My SCUBA instructor did the same thing - all pink diving gear. It was too big for any of the women he dove with and none of the guys wanted it (or it would at least be quite noticeable if they did take it).
Except in a public company, the final word isn't work the IT supervisor (or even CEO) - it's with the shareholders.
The correct answer (and what I have done in the past) is to call internal audit and run it past them. When it bubbles up that not having controls around powerful accounts is going to show up as an exception on your SEC filing the tune will change.
It is everyone's responsibility, network admin up to CEO, to protect the stakeholders.
...can't simply arrest people in countries that don't have laws against this kind of thing (provided you can track them down). What we can do is try to make it more difficult for them to do their job.
Online crime, agreed - somewhere between don't care and don't understand...
Check out the demonstrations of TouchLight and PlayAnywhere on Andy Wilson's blog: http://research.microsoft.com/~awilson/default.htm l - he's been working on this for quite some time. As I understand it, the surface itself is not a touch screen like in a PDA - the images from the camera are processed to perceive depth and detect a touch when all captured images reach a certain point of intersection. Instead of only detecting a physical touch, the screen can also detect as your hand (or whatever) moves closer or further away from the screen.
What about an additional security device like say... a cell phone? When I go to log in, BoA could SMS a one time use passcode to my cell phone (the number for which they already have on file) - then I have to use my password and the passcode sent to my phone to log in. Something I know and something I have, right there... Even without using text messaging, a computerized voice could read a 6 digit number off to me. It would also have the added benefit of immediately alerting you to someone authorized attempting to access your account.
Why haven't we seen more implementations like this? Seems like the cost of implementation would be pretty minimal...
About 8-10 years ago I was working for a small town ISP. Occasionally when we had customers that were exceptionally bad and taking direction over the phone we would just ask them to bring their computer in so we could work on it (at no charge!). I suggested to a genetleman down the street that he just bring his computer in which flustered him quite a bit as he didn't want to pack up his monitor, speakers, etc... I explained that we had monitors, keyboard, etc at the shop he would only need to bring the main part of the computer... the big piece that looks like a box...
About thrity minutes later the guy shows up, pops his trunk, and brings in a big HP box which his sits in the middle of the floor. Since this is a new computer I just assume he's being extra cautious with his new machine, so I open it and and behold.... The box is empty.
Trying my best to keep a straight face I asked him is this is all he brought, to which he replies "Well yeah, you just told me to bring the box!"
About 8-9 years ago I was working tech support for a small ISP. I was walking a customer through statically assigning DNS server addresses, I give her the primary address to enter and sure enough, I get touch tones in my ear and she's complaining that the number aren't showing up. I ask her if she's pushing the numbers on the keyboard or on her phone - we have a good laugh and she properly enters the numbers using her keyboard.
10 seconds later I give her the secondary DNS server address - what do I hear? BEEP BEEP BEEP pause BEEP BEEP pause... Short term memory wasn't her strong suit...
1 - I agree
2 - Last company I worked for I came across a Win2k machine with a 500+ day uptime. Obviously had escaped our patch management infrastructure as it was quite buried in the network (which I'm sure is the same reason it wasn't swamped with viruses).
Did you see a screen on the device? Looks to me like all you get is a "Motion Detected" light - no real indication of if the motion is from human or animal.
On an unrelated note, what's the deal with the scare quotes on the datasheet? "Detect movements as small as "breathing" behind a wall or door" Come on, do we really need quotes around "breathing". It's just like the (terrible) coffee machine at work - you can get a cup of coffee in "2" sizes!
I agree, but I do think you missed one of the most important elements here... Oracle is obscenely expensive.
Typically if a company has shelled out the cash for Oracle, they'll also have a handful of competent DBAs on staff. Were this Access or MSSQL it would be one thing - I've known plenty of terrible DBAs, but they typically weren't on the Oracle side of the curve.
That being said, I am in complete agreement (and fear) about the competence of most administrators out there.
To an optimist the glass is half full
To a pessimist the glass is half empty
To an engineer the glass was over specced.
Seriously though, the parent poster is correct and depending on the algorithms used the links may not even be that strong, particularly if these were lower volume selling titles (which I really assume the TV series of Planet of the Apes would be...)
"and poof, you get a comand line over the login screen" (emphasis mine)
Boot the system into Linux/PE, rename cmd.exe to logon.scr, load up the registry and modify the screen saver timeout to 60 seconds (so you don't have to wait 15 minutes), reboot the system into Windows. Wait 60 seconds and you get a command prompt.
This is substantially more usefully under Windows 2000 as the screen saver when no one is logged in runs as the powerful Local System account - 2003 runs as Local Service which really doesn't get you a whole lot.
Of course you've got to have physical access to the machine (or a reasonable simulation thereof...) to pull this off, so if this burns you, you probably have bigger problems on your hands...
Maybe you should consider just keeping up with technology? If you're passionate about technology you really should have at least heard about things like the DS, PSP, GBA, iPod, Tivo, XM Radio, the list goes on... I'm no gamer either but hey, it never hurts to understand things outside your specific area of interest. It's like flair I suppose, do you just want to do the bare minimum?
Personally, I find myself doing without my PDA a lot of the time. I carry both PDA and Cell phone at work, but after hours I wind up junking the PDA and just carrying my much smaller cell phone. Even though it would be nice to have the PDA functionality all the time, it's just not worth lugging the thing around... quite the conundrum...
Re:Mo Money! Mo Money! Mo Money!
on
Windows ATMs by 2005
·
· Score: 2, Insightful
"operating system (OS) - The low-level software which handles the interface to peripheral hardware, schedules tasks, allocates storage, and presents a default interface to the user when no application program is running.
The OS may be split into a kernel which is always present and various system programs which use facilities provided by the kernel to perform higher-level house-keeping tasks, often acting as servers in a client-server relationship. " -- FOLDOC
It's not a matter of complexity, an operating system is just a layer between the user and the hardware, takes care of all the background work for you, lay your ATM application on top of that (or even better integrate it in to the OS).
It's unclear how windows-like the ATM OS is/will be, I figure by "stripped down" they mean "the average person isn't going to have any idea this is windows, it just runs on the same kernel and has the ability to interact with other MS designed elements". That being said, I am certainly not pro MS ATM... AFAIK no where in the world does really "important" stuff (life support systems, defense systems, etc...) run anything resembling windows... I would much rather have my bank running something which is historically a little more secure/stable...
According to CNN the car has no doors so it won't leak, therefore you gotta hop in and out just like with a boat. Either gotta be convertible or do it dukes of hazzard style.
Pretty freakin' cool if you asked me.. I'd want to cruise with the top down anyway:)
Slashdot Mirror
My SCUBA instructor did the same thing - all pink diving gear. It was too big for any of the women he dove with and none of the guys wanted it (or it would at least be quite noticeable if they did take it).
Except in a public company, the final word isn't work the IT supervisor (or even CEO) - it's with the shareholders.
The correct answer (and what I have done in the past) is to call internal audit and run it past them. When it bubbles up that not having controls around powerful accounts is going to show up as an exception on your SEC filing the tune will change.
It is everyone's responsibility, network admin up to CEO, to protect the stakeholders.
They'll be stone dead in a moment.
...can't simply arrest people in countries that don't have laws against this kind of thing (provided you can track them down). What we can do is try to make it more difficult for them to do their job.
Online crime, agreed - somewhere between don't care and don't understand...
Check out the demonstrations of TouchLight and PlayAnywhere on Andy Wilson's blog: http://research.microsoft.com/~awilson/default.htm l - he's been working on this for quite some time. As I understand it, the surface itself is not a touch screen like in a PDA - the images from the camera are processed to perceive depth and detect a touch when all captured images reach a certain point of intersection. Instead of only detecting a physical touch, the screen can also detect as your hand (or whatever) moves closer or further away from the screen.
What about an additional security device like say... a cell phone? When I go to log in, BoA could SMS a one time use passcode to my cell phone (the number for which they already have on file) - then I have to use my password and the passcode sent to my phone to log in. Something I know and something I have, right there... Even without using text messaging, a computerized voice could read a 6 digit number off to me. It would also have the added benefit of immediately alerting you to someone authorized attempting to access your account.
Why haven't we seen more implementations like this? Seems like the cost of implementation would be pretty minimal...
Speaking of Microsoft Research... Andy Wilson - Check out the videos for Touchlight and PlayAnywhere - very cool stuff.
...could this be modded "informative"
Wait, nono, I thought it was people can't REMEMBER computer industry acronyms?
About 8-10 years ago I was working for a small town ISP. Occasionally when we had customers that were exceptionally bad and taking direction over the phone we would just ask them to bring their computer in so we could work on it (at no charge!). I suggested to a genetleman down the street that he just bring his computer in which flustered him quite a bit as he didn't want to pack up his monitor, speakers, etc... I explained that we had monitors, keyboard, etc at the shop he would only need to bring the main part of the computer... the big piece that looks like a box...
About thrity minutes later the guy shows up, pops his trunk, and brings in a big HP box which his sits in the middle of the floor. Since this is a new computer I just assume he's being extra cautious with his new machine, so I open it and and behold.... The box is empty.
Trying my best to keep a straight face I asked him is this is all he brought, to which he replies "Well yeah, you just told me to bring the box!"
About 8-9 years ago I was working tech support for a small ISP. I was walking a customer through statically assigning DNS server addresses, I give her the primary address to enter and sure enough, I get touch tones in my ear and she's complaining that the number aren't showing up. I ask her if she's pushing the numbers on the keyboard or on her phone - we have a good laugh and she properly enters the numbers using her keyboard.
10 seconds later I give her the secondary DNS server address - what do I hear? BEEP BEEP BEEP pause BEEP BEEP pause... Short term memory wasn't her strong suit...
spies.
1 - I agree
2 - Last company I worked for I came across a Win2k machine with a 500+ day uptime. Obviously had escaped our patch management infrastructure as it was quite buried in the network (which I'm sure is the same reason it wasn't swamped with viruses).
Phht, call me when you can make an optical mouse out of my old flatbed scanner!
Did you see a screen on the device? Looks to me like all you get is a "Motion Detected" light - no real indication of if the motion is from human or animal.
On an unrelated note, what's the deal with the scare quotes on the datasheet? "Detect movements as small as "breathing" behind a wall or door" Come on, do we really need quotes around "breathing". It's just like the (terrible) coffee machine at work - you can get a cup of coffee in "2" sizes!
I agree, but I do think you missed one of the most important elements here... Oracle is obscenely expensive.
Typically if a company has shelled out the cash for Oracle, they'll also have a handful of competent DBAs on staff. Were this Access or MSSQL it would be one thing - I've known plenty of terrible DBAs, but they typically weren't on the Oracle side of the curve.
That being said, I am in complete agreement (and fear) about the competence of most administrators out there.
To an optimist the glass is half full
To a pessimist the glass is half empty
To an engineer the glass was over specced.
Seriously though, the parent poster is correct and depending on the algorithms used the links may not even be that strong, particularly if these were lower volume selling titles (which I really assume the TV series of Planet of the Apes would be...)
That's at least 15 Libraries of Congress...
I can elaborate...
"and poof, you get a comand line over the login screen" (emphasis mine)
Boot the system into Linux/PE, rename cmd.exe to logon.scr, load up the registry and modify the screen saver timeout to 60 seconds (so you don't have to wait 15 minutes), reboot the system into Windows. Wait 60 seconds and you get a command prompt.
This is substantially more usefully under Windows 2000 as the screen saver when no one is logged in runs as the powerful Local System account - 2003 runs as Local Service which really doesn't get you a whole lot.
Of course you've got to have physical access to the machine (or a reasonable simulation thereof...) to pull this off, so if this burns you, you probably have bigger problems on your hands...
Maybe you should consider just keeping up with technology? If you're passionate about technology you really should have at least heard about things like the DS, PSP, GBA, iPod, Tivo, XM Radio, the list goes on... I'm no gamer either but hey, it never hurts to understand things outside your specific area of interest. It's like flair I suppose, do you just want to do the bare minimum?
It's a Shock and Awe kind of thing
I for one welcome our new superhuman overl....
Eh, nevermind...
Personally, I find myself doing without my PDA a lot of the time. I carry both PDA and Cell phone at work, but after hours I wind up junking the PDA and just carrying my much smaller cell phone. Even though it would be nice to have the PDA functionality all the time, it's just not worth lugging the thing around... quite the conundrum...
"operating system (OS) - The low-level software which handles the interface to peripheral hardware, schedules tasks, allocates storage, and presents a default interface to the user when no application program is running. The OS may be split into a kernel which is always present and various system programs which use facilities provided by the kernel to perform higher-level house-keeping tasks, often acting as servers in a client-server relationship. " -- FOLDOC
It's not a matter of complexity, an operating system is just a layer between the user and the hardware, takes care of all the background work for you, lay your ATM application on top of that (or even better integrate it in to the OS).
It's unclear how windows-like the ATM OS is/will be, I figure by "stripped down" they mean "the average person isn't going to have any idea this is windows, it just runs on the same kernel and has the ability to interact with other MS designed elements". That being said, I am certainly not pro MS ATM... AFAIK no where in the world does really "important" stuff (life support systems, defense systems, etc...) run anything resembling windows... I would much rather have my bank running something which is historically a little more secure/stable...
According to CNN the car has no doors so it won't leak, therefore you gotta hop in and out just like with a boat. Either gotta be convertible or do it dukes of hazzard style.
:)
Pretty freakin' cool if you asked me.. I'd want to cruise with the top down anyway