The Homeland Security push that Bush has instigated is really starting get a very Orwellian feel to it. I'm feel extremely sorry for the friends that I have who practice Islam or are of an Arabic descent.
I think its good that organizations such as OpenBSD are taking the initiative to combat DoS/DDoS attacks. I see a lot of companies such as ISS and SecureWorks blowing smoke about "preventing hacker intrusion" when the real threat these days is worms such as Slammer. I really don't know a whole heck of a lot about DDoS attacks, but I've seen a lot of systems crumble under them, even if the os installed on the systems is unaffected. Wonder when Cisco will start doing things like this with IOS? (Unless they already are?) Discussion encouraged.
I've had a 380XD for a few years now (bought it brand new), and every 6 to 12 months I have had to get a new battery, either IBM or OEM replacements. The laptop only gets used maybe once or twice a week, as it is a network testing machine, and I make sure to let the battery run down to about 10% before I charge it back up. There is definately somthing wrong with IBMs battery management system in their laptops. Additionally, a friend of mine has a newer ThinkPad (not sure which series, but it was purchased in fall of 2000) that suffers the same battery issues.
Makes me wonder how long it will be before someone hacks together some control units, a lawn tractor, and a gps system and some randome patteren generator software and creates an autonomous crop circle generator.
How cool would it be to drop off this contraption in the middle of a field, set some width/height parameters, and let it run free, just to see what you could come up with. Maybe even have it draw fractal patterns or somthing.
Having worked for both a company that outsourced services and a company that handled outsourced services, I've seen both sides of the spectrum.
Companies need to learn what to outsource and what not to outsource. My personal opinion is that large scale projects need to be internal, with only small, specialized sections outsourced to the appropriate firm.
Small business can benefit immensely from handing off, for example, their websites and design services instead of bringing those services in-house. But does a large, multinational firm really benefit from turning these services out to another company? More than likely not, and in the long run it will cost them more.
The last company I worked for handled the website and design services for several large companies, on top of many smaller businesses. The large companies spent, on average, $300-400k per yer for web management and design, whereas the smaller firms only maxed out at around 12-40k per year. Proportionally these services where the same. The larger firms would have benefited from hiring and keeping internal these services.
Just my $0.02.
As a network security analyst, I have to deal daily with intrusion attempts and DDoS, and such. Our company, being a large domain registrar, has to pu t forth a large number of resources dealing with these issues. What kind of intrusion attempt traffic does Google see on a daily basis? How much of Googles resources have to be used to deal with these problems?
Continuing on the idea of a co-host containing the key, you can use a program called vtun to create a secured tunnel between the machines to send data back and forth. My own experience with this problem led to this solution:
1. Firewall / IDS system. This is an absolute must for any company that stores any kind of client information
2. Machine lockdown. The servers that contain credit information run 3 process besides the neccessary system processes: MySQL, Tripwire, and a custom C application that would respond TRUE/FALSE when a credit card # was submitted to it. It also handled recurring billing by having the API for Authorize.net built into it. The only thing customer service could view about a customers credit card is, on a TRUE relpy, it would also send the last 4 card digits. Thats it.
3. Co-host running all other applications.
4. Vtun between the 2 machines. Since one was in Dallas (Customer Service) and the Credit database was in Atlanta, Vtun allowed Dallas to see Atlanta as a local machine, vice versa. This, in conjunction with firewall rules that would only allow one IP to open up to port 22, which Vtun was tunneled thru (woo!! double-tunnel!), seemed fairley secure, although still kind of scary.;)
5. Secure server room. No explanation needed. Not to mention that the back of the server had a secure plate on it (homemade by me, 1/4inch steel welded) that had a tumbler lock on it like those you see on coke machines. No terminal access or case access to someone who got it. It was literally a tank of a case, but the area the server was in couldn't be trusted to provide good security, a fact that was due to bad mangement, NetOps had to take it into our own hands. (I'll find pics of the case, it weighed about 80lbs).
So in summary, the credit server never gave out customer #'s. It would let you know if a number existed in its database, would return the last 4 digits, and would do recurring billing. 2 people had access. The server password was changed every 3 days and was stored in a safe that only those 2 people had access too, mainly because the password was 20 characters/digits long.;)
Anyway, nothing can replace good security practices, and what we had to do might seem WAY overkill, but we had a lot of security issues to worry about, from random people being in the server room, to customer service reps who had felony convictions. (so much for background checks). Hope this helps
Slashdot Mirror
Guess this closes the gap even more for nvidia, brining more of their processes in house.
The Homeland Security push that Bush has instigated is really starting get a very Orwellian feel to it. I'm feel extremely sorry for the friends that I have who practice Islam or are of an Arabic descent.
I think its good that organizations such as OpenBSD are taking the initiative to combat DoS/DDoS attacks. I see a lot of companies such as ISS and SecureWorks blowing smoke about "preventing hacker intrusion" when the real threat these days is worms such as Slammer. I really don't know a whole heck of a lot about DDoS attacks, but I've seen a lot of systems crumble under them, even if the os installed on the systems is unaffected. Wonder when Cisco will start doing things like this with IOS? (Unless they already are?) Discussion encouraged.
I've had a 380XD for a few years now (bought it brand new), and every 6 to 12 months I have had to get a new battery, either IBM or OEM replacements. The laptop only gets used maybe once or twice a week, as it is a network testing machine, and I make sure to let the battery run down to about 10% before I charge it back up. There is definately somthing wrong with IBMs battery management system in their laptops. Additionally, a friend of mine has a newer ThinkPad (not sure which series, but it was purchased in fall of 2000) that suffers the same battery issues.
Makes me wonder how long it will be before someone hacks together some control units, a lawn tractor, and a gps system and some randome patteren generator software and creates an autonomous crop circle generator.
How cool would it be to drop off this contraption in the middle of a field, set some width/height parameters, and let it run free, just to see what you could come up with. Maybe even have it draw fractal patterns or somthing.
Having worked for both a company that outsourced services and a company that handled outsourced services, I've seen both sides of the spectrum.
Companies need to learn what to outsource and what not to outsource. My personal opinion is that large scale projects need to be internal, with only small, specialized sections outsourced to the appropriate firm.
Small business can benefit immensely from handing off, for example, their websites and design services instead of bringing those services in-house. But does a large, multinational firm really benefit from turning these services out to another company? More than likely not, and in the long run it will cost them more.
The last company I worked for handled the website and design services for several large companies, on top of many smaller businesses. The large companies spent, on average, $300-400k per yer for web management and design, whereas the smaller firms only maxed out at around 12-40k per year. Proportionally these services where the same. The larger firms would have benefited from hiring and keeping internal these services.
Just my $0.02.
As a network security analyst, I have to deal daily with intrusion attempts and DDoS, and such. Our company, being a large domain registrar, has to pu t forth a large number of resources dealing with these issues. What kind of intrusion attempt traffic does Google see on a daily basis? How much of Googles resources have to be used to deal with these problems?
Continuing on the idea of a co-host containing the key, you can use a program called vtun to create a secured tunnel between the machines to send data back and forth. My own experience with this problem led to this solution:
;)
;)
1. Firewall / IDS system. This is an absolute must for any company that stores any kind of client information
2. Machine lockdown. The servers that contain credit information run 3 process besides the neccessary system processes: MySQL, Tripwire, and a custom C application that would respond TRUE/FALSE when a credit card # was submitted to it. It also handled recurring billing by having the API for Authorize.net built into it. The only thing customer service could view about a customers credit card is, on a TRUE relpy, it would also send the last 4 card digits. Thats it.
3. Co-host running all other applications.
4. Vtun between the 2 machines. Since one was in Dallas (Customer Service) and the Credit database was in Atlanta, Vtun allowed Dallas to see Atlanta as a local machine, vice versa. This, in conjunction with firewall rules that would only allow one IP to open up to port 22, which Vtun was tunneled thru (woo!! double-tunnel!), seemed fairley secure, although still kind of scary.
5. Secure server room. No explanation needed. Not to mention that the back of the server had a secure plate on it (homemade by me, 1/4inch steel welded) that had a tumbler lock on it like those you see on coke machines. No terminal access or case access to someone who got it. It was literally a tank of a case, but the area the server was in couldn't be trusted to provide good security, a fact that was due to bad mangement, NetOps had to take it into our own hands. (I'll find pics of the case, it weighed about 80lbs).
So in summary, the credit server never gave out customer #'s. It would let you know if a number existed in its database, would return the last 4 digits, and would do recurring billing. 2 people had access. The server password was changed every 3 days and was stored in a safe that only those 2 people had access too, mainly because the password was 20 characters/digits long.
Anyway, nothing can replace good security practices, and what we had to do might seem WAY overkill, but we had a lot of security issues to worry about, from random people being in the server room, to customer service reps who had felony convictions. (so much for background checks). Hope this helps
The haul I made out with this year:
(1) VW Sideview Mirror
(1) VW Jetta Factory Service Manual
(1) VW Replacement Floormats
(4) Wolfsburg edition wheels!
(1) Apartment Catalog from my parents, hint?
Hope everyone had a merry xmas, and shouts to all the people who don't celebrate xmas, hope you had a wonderful day today.