One more thing to keep in mind: Mold. The heat from the computer plus the humidity in a crawlspace can cause mold. We once housed a server in a small room with a previously unknown leak in the wall. The heat from the server caused so much mold, that everyone in the bottom floor of our office had to be moved until the mold was contained.
This is excellent advice. Contract out the service to professional penetration testers. It takes years of practice to become a good penetration tester (I've been doing it off and on for nearly 12 years).
Also, make sure you understand the difference between:
* Vulnerability assessments.
* Penetration tests.
* Security audits.
The goal of a vulnerability assessment is to identify all vulnerabilities (or as many as possible). It will typically include a vulnerability scan (with a tool like Nessus) of a sample of the network. Make sure you interpret the results of the vulnerability scan into something meaningful for the customer.
The goal of a penetration test should be to provide the organization with an understanding of how (and how easy) the organization can be compromised. In this scenario, you are playing the bad guy. The goal isn't to identify all vulnerabilities, but to gain access. It is typically segmented into external, internal, phishing, social engineering, and physical tests (just follow an employee into the office when they come back from lunch. They will hold the door open for you).
A security audit will be based on the standards that the customer is interested in. Typically, there are a standard set of questions that you have to ask the customer. The customer will then need to explain what they are doing to address the question and show proof. To demonstrate proof that they are following the standards, they can provide evidence. Additionally, you will select a sample of the systems, and have the customer show that the security control is implemented on your randomly selected sample.
Personally, I would like see one of two things happening:
1. Break up Comcast and make the new pieces share infrastructure (so they would have to compete with each other). 2. Allow the merger, but with the stipulation that laws would be put in place to spur competition. Such as allowing municipalities to bulid their own network (like Chatanooga).
While few people actually have a choice, I'm still left wishing I didn't have to choose between AT&T & Comcast.
What I was trying to communicate was let's not think of it in terms of "if it saves one life", but in terms of "if it saves the life of someone I know" (which would have been our case).
I think the argument would have been much different if we were trying to ban cars rather than changing something small to make it a little safer.
Hopefully Intelligent Transportation Systems (https://en.wikipedia.org/wiki/Intelligent_transportation_system) will be mature enough to reduce those accidents/deaths as well. But for now, we will have to be content with 15 - 30 lives.
On a personal note, a close friend of ours lost their child to an accident that could have been avoided with a rear-view camera. Seeing all the pain that they went through, it makes me wish this existed back then.
+1 to the parent. I used to work at SGI and, as you said, this is old news. One small note, unless rackspace is also doing something different, I believe you are talking about Rackable Systems intead of Rackspace.
This might be the first time Intel is doing it with their HW though. If I recall correctly, SGI did it with their MIPS systems.
One advantage of changing your default SSID a vanilla install is that it makes it harder to crack. The SSID is used as salt in the encryption mechanism.
Unfortunately I don't have real data to backup my fading memory... however, IIRC from my previous job experience, spammers pay a fraction of what Amazon is charging to send spam. This isn't to say that someone isn't going to try to abuse the system.
This, however, might be a great service for quasi legal spammers -- businesses that send "newsletters" to customers who "opted in" to receive mail from the business and all of the people they sell personal information to.
Brazil's market stock has a "kill switch" that turns off trading in cases such as these. If the stocks take a nose dive because of a computer glitch or because of a human typo, the kill switch automatically closes the market for that day.
That would be a great feature to add to our stock markets here in the US.
I totally agree with the farmer! From my research, it even has dangerous effects on humans!
Here are some of the symptoms that it causes:
1. Carpal tunnel 2. Distaste for light 3. A tendency to shout out: "First Post" 4. Loss/Gain of gold pieces 5. Disturbing images of cats 6. Lots of accidents that subsequently end up online. 7. Bad writing.
Btw, I got the company that I work for to buy me a netbook w/ Ubuntu and it is very nice!:) They did a good job polishing the OS:) It even included video chat software!:)
There are ways for the hotel to store credit card information without storing the credit card information. There are a various credit card processors (companies) that will accept the customer's credit card and will give you a reference transaction number.
When you need to charge your customer, you can charge them by using the reference transaction number instead of the actual credit card number. That reduces the risk of your hotel being compromised and credit card numbers stolen.
I think aristotle-dude did a great job of explaining of why the lack of full disclosure is a good thing. Please see his post below (if you haven't already).
Actually, I find it interesting that the group wants to make the world a better place by discouraging full disclosure.... the funny thing is that they want to do this by destroying things.
Believe it or not, I saw someone w/ the same or similar disease in Brazil. The boy (guy) was 16-18 yrs old and looked about the same age as the girl in the picture. He was laying in a crib when I saw him. That was over 10 yrs ago, I wonder if the he is still around.
-- This post needs an interesting sig. (might help the mod points)
I believe a good compromise would be to do what the iPod does. It shows the last typed character for a short period of time and then switches over to an asterisk. That way, one one can "easily" look over my shoulder and I can see which letter that I typed.
It might be more fun just to do away w/ password in general and use some other security scheme, like a tongue print.:)
--
This post is in need of a good sig. Suggestions welcome!
The story broke on reddit a few days ago and someone pointed to the whois for the domain, which kinda looks like a troll. At least the hotmail address looks strange.
I think I will second that opinion, the quality of the video is way greater than the quality of the website.
Plus, Microsoft or Asus doesn't appear to link to that website.
Sorry peeps, I really wasn't trying to go for a troll. I just had the urge to get a second first post in my life!
After actually reading the article, I think there is a little merit to the idea that if M$ opens MSN to those countries, it would end up generating advertising revenue through Messenger; It would then be violating the economic embargo that was placed on those countries.
Sorry for sounding trollish!
Without reading the article, I would assume that M$ makes advertising money with its IM.
Because of that, it might be construed that it is doing business with countries that it has no business doing business.
(that was really an excuse for first post...)
Slashdot Mirror
One more thing to keep in mind: Mold. The heat from the computer plus the humidity in a crawlspace can cause mold. We once housed a server in a small room with a previously unknown leak in the wall. The heat from the server caused so much mold, that everyone in the bottom floor of our office had to be moved until the mold was contained.
This is excellent advice. Contract out the service to professional penetration testers. It takes years of practice to become a good penetration tester (I've been doing it off and on for nearly 12 years).
In the mean time, this will get you pointed in the right direction:
http://www.pentest-standard.or...
Also, make sure you understand the difference between:
* Vulnerability assessments.
* Penetration tests.
* Security audits.
The goal of a vulnerability assessment is to identify all vulnerabilities (or as many as possible). It will typically include a vulnerability scan (with a tool like Nessus) of a sample of the network. Make sure you interpret the results of the vulnerability scan into something meaningful for the customer.
The goal of a penetration test should be to provide the organization with an understanding of how (and how easy) the organization can be compromised. In this scenario, you are playing the bad guy. The goal isn't to identify all vulnerabilities, but to gain access. It is typically segmented into external, internal, phishing, social engineering, and physical tests (just follow an employee into the office when they come back from lunch. They will hold the door open for you).
A security audit will be based on the standards that the customer is interested in. Typically, there are a standard set of questions that you have to ask the customer. The customer will then need to explain what they are doing to address the question and show proof. To demonstrate proof that they are following the standards, they can provide evidence. Additionally, you will select a sample of the systems, and have the customer show that the security control is implemented on your randomly selected sample.
Good luck on your new career :)
Personally, I would like see one of two things happening:
1. Break up Comcast and make the new pieces share infrastructure (so they would have to compete with each other).
2. Allow the merger, but with the stipulation that laws would be put in place to spur competition. Such as allowing municipalities to bulid their own network (like Chatanooga).
While few people actually have a choice, I'm still left wishing I didn't have to choose between AT&T & Comcast.
What I was trying to communicate was let's not think of it in terms of "if it saves one life", but in terms
of "if it saves the life of someone I know" (which would have been our case).
I think the argument would have been much different
if we were trying to ban cars rather than changing something small to make it a little safer.
Hopefully Intelligent Transportation Systems (https://en.wikipedia.org/wiki/Intelligent_transportation_system) will be mature enough to reduce those accidents/deaths as well. But for now, we will have to be content with 15 - 30 lives.
On a personal note, a close friend of ours lost their child to an accident that could have been avoided with a rear-view camera. Seeing all the pain that they went through, it makes me wish this existed back then.
+1 to the parent. I used to work at SGI and, as you said, this is old news. One small note, unless rackspace is also doing something different, I believe you are talking about Rackable Systems intead of Rackspace.
This might be the first time Intel is doing it with their HW though. If I recall correctly, SGI did it with their MIPS systems.
One advantage of changing your default SSID a vanilla install is that it makes it harder to crack.
The SSID is used as salt in the encryption mechanism.
Here is an article that describes it in more detail:
http://netsecurity.about.com/od/secureyourwifinetwork/a/WPA2-Crack.htm
Plus... having a goofy SSID is fun :) Mine is "Dialup".
Perhaps even more interesting is what this artist has done in the past.
Check out the wikipedia entry about his life:
https://secure.wikimedia.org/wikipedia/en/wiki/Chris_Burden
It's almost surprising that they let him in the museum.
How long does it take you to have the IP addresses rerouted?
With Amazon's Elastic IPs, it takes seconds to reroute an IP address to another machine. Very handy in situations like these.
Unfortunately I don't have real data to backup my fading memory... however, IIRC from my previous job experience, spammers pay a fraction of what Amazon is charging to send spam. This isn't to say that someone isn't going to try to abuse the system.
This, however, might be a great service for quasi legal spammers -- businesses that send "newsletters" to customers who "opted in" to receive mail from the business and all of the people they sell personal information to.
Brazil's market stock has a "kill switch" that turns off trading in cases such as these. If the stocks take a nose dive because of a computer glitch or
because of a human typo, the kill switch automatically closes the market for that day.
That would be a great feature to add to our stock markets here in the US.
It looks like the page serving out malware is suffering from the Slashdot effect.
You will have to manually install the trojan.
You can get it here: :)
http://microsoft.com/
Hey, just wanted to let you know... awesome addition :)
I totally agree with the farmer! From my research, it even has dangerous effects
on humans!
Here are some of the symptoms that it causes:
1. Carpal tunnel
2. Distaste for light
3. A tendency to shout out: "First Post"
4. Loss/Gain of gold pieces
5. Disturbing images of cats
6. Lots of accidents that subsequently end up online.
7. Bad writing.
Can anyone think of other symptoms?
There are not OS X Netbooks yet, though.
:) I beg to differ! :) Well, you are right, there aren't any Apple sanctioned netbooks. However,
can you build one based off of Dell's mini 9.
http://gizmodo.com/5156903/how-to-hackintosh-a-dell-mini-9-into-the-ultimate-os-x-netbook
Btw, I got the company that I work for to buy me a netbook w/ Ubuntu and it is very nice! :) :) It even included video chat software! :)
They did a good job polishing the OS
There are ways for the hotel to store credit card information without storing the credit card information.
There are a various credit card processors (companies) that will accept the
customer's credit card and will give you a reference transaction number.
When you need to charge your customer, you can charge them
by using the reference transaction number instead of the actual credit card number.
That reduces the risk of your hotel being compromised and credit card numbers stolen.
Hope that helps :)
Hello :)
I think aristotle-dude did a great job of explaining of why the lack of full disclosure is a good thing.
Please see his post below (if you haven't already).
Thanks!
I think they are North Korean.... :) (JK)
Actually, I find it interesting that the group wants to make the world a better place by
discouraging full disclosure.... the funny thing is that they want to do this
by destroying things.
Believe it or not, I saw someone w/ the same or similar disease in Brazil. The boy (guy) was 16-18 yrs old and looked about the same age as the girl in the picture. He was laying in a crib when I saw him. That was over 10 yrs ago, I wonder if the he is still around.
-- This post needs an interesting sig. (might help the mod points)
I believe a good compromise would be to do what the iPod does. It shows the last typed character for a short period of time and then switches over to an asterisk. That way, one one can "easily" look over my shoulder and I can see which letter that I typed. It might be more fun just to do away w/ password in general and use some other security scheme, like a tongue print. :)
--
This post is in need of a good sig. Suggestions welcome!
First Post?
My thoughts exactly. Aka "good cop - bad cop"
I think in this case it was more like, "good cookie - bad cookie" :)
The story broke on reddit a few days ago and someone pointed to the whois for the domain, which kinda looks like a troll. At least the hotmail address looks strange.
I think I will second that opinion, the quality of the video is way greater than the quality of the website. Plus, Microsoft or Asus doesn't appear to link to that website.
Sorry peeps, I really wasn't trying to go for a troll. I just had the urge to get a second first post in my life! After actually reading the article, I think there is a little merit to the idea that if M$ opens MSN to those countries, it would end up generating advertising revenue through Messenger; It would then be violating the economic embargo that was placed on those countries. Sorry for sounding trollish!
Without reading the article, I would assume that M$ makes advertising money with its IM. Because of that, it might be construed that it is doing business with countries that it has no business doing business. (that was really an excuse for first post...)