Having been through this numerous times I have to say it sounds like you got yourself into this mess. By not explaining what "deliverables" you wanted from the consultant you set yourself up. If you said "give me a report card" and that's what you got then you have a serious problem. Tell the consultant what you want the report to look like. Tell him that all results should be placed in context to a) risk; b) ease of attack and c) liklihood of attack. Tell them that you want a concrete list of what to do and when to do it. If he can't do that then his firm needs someone else to write the final report. You should also have been sitting sidecar during the whole VA so you could help them understand the risks and your environment. Most of the time it makes their VA more accurate because you can point out where you know you are weak and they give you credit for at least being aware of your shortcomings. You've got to tell them what they don't know. If you don't help them contextualize their results then they have to cover their a** and spit out the raw data. Finally, you should meet with the consultants to view the draft of the report so you get a heads up and they get to polish the deliverable.
What do you really want out of the VA? The VA is a tool to help you determine where to focus your limited resources. It is not a report card.
And since we're now using electricity to cool the fridge, we're burning coal to make the electricity to cool the fridge. At least we won't have to worry about any harmful gasses from those coal-burning electricity plants...
That's because you're thinking with your head instead of listening to what the marketing department tells you.
But GM sees it as "Hyundai = bad quality; Hyundai has 10 year warranty; BMW = good quality; BMW has 3 year warranty; therefore, shorter warranties mean higher quality *perception*"
Keep in mind, it's perception, not fact, that sells. Sometimes they are both the same.
This is an effective method for dispersing heat given technology and cost constraints with performance remaining at today's standards. Want reduced power? Slow that processor down to 1990 levels and you'd get what you're asking for - but then nobody (even you) would buy it.
Limiting the power consumption of the laptop is already a goal, but economically, this is a better (cost effective) solution. Let's say that they CAN reduce consumption significantly, you still have the problem that NEXT year you'll have faster processors and higher heat, and the need will reappear.
The technology exists to double the fuel economy of your favorite SUV, but then nobody wants to drive a vehicle with 0-30 times measured in minutes with a top speed well below highway speeds. The technology also exists to increase performance significantly over todays models but they would get 2mpg.
I for one don't want to type in a 256-character CD key code when I install the game. That would certainly be stronger, but not necessarily smarter. Is that what you're advocating?
The PS1 is no longer a money-loser. Remember, this is "ancient" technology - the initial investment has been spread out millions of units, so the amortized investment cost is rather small. They're making a profit @ the $99 selling price. That's why Sony continues to advertise the PS1.
Back when the PS1 cost $300, 2x CD-ROMs were $200 and the circuitry was less dense. Now they can get the whole console on fewer chips, meaning less cost to manufacture.
So adding this functionality to a DVD player actually makes sense because the incremental cost is the cost of a few chips and 1 controller. We all know how cheap chips can get if the run is long enough, and it's certainly been a long run for the PS1.
In the competitive DVD market, where MP3 playback can make the deal over another player without that functionality, PS1 compatibility suddenly becomes attractive.
Slashdot Mirror
Having been through this numerous times I have to say it sounds like you got yourself into this mess. By not explaining what "deliverables" you wanted from the consultant you set yourself up.
If you said "give me a report card" and that's what you got then you have a serious problem.
Tell the consultant what you want the report to look like. Tell him that all results should be placed in context to a) risk; b) ease of attack and c) liklihood of attack. Tell them that you want a concrete list of what to do and when to do it. If he can't do that then his firm needs someone else to write the final report.
You should also have been sitting sidecar during the whole VA so you could help them understand the risks and your environment. Most of the time it makes their VA more accurate because you can point out where you know you are weak and they give you credit for at least being aware of your shortcomings. You've got to tell them what they don't know. If you don't help them contextualize their results then they have to cover their a** and spit out the raw data.
Finally, you should meet with the consultants to view the draft of the report so you get a heads up and they get to polish the deliverable.
What do you really want out of the VA? The VA is a tool to help you determine where to focus your limited resources. It is not a report card.
LC5 from @stake is doing this already with their L0phtcrack program (LC5).
:-(
They ship their "Admin" version with hashes of "trillions" of alphanumeric English password combinations.
If you bought the "Pro" version and had access to the hashes already it wouldn't do you any good - they've disabled the functionality
The hash files take up 2 CDs.
It's not useful if 95% can't *use* it. Hence the word useful.
And since we're now using electricity to cool the fridge, we're burning coal to make the electricity to cool the fridge. At least we won't have to worry about any harmful gasses from those coal-burning electricity plants...
That's because you're thinking with your head instead of listening to what the marketing department tells you.
But GM sees it as "Hyundai = bad quality; Hyundai has 10 year warranty; BMW = good quality; BMW has 3 year warranty; therefore, shorter warranties mean higher quality *perception*"
Keep in mind, it's perception, not fact, that sells. Sometimes they are both the same.
So a Hyundai with a 10 year warranty is seen as more reliable than a BMW with a 3?
Logice and reason aren't marketing terms.
As GM recently stated, consumers see lengthy warranties as a sign of weakness in quality, not a sign of confidence.
You miss the point.
This is an effective method for dispersing heat given technology and cost constraints with performance remaining at today's standards. Want reduced power? Slow that processor down to 1990 levels and you'd get what you're asking for - but then nobody (even you) would buy it.
Limiting the power consumption of the laptop is already a goal, but economically, this is a better (cost effective) solution. Let's say that they CAN reduce consumption significantly, you still have the problem that NEXT year you'll have faster processors and higher heat, and the need will reappear.
The technology exists to double the fuel economy of your favorite SUV, but then nobody wants to drive a vehicle with 0-30 times measured in minutes with a top speed well below highway speeds. The technology also exists to increase performance significantly over todays models but they would get 2mpg.
Got Abacus?
I for one don't want to type in a 256-character CD key code when I install the game. That would certainly be stronger, but not necessarily smarter. Is that what you're advocating?
The PS1 is no longer a money-loser. Remember, this is "ancient" technology - the initial investment has been spread out millions of units, so the amortized investment cost is rather small. They're making a profit @ the $99 selling price. That's why Sony continues to advertise the PS1.
Back when the PS1 cost $300, 2x CD-ROMs were $200 and the circuitry was less dense. Now they can get the whole console on fewer chips, meaning less cost to manufacture.
So adding this functionality to a DVD player actually makes sense because the incremental cost is the cost of a few chips and 1 controller. We all know how cheap chips can get if the run is long enough, and it's certainly been a long run for the PS1.
In the competitive DVD market, where MP3 playback can make the deal over another player without that functionality, PS1 compatibility suddenly becomes attractive.