I wish I still had mod points left to mod parent up to 5, insightful.
I would like to know how many REAL hours of work this particular CEO puts in on average per day. The average shouldn't include 1.) Meetings that could be done remotely but instead end up being at a venue several miles a way requiring 1st class travel expenses as well as lodging 2.) meetings that don't really get anything done/are not well planned (and never had the intention of being productive) 3.) time he spends making bullshit comments like the one mentioned in TFA
This guy is pioneering digitizing life (something that on this scale, is for the most part unexplored territory). He just might be ahead of his time, this might become the norm in 10-20 years. You assholes are doing nothing but putting him down. Do you think he's an idiot? Do you know how hard it is to develop something as intricate as the site he made? Could you have done any better? Shut the hell up. _You're making fun of nerd on a nerd news site_. Furthermore this nerd will probably be more successful and make more of an impact than any of the negative commentators' lives combined (plot that on your own life graph you fuckwits). Don't be so short sighted, just because you can't see the implications yet because you made fast judgement. Your time might be better spent thinking about how you can do even half as much as what this guy has done. I really hope he never reads this news site or at least has the sense to gloss over the meaningless commentators.
Anything that can be psychologically addictive.. ANY substance. The problem is that the white house was vague about whether they were referring to psychological or _physical_ addiction. The latter meaning that when you quit your body shows sign of extreme withdraw. I guess you could also question the ambiguity of 'extreme' too tho
Do you feel as though law is finally catching up with technology when it comes to computer security or are we pretty far off still?
Do you think that current law does a bad job of protecting security researchers and if so why? Which laws make their life living hell and what is the best way to avoid confrontation with the feds?
Don't get yourself in the situation where you have to defend yourself from people that want your info that badly. Disk encryption is fine, sure it drains battery. But i'd say 99% of people that get your laptop from there will give up. If you have to worry about the other 1% your life is pretty whacked. Or you are in the military and they have standards you should be following.
Right on the money buddy. If you're trying to attract intelligent and stable partners it should only be obvious you should present yourself like that as well. Common sense right? But some people can't figure out what they want.
when google gives us free high-speed access and tons of other services to which we will all benefit greatly! But the cost will always be our privacy. Understand google's profit comes from advertising and then piece together how they will benefit. I'm not in favor.
Lets all remember anything Google does "for free" is not "for free" it is for strategic advantage. I just see this being abused for more targeted ads. Akamai is also a partner of Microsoft. I'm not saying this wont be a good service or if there will be privacy issues but lets all remember that a company of any size has no reason to do anything for free, even the most basic of charity is good PR at the very least.
How can this be used for more targeted ads you ask? Quite simple really. If they host the content they have every right to scan the content. Lets take images for example, we know they have the capability of doing a full image search. They scan their hosted images add tags to them then every time a visitor goes to your site Google will record how many page views you get/record the client IP. This IP can be later used to connect to a Google account, thus providing more targeted ads in your subsequent searches. We all have to look at the big picture. I can only see Google's stocks rising.
A side effect of punishing researchers is that there will now be a deficit in that field for the next 10 years. In other words, Japan will be importing talent. Time to start learning Japanese:) Dewa, hajimemashou ka?
If I were google sitting on 30+ million usershtey should say to the public we've reached over 10 million in the first week(not untrue)! If they release their numbers like that their competitor(s)(facebook) will be not only shocked but stunned when they go 100% public.
I beg to differ. A lot of these crackers and producers of spam flinging malware live in countries where the median monthly income is lower than what I'd make at McDonalds in a day. Poverty begets crime. Idiots beget spam opening. An initial investment is only time. Skills are free but when all you have is time it becomes your #1 resource even if you cant afford a testing lab, QA team, etc. (Btw the big spam rings no doubt function no different than any other software producing company which is why I used those examples).
That is lovely. You make it sound so simple. Just go in and delete the files and then fix the MBR it's no sweat.. Actually I couldn't disagree more. This assumes you know where the virus is and that it hasn't already corrupted existing windows executables (PE infection isn't hard). Antivirus signatures may catch a couple but it's more than likely that there will be more than one virus on the system that has been reported to be infected. The reason is the viruses get in from the same places and it happens repeatedly. Also even if the antivirus detects it to be one variant of a virus there could be 12 more strains that reside in 12 other places all waiting to restore their functionality upon removal. The shitty thing about money getting into the malware scene is that now a loss of a computer is less of a return on investment, redundancy is almost assumed.
The only way to be sure is a full system restore. Backups are essential but I wouldn't back up any executable or dll files...
Light (couldn't think of a better one)! It is my understanding that sudo is a setuid binary and that being true makes it one of the most dangerous code bases on a system. The more 'fine-grained' you get the more of an attack surface you expose just by the difference in code size. Sudo has already its share of vulnerabilities with the size that it is. KEEP IT SIMPLE STUPID!
Antibiotics are taken after an infection. The problem is most people aren't taking their vitamins (user e-d-u-c-a-t-i-o-n). It may have been acceptable 10 years ago to not know the basics of preventative security measures but now you cannot afford to have an employee that doesn't know.
The botnet distributed mining can be considerably more potent and profitable if your targeted 'user' base is computers with high value GPUs and such. Think gamer forums. I wouldn't be surprised if a lot of gaming mods/hacks will not start inserting a little bit of extra functionality to keep their creators' bills paid.
I'm just hoping they dont get their paws into our encryption keys by exploiting power fluctuation attacks.
(http://www.darknet.org.uk/2010/03/boffins-crack-openssl-library-using-power-fluctuations/) Does any knowledgeable nerd know if that is feasible? I'm a pessimist and I assume everything the government does benefits us (or them) in more than one way. Is the smart grid the biggest backdoor to come yet?
I agree with the parent. Also this is possibly the dumbest form of drug transportation I have ever seen in my life (dont ask).
Two points of failure: this rolling metal brick totally stands out and the tires are not reinforced. Armor or not if you find yourself in an immobile vehicle you're just asking to get gassed. If you can't drive in an area with your loot without turning heads and painting a giant target on your forehead then your mode of transportation is largely ineffective.
What then?? after you've taken all the steps described in the above comments it's well worth the time to design an incident response plan.
The best security is one that admits that it can be defeated, a layered approach is best. After they've hacked the webserver where can they go from there? your SQL server will be wide open.
Consider using a grsec patched kernel, chrooting your webserver and restricting everything that isn't absolutely necessary. Grsec supports the feature to prevent binaries from executing on a specified chroot, this may prevent many attacks that would escalate their access. Don't provide compilers, don't have perl/ruby/etc available unless you need to. They may be able to penetrate with a staged payload dropping the privilege escalating exploit at the end and in this case the chroot may restrict their access. If they do manage to break past the chroot you want a fully configured RBAC system. Root shouldn't mean ring 0 in most cases. Disable loading kernel modules, disable/dev/kmem access, disable write access to boot directory and require password at reboot (this prevents them from loading a new unrestricted kernel).
If you can afford it put a bridged firewall/IDS between the webserver and the database. Log everything, make sure your alerts work! Alerts are extremely important in that you can detect a hack in progress and possibly prevent further data extraction! Use white-listing instead of blacklisting. Only allow the absolute minimum. The idea here is that you want to reduce your attack surface as much as possible whilst still keeping functionality.
That is just on the IT aspect tho. Consider the scenario in which an employee goes rogue: disable firewire port (DMA attacks are easily possible), disable usb ports, lock the server room, immediately lock out/revoke IDs to an employee about to be fired (preferably before they're fired), and for god's sake screen your applicants.
Slashdot Mirror
http://www.wombatsecurity.com/phishguru
I wish I still had mod points left to mod parent up to 5, insightful. I would like to know how many REAL hours of work this particular CEO puts in on average per day. The average shouldn't include 1.) Meetings that could be done remotely but instead end up being at a venue several miles a way requiring 1st class travel expenses as well as lodging 2.) meetings that don't really get anything done/are not well planned (and never had the intention of being productive) 3.) time he spends making bullshit comments like the one mentioned in TFA
This guy is pioneering digitizing life (something that on this scale, is for the most part unexplored territory). He just might be ahead of his time, this might become the norm in 10-20 years. You assholes are doing nothing but putting him down. Do you think he's an idiot? Do you know how hard it is to develop something as intricate as the site he made? Could you have done any better? Shut the hell up. _You're making fun of nerd on a nerd news site_. Furthermore this nerd will probably be more successful and make more of an impact than any of the negative commentators' lives combined (plot that on your own life graph you fuckwits). Don't be so short sighted, just because you can't see the implications yet because you made fast judgement. Your time might be better spent thinking about how you can do even half as much as what this guy has done. I really hope he never reads this news site or at least has the sense to gloss over the meaningless commentators.
Anything that can be psychologically addictive.. ANY substance. The problem is that the white house was vague about whether they were referring to psychological or _physical_ addiction. The latter meaning that when you quit your body shows sign of extreme withdraw. I guess you could also question the ambiguity of 'extreme' too tho
Do you feel as though law is finally catching up with technology when it comes to computer security or are we pretty far off still? Do you think that current law does a bad job of protecting security researchers and if so why? Which laws make their life living hell and what is the best way to avoid confrontation with the feds?
Don't get yourself in the situation where you have to defend yourself from people that want your info that badly. Disk encryption is fine, sure it drains battery. But i'd say 99% of people that get your laptop from there will give up. If you have to worry about the other 1% your life is pretty whacked. Or you are in the military and they have standards you should be following.
I didn't do it.
Right on the money buddy. If you're trying to attract intelligent and stable partners it should only be obvious you should present yourself like that as well. Common sense right? But some people can't figure out what they want.
when google gives us free high-speed access and tons of other services to which we will all benefit greatly! But the cost will always be our privacy. Understand google's profit comes from advertising and then piece together how they will benefit. I'm not in favor.
http://www.gossamer-threads.com/lists/apache/dev/401638 -- someone has got a patch. Keep those fast moving script kittens at bay
When 3d printers are capable of creating 3d printers the first steps of many paths will begin... LOL!
In plain English: google wants to control all your pipes and use information in said pipes to further their ad revenue.
How can this be used for more targeted ads you ask? Quite simple really. If they host the content they have every right to scan the content. Lets take images for example, we know they have the capability of doing a full image search. They scan their hosted images add tags to them then every time a visitor goes to your site Google will record how many page views you get/record the client IP. This IP can be later used to connect to a Google account, thus providing more targeted ads in your subsequent searches. We all have to look at the big picture. I can only see Google's stocks rising.
A side effect of punishing researchers is that there will now be a deficit in that field for the next 10 years. In other words, Japan will be importing talent. Time to start learning Japanese :) Dewa, hajimemashou ka?
Um is it just me or does it seem like they're applying the Starcraft 2 ladder's ranking system? Embarrassing
If I were google sitting on 30+ million usershtey should say to the public we've reached over 10 million in the first week(not untrue)! If they release their numbers like that their competitor(s)(facebook) will be not only shocked but stunned when they go 100% public.
I beg to differ. A lot of these crackers and producers of spam flinging malware live in countries where the median monthly income is lower than what I'd make at McDonalds in a day. Poverty begets crime. Idiots beget spam opening. An initial investment is only time. Skills are free but when all you have is time it becomes your #1 resource even if you cant afford a testing lab, QA team, etc. (Btw the big spam rings no doubt function no different than any other software producing company which is why I used those examples).
The only way to be sure is a full system restore. Backups are essential but I wouldn't back up any executable or dll files...
Light (couldn't think of a better one)! It is my understanding that sudo is a setuid binary and that being true makes it one of the most dangerous code bases on a system. The more 'fine-grained' you get the more of an attack surface you expose just by the difference in code size. Sudo has already its share of vulnerabilities with the size that it is. KEEP IT SIMPLE STUPID!
Antibiotics are taken after an infection. The problem is most people aren't taking their vitamins (user e-d-u-c-a-t-i-o-n). It may have been acceptable 10 years ago to not know the basics of preventative security measures but now you cannot afford to have an employee that doesn't know.
The botnet distributed mining can be considerably more potent and profitable if your targeted 'user' base is computers with high value GPUs and such. Think gamer forums. I wouldn't be surprised if a lot of gaming mods/hacks will not start inserting a little bit of extra functionality to keep their creators' bills paid.
I'm just hoping they dont get their paws into our encryption keys by exploiting power fluctuation attacks. (http://www.darknet.org.uk/2010/03/boffins-crack-openssl-library-using-power-fluctuations/) Does any knowledgeable nerd know if that is feasible? I'm a pessimist and I assume everything the government does benefits us (or them) in more than one way. Is the smart grid the biggest backdoor to come yet?
Two points of failure: this rolling metal brick totally stands out and the tires are not reinforced. Armor or not if you find yourself in an immobile vehicle you're just asking to get gassed. If you can't drive in an area with your loot without turning heads and painting a giant target on your forehead then your mode of transportation is largely ineffective.
The best security is one that admits that it can be defeated, a layered approach is best. After they've hacked the webserver where can they go from there? your SQL server will be wide open.
Consider using a grsec patched kernel, chrooting your webserver and restricting everything that isn't absolutely necessary. Grsec supports the feature to prevent binaries from executing on a specified chroot, this may prevent many attacks that would escalate their access. Don't provide compilers, don't have perl/ruby/etc available unless you need to. They may be able to penetrate with a staged payload dropping the privilege escalating exploit at the end and in this case the chroot may restrict their access. If they do manage to break past the chroot you want a fully configured RBAC system. Root shouldn't mean ring 0 in most cases. Disable loading kernel modules, disable /dev/kmem access, disable write access to boot directory and require password at reboot (this prevents them from loading a new unrestricted kernel).
If you can afford it put a bridged firewall/IDS between the webserver and the database. Log everything, make sure your alerts work! Alerts are extremely important in that you can detect a hack in progress and possibly prevent further data extraction! Use white-listing instead of blacklisting. Only allow the absolute minimum. The idea here is that you want to reduce your attack surface as much as possible whilst still keeping functionality.
That is just on the IT aspect tho. Consider the scenario in which an employee goes rogue: disable firewire port (DMA attacks are easily possible), disable usb ports, lock the server room, immediately lock out/revoke IDs to an employee about to be fired (preferably before they're fired), and for god's sake screen your applicants.
increased divorce rates and HD porn. Single horny men in a surplus with a higher res outlet for spank? The equation couldn't be more simple.