created a loop where people keep using it (another point of his talk).
We have been in a "cyber" cold war with the Chinese (and others) for years. The recent theft of IP at RSA and many other companies is due to reasonably sophisticated persistent malware (advanced persistent threat in marketing terms) that can take a medium size business months to eradicate with outside professional help. Basically, there is a lot of information gathering going on and a lot of theft of things the US tries to restrict the Chinese from acquiring. To underestimate their abilities, goals, and motivation is foolish. To think we are being any nicer to them is absurd.
There is not a cyber 'cold war' brewing. It is already happening. I've seen it at the company I work for first hand. The Chinese are infiltrating and stealing everything they can copy the bits of from US corporate infrastructure. Most companies don't even have the awareness to know they are infected. They believe having a firewall and Anti-Virus is protecting them. Anyone who thinks the US isn't doing the same things to China is just being willfully ignorant.
And have fun managing the firewall on each individual box vs. a centralized firewall. If you are a big enough target to get DDOSed at 100Gbps, you aren't running free tools.
So how do you manage said web server if port 22 or 23 are not open? How do you do your backups or network storage connections? There will always be other services available on the server. The firewall stops the outside world getting to port 22 while you on the inside still can.
Typical firewalls these days can sling packets at speeds of over 1Gbps. But the DDOS is running at 100Gbps. A DS3 only gives you 45Mbps. But they want to blame the firewall as being a bottleneck? How many businesses have pipes to the internet capable of 100Gbps, firewall or not?
be taken offline by a DDOS or have your web server compromised by an exploit that has unfettered access to it? A DDOS will only cost me revenue while I'm not available. Having my server hacked will cost me downtime AND recovery costs.
A real security person would take a risk based approach. In this case, the risk to other damages (i.e. server compromise, theft of credit cards, loss of customer confidence) is much higher than the risk of being down due to DDOS. I think Arbor are now making it onto my list of companies to avoid.
There is a huge difference between creating something that will blow up your lab if you make a mistake and something that will live and grow outside of your control if you make a mistake. Also, with most Chemistry sets you can't get enough materials to do really dangerous stuff. Most of the bad chemicals are all under strict control or oversight. But the tools to make dangerous biologics don't have the same controls over them right now.
Having worked as a research assistant in a mol bio lab, this scares the hell out of me. I don't want people creating the next super bug in their garage. Responsible research labs follow protocols about dealing with the bio-hazardous waste they generate. What happens when your neighbor releases his new organism by accident? And do we really need 'home brew' for this? If you want to study this stuff, go to school for it!
Assuming it takes 100 years to build everything we need to make this flight, by the time you get there it will be 178,570 years after the group that took 1000 years to build the matter/antimatter ship finished their project.
I don't remember if it was Valentine's Day but there was this geeky guy on Slashdot who proposed marriage ON SLASHDOT! Wonder how that turned out for him.
First, it is way too easy to hide information from the PCI assessors. BTW, they are NOT auditors, they are assessors, there is a big difference. But it is too easy to hide stuff because to really dig into a complex system for every last detail is already cost prohibitive.
Which brings me to my second point. If liability gets pushed to the assessors (or SOX auditors which are real auditors) then the cost of being assessed/audited are going to skyrocket because they will just pass the cost of liability right back to the company that hired them. The companies being assessed/audited are being held at 'legal gunpoint' to comply and pay whatever cost. Then, the cost of being assessed will be passed on to the consumers or the company will go out of business.
This is what PMI says to do, cherry pick what you need out of the vast standardized body of knowledge (PMBOK in PMI terms). However, if you don't have a good grip on the BOK, how do you know what to cherry pick and what to ignore? I'm not saying you need complete mastery of the PMBOK, but a course in the groundings of it helps immensely. I'm working on my SANS GIAC certification in PM and would be lost just picking up the PMBOK without the background of the class. The work project I'm doing right now is small and so some things like Budget Management and HR Management don't apply, but that might not be the case for the submitter.
You are spot on and I would mod you up if I had points. I don't think the HDD manufacturers are behind this though. The simpler (and I think correct) reason is that older media used to be easier to recover data from. Newer hardware is different and the old methods do not apply.
http://shsc.info/DataRecovery#titelanker5
I can do better for myself on my own, thank you. We already have too many people in IT who aren't skilled enough to be here. Thankfully the Dot-bombs of the early part of this century weeded out quite a few. When I start hearing stories about the woefully oppressed, underpaid, dis-enfranchised IT workers then I'll say we have a need. Considering most IT jobs are far easier than being a ditch-digger, we don't need a union bureaucracy to take care of us.
Slashdot Mirror
https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
I was there and he answered this in his talk. There were hundreds of VPN services that still supported using it. He pointed out that iPredator (VPN service for the Pirate Bay) ONLY supports MS-CHAPv2. The ubiquity of use and support has created a loop where people keep using it (another point of his talk).
Do your research on CALEA and the impact of you becoming a provider to people.
He should become Amish. They don't need any phones.
We have been in a "cyber" cold war with the Chinese (and others) for years. The recent theft of IP at RSA and many other companies is due to reasonably sophisticated persistent malware (advanced persistent threat in marketing terms) that can take a medium size business months to eradicate with outside professional help. Basically, there is a lot of information gathering going on and a lot of theft of things the US tries to restrict the Chinese from acquiring. To underestimate their abilities, goals, and motivation is foolish. To think we are being any nicer to them is absurd.
There is not a cyber 'cold war' brewing. It is already happening. I've seen it at the company I work for first hand. The Chinese are infiltrating and stealing everything they can copy the bits of from US corporate infrastructure. Most companies don't even have the awareness to know they are infected. They believe having a firewall and Anti-Virus is protecting them. Anyone who thinks the US isn't doing the same things to China is just being willfully ignorant.
And have fun managing the firewall on each individual box vs. a centralized firewall. If you are a big enough target to get DDOSed at 100Gbps, you aren't running free tools.
So how do you manage said web server if port 22 or 23 are not open? How do you do your backups or network storage connections? There will always be other services available on the server. The firewall stops the outside world getting to port 22 while you on the inside still can. Typical firewalls these days can sling packets at speeds of over 1Gbps. But the DDOS is running at 100Gbps. A DS3 only gives you 45Mbps. But they want to blame the firewall as being a bottleneck? How many businesses have pipes to the internet capable of 100Gbps, firewall or not?
be taken offline by a DDOS or have your web server compromised by an exploit that has unfettered access to it? A DDOS will only cost me revenue while I'm not available. Having my server hacked will cost me downtime AND recovery costs. A real security person would take a risk based approach. In this case, the risk to other damages (i.e. server compromise, theft of credit cards, loss of customer confidence) is much higher than the risk of being down due to DDOS. I think Arbor are now making it onto my list of companies to avoid.
There is a huge difference between creating something that will blow up your lab if you make a mistake and something that will live and grow outside of your control if you make a mistake. Also, with most Chemistry sets you can't get enough materials to do really dangerous stuff. Most of the bad chemicals are all under strict control or oversight. But the tools to make dangerous biologics don't have the same controls over them right now.
Having worked as a research assistant in a mol bio lab, this scares the hell out of me. I don't want people creating the next super bug in their garage. Responsible research labs follow protocols about dealing with the bio-hazardous waste they generate. What happens when your neighbor releases his new organism by accident? And do we really need 'home brew' for this? If you want to study this stuff, go to school for it!
Assuming it takes 100 years to build everything we need to make this flight, by the time you get there it will be 178,570 years after the group that took 1000 years to build the matter/antimatter ship finished their project.
They use this to PUSH particles around, not PULL them.
I think it would be more accurate to say we need to protect ourselves from the Internet vs. we should protect the Internet.
By Lance Spitzner. Too bad most /.ers won't see this post.
http://www.honeytech.com/blog/rebuttal/
The Running Man!
I don't remember if it was Valentine's Day but there was this geeky guy on Slashdot who proposed marriage ON SLASHDOT! Wonder how that turned out for him.
Add another device to your overladen 3G network!
Relative to the 1970's and 80's the prices now are a real bargain. I recall Pac-Man for the Atari 2600 being something like $50 at first.
First, it is way too easy to hide information from the PCI assessors. BTW, they are NOT auditors, they are assessors, there is a big difference. But it is too easy to hide stuff because to really dig into a complex system for every last detail is already cost prohibitive.
Which brings me to my second point. If liability gets pushed to the assessors (or SOX auditors which are real auditors) then the cost of being assessed/audited are going to skyrocket because they will just pass the cost of liability right back to the company that hired them. The companies being assessed/audited are being held at 'legal gunpoint' to comply and pay whatever cost. Then, the cost of being assessed will be passed on to the consumers or the company will go out of business.
This is what PMI says to do, cherry pick what you need out of the vast standardized body of knowledge (PMBOK in PMI terms). However, if you don't have a good grip on the BOK, how do you know what to cherry pick and what to ignore? I'm not saying you need complete mastery of the PMBOK, but a course in the groundings of it helps immensely. I'm working on my SANS GIAC certification in PM and would be lost just picking up the PMBOK without the background of the class. The work project I'm doing right now is small and so some things like Budget Management and HR Management don't apply, but that might not be the case for the submitter.
Here is one site I found yesterday with templates, white papers, articles, etc. http://www.brighthub.com/office/project-management.aspx
http://forums.zonealarm.org/zonelabs/board/message?board.id=Off-Topic&message.id=19903
You are spot on and I would mod you up if I had points. I don't think the HDD manufacturers are behind this though. The simpler (and I think correct) reason is that older media used to be easier to recover data from. Newer hardware is different and the old methods do not apply. http://shsc.info/DataRecovery#titelanker5
I can do better for myself on my own, thank you. We already have too many people in IT who aren't skilled enough to be here. Thankfully the Dot-bombs of the early part of this century weeded out quite a few. When I start hearing stories about the woefully oppressed, underpaid, dis-enfranchised IT workers then I'll say we have a need. Considering most IT jobs are far easier than being a ditch-digger, we don't need a union bureaucracy to take care of us.