User: berendes

Any Smithsonian Museum, Washington, DC

on What Examples of Security Theater Have You Encountered?

Scenario 1: My wife carries small black purse (maxes out at Ipod + cellphone + small digital camera) through the door. Guard insists on "inspecting" it by poking inside with a wooden drumstick.

Scenario 2: My wife puts camera in one coat pocket, Ipod in second, cell in third along with the collapsed purse, and walks right through security.

Makes. Me. Crazy.

Why limit this technique to intranet attacks?

on JavaScript Malware Open The Door to the Intranet

I ran the SPI Dynamics proof of concept page and it identified various hosts on our intranet. Of course, the interesting stuff (router, firewall, Snapserver) is protected with non-default passwords, but for convenience's sake, I often stay logged in or Firefox defaults my passwords in, so yikes!.

Questions:

1. Doesn't this really hinge on what you can do with an image url, and if so, why couldn't you use it to screw up my Gmail account (if I'm already logged in), or my credit card account -- anything where there is an easily discoverable fingerprint and protocol for interesting hacking? Why limit yourself to intranet shenanigans?
2. Once you knew what you were attacking (my Netopia router, my Diner's Club online site), what are the limits of what the technology could do?

Cheap, reliable, efficient offsite backup?

on Server Redundancy for a Small Business?

We've (er, I've) struggled with how best to do handle offsite disaster recovery (e.g. building goes up in smoke, or "bad guys" break in, steal everything). Overall storage of about 40gigs in a four person business, me as the CIO/CEO/etc. etc.

Initially, we mirrored a Snap drive to a remote site via rsync, but dropped that when we downsized. We've used Backup Exec to a 30gig tape, but that's finicky - tapes seem to go south for no discernable reason. Currently experimenting with DVD, but it takes lots of disks to do the full backup, and I'm flagging.

How do you do offsite?