Um. Have you ever used Tor? Did you read the article or even the summary? There is NO MENTION of any vunerabilites in Tor. You are implying that Tor is back doored or somehow otherwise vunerable. This is not the case or what happened here. The information gathering occured via sniffing of an exit router.
Yeah thats really a lot more effort then I am willing to go through. I make a very nice salary and can certainly afford the $5.00 a month for reliable listings. I really don't want to have to run Wine and hope that microsoft doesn't change the format of the listings or "update" the service to only work with Windows.
The thread below mentions various security and monitoring in place around large cash transfers. How about you just have them send you a paycheck for the rest of your life? Then your set for life:)
Make it so you could send an activation code to delete data at any time, and any attempt to remove the virus would cause data to be deleted. So the threat would constantly be there, and they would know about it but would not do anything. If they go to the police you simply activate the delete process.
Nice clean simple and you are set for life. Look like a normal citizen (get a paycheck, pay taxes) and yet don't have to work at all. And no messy red tape or alternative interogration techniques to worry about:)
Right. I am not sure if the GP really knows about PCI compliance or is blowing smoke. If his organization does a "tremendous number of credit card transactions" and he "leads the systems administration team " then I worry about that organization and team.
Also you can perform your own scans. An external vendor is not required. You simply need someone certified in PCI vulnerability assessment. In a large organization, a security team should have one or more people with this certificiation.
Very well said. And yes you are correct in that the majority of LEO RFI (upwards of 90%) are for garden variety crimes and not related to national security. I have been involved with a number of LEO RFI related to money laundering and other financial crimes. All rather rotuine and boring. Also a lot of anti fraud investigations (people had credit cards compromised and used and the ILEO needed transaction records for court cases).
If you work in finance/retail, your organization really should have a policy for handling LEO engagement. Well finance or retail institutions that do any sort of volume.
Um. I did read your entire post. You mention that I didn't several times. If I didn't read your post how could I have replied to it?:) Try again grasshopper. Try again.
Yes I am well aware of that. A number of large organizations do not have disaster recovery for back end systems either. I know this for a fact based on first hand experience at a number of organizations.
Um. That is old news. The decision was reversed and the decision was made to not include proprietary video drivers with Linux. Also Ubuntu distributes a lot of software with the kernel under all sorts of licenses. That is perfectly legal and is in fact called out in the GPLv2 as an explictly ok example.
Um. Huh? What? Why will this be subverted? You mean at the factory? How is this any different then other virtulization solutions? The problem with being to focused on security and theory (which seeing that you just got your Phd means you have been for several years) is that you tend to forget real word details.
Any system isn't 100% secure. We know that. So what is the point of bringing this up? Virtulization is a very useful technology in a whole lot of areas. Especially security. Makes it much easier to seperate out functions etc.
Please don't spread any more FUD then is already in the world.
Um. Its a bit more complicated then that. People buying servers to run VmWare are buying big beefy boxes. The per unit profit is much higher then standard commodity boxes.
Hmmmmm. I wasn't aware that T-mobile was blocking any ports. I can get to everything I need straight from my phone via EDGE. That includes 993/443/80/25/22. If they are, I would recommend contacting customer service and asking them to remove the block. I have been ultra impressed with the cutomer service reps. They seem to be very knowledgable and helpful. Also the online support (http://support.t-mobile.com/productSelector.html) is quite exhaustive.
Um. All companies exist to make money. Why do we need to use phrases like "line there pockets" which typically has a negative connotation. T-mobile is doing something very innovative and cutting edge here. I think thats a good thing. If it makes them more money then so be it.
No. People have not been charged for using hotspots. They have been charged with tresspassing (like the case of the coffee shop guy). Please don't spread rumors and false information.
Um. You misread his post. He said something LIKE java. Not java. Now I am not sure why one would want a common language runtime (whether that be Java/Parrot/.NET) in the kernel level but maybe I am just weird.
I have some questions about your post.
What is AoE?
AoE is a SAN technology. Similar to Fibrechannel (but far less expensive) or iSCSI (but far simpler and more efficient). How is AoE simpler then iSCSI? I have deployed both Fiber Channel (very difficult and a major pain) and iSCSIS (which takes about 5 minutes. Plug in ethernet cable, configure interface, install iscsi tools, mount storage). I agree that Aoe is most likely more efficent as its closer to layer one.
having to put in a dedicated 250G disk which is the minimum you can easily buy these days and waste a lot of disk and power to run it. Um. I don't agree that 250G disk is the minimum you can easily buy. Both Dell and HP sell smaller versions (36 and 72 gb).
Um. Cobbled together iPhone? I am not aware that gumstix makes touch screens. Or are you planning to add one on via the expansion capabilities and some sort of custom case? If so that sounds like a very interesting project.
Ah you had to bring up PCI compliance. Something that happens to be a particular area of expertise for me.
The compliance bodies DO NOT CERTIFY software. They certify compliance. The entire point of PCI is to state an end goal NOT HOW TO GET THERE! Having done PCI compliance for a major financial services firm/credit card processer (using entirely open source software), I can indeed say that using Open Source (Osiris/Nessus etc) is completely fine and acceptable.
The documentation required by PCI has nothing to do with software. It has to do with procedures and process, and capturing your execution of those processess/policies/procedures.
Just because you have read the standard, doesn't make you an expert. Yes it gives many examples. It doesn't require any specific implementation or software. If it did, it would never fly.
You are wrong grasshopper.:)
Wow you really think your all that and a cake baker too. I highly doubt you are who you say you are. If you really were a CEO:
1) You would never ever speak of saying your IT dept is under orders.
2) You wouldn't be posting to/.
3) You would have better grammar, punctuation and spelling.
Try again.
Um. Everyone trademarks there product name. Including the most ardent of free software distros Debian (Software in the public interest owns the trademark). If the name wasn't trademarked I would be very wary. If you don't have enough belief and passion in your product to trademark it, I don't want to even consider using it.
I am curious as to the source of your number here (95%). Is this just an off the cuff number, or do you have some sort of metric based tracking you use in your investigations? Also you don't give any information about the types of companies you are investigating. Or how many you have looked at.
For all I know, your some 22yo who has done a security audit at a couple mom and pop shops. (Not that I have anything against 22yo as thats how old I am). I just happen to have quite a bit of experience and versatility for my age (see my website and resume or talk to anyone who uses Linux in the SoCal area).
Slashdot Mirror
Um. Have you ever used Tor? Did you read the article or even the summary? There is NO MENTION of any vunerabilites in Tor. You are implying that Tor is back doored or somehow otherwise vunerable. This is not the case or what happened here. The information gathering occured via sniffing of an exit router.
Yeah thats really a lot more effort then I am willing to go through. I make a very nice salary and can certainly afford the $5.00 a month for reliable listings. I really don't want to have to run Wine and hope that microsoft doesn't change the format of the listings or "update" the service to only work with Windows.
The thread below mentions various security and monitoring in place around large cash transfers. How about you just have them send you a paycheck for the rest of your life? Then your set for life :)
Make it so you could send an activation code to delete data at any time, and any attempt to remove the virus would cause data to be deleted. So the threat would constantly be there, and they would know about it but would not do anything. If they go to the police you simply activate the delete process.
Nice clean simple and you are set for life. Look like a normal citizen (get a paycheck, pay taxes) and yet don't have to work at all. And no messy red tape or alternative interogration techniques to worry about :)
Right. I am not sure if the GP really knows about PCI compliance or is blowing smoke. If his organization does a "tremendous number of credit card transactions" and he "leads the systems administration team " then I worry about that organization and team.
Also you can perform your own scans. An external vendor is not required. You simply need someone certified in PCI vulnerability assessment. In a large organization, a security team should have one or more people with this certificiation.
Very well said. And yes you are correct in that the majority of LEO RFI (upwards of 90%) are for garden variety crimes and not related to national security. I have been involved with a number of LEO RFI related to money laundering and other financial crimes. All rather rotuine and boring. Also a lot of anti fraud investigations (people had credit cards compromised and used and the ILEO needed transaction records for court cases). If you work in finance/retail, your organization really should have a policy for handling LEO engagement. Well finance or retail institutions that do any sort of volume.
Um. I did read your entire post. You mention that I didn't several times. If I didn't read your post how could I have replied to it? :) Try again grasshopper. Try again.
Yes I am well aware of that. A number of large organizations do not have disaster recovery for back end systems either. I know this for a fact based on first hand experience at a number of organizations.
After 9/11, every IT organization on the planet began making sure there was some form or fail-over to a backup system or disaster recovery site
Um no? A number of large organizations do not have a disaster recovery site. Just the other day Cisco.com was down for a few hours.
Um. The systems that control aircraft are completely seperate from systems used to manage passengers.
Um. That is old news. The decision was reversed and the decision was made to not include proprietary video drivers with Linux. Also Ubuntu distributes a lot of software with the kernel under all sorts of licenses. That is perfectly legal and is in fact called out in the GPLv2 as an explictly ok example.
Um. Huh? What? Why will this be subverted? You mean at the factory? How is this any different then other virtulization solutions? The problem with being to focused on security and theory (which seeing that you just got your Phd means you have been for several years) is that you tend to forget real word details. Any system isn't 100% secure. We know that. So what is the point of bringing this up? Virtulization is a very useful technology in a whole lot of areas. Especially security. Makes it much easier to seperate out functions etc. Please don't spread any more FUD then is already in the world.
Um..... cause its a whole lot less expensive the Outlook+Exchange+W2k3 that's why.
Um. Its a bit more complicated then that. People buying servers to run VmWare are buying big beefy boxes. The per unit profit is much higher then standard commodity boxes.
Hmmmmm. I wasn't aware that T-mobile was blocking any ports. I can get to everything I need straight from my phone via EDGE. That includes 993/443/80/25/22. If they are, I would recommend contacting customer service and asking them to remove the block. I have been ultra impressed with the cutomer service reps. They seem to be very knowledgable and helpful. Also the online support (http://support.t-mobile.com/productSelector.html) is quite exhaustive.
Um. All companies exist to make money. Why do we need to use phrases like "line there pockets" which typically has a negative connotation. T-mobile is doing something very innovative and cutting edge here. I think thats a good thing. If it makes them more money then so be it.
No. People have not been charged for using hotspots. They have been charged with tresspassing (like the case of the coffee shop guy). Please don't spread rumors and false information.
Um. You misread his post. He said something LIKE java. Not java. Now I am not sure why one would want a common language runtime (whether that be Java/Parrot/.NET) in the kernel level but maybe I am just weird.
AoE is a SAN technology. Similar to Fibrechannel (but far less expensive) or iSCSI (but far simpler and more efficient). How is AoE simpler then iSCSI? I have deployed both Fiber Channel (very difficult and a major pain) and iSCSIS (which takes about 5 minutes. Plug in ethernet cable, configure interface, install iscsi tools, mount storage). I agree that Aoe is most likely more efficent as its closer to layer one. having to put in a dedicated 250G disk which is the minimum you can easily buy these days and waste a lot of disk and power to run it. Um. I don't agree that 250G disk is the minimum you can easily buy. Both Dell and HP sell smaller versions (36 and 72 gb).
Other then that I think its a good writeup.
You mean like the open source Funambol (formerly called sync4j)? http://www.funambol.com/
Um. Cobbled together iPhone? I am not aware that gumstix makes touch screens. Or are you planning to add one on via the expansion capabilities and some sort of custom case? If so that sounds like a very interesting project.
Cloud based is a common phrase. At least for people who are in the industry and using Service Oriented Architecture, and part of a supply chain. :)
Ah you had to bring up PCI compliance. Something that happens to be a particular area of expertise for me. The compliance bodies DO NOT CERTIFY software. They certify compliance. The entire point of PCI is to state an end goal NOT HOW TO GET THERE! Having done PCI compliance for a major financial services firm/credit card processer (using entirely open source software), I can indeed say that using Open Source (Osiris/Nessus etc) is completely fine and acceptable. The documentation required by PCI has nothing to do with software. It has to do with procedures and process, and capturing your execution of those processess/policies/procedures. Just because you have read the standard, doesn't make you an expert. Yes it gives many examples. It doesn't require any specific implementation or software. If it did, it would never fly. You are wrong grasshopper. :)
Wow you really think your all that and a cake baker too. I highly doubt you are who you say you are. If you really were a CEO: 1) You would never ever speak of saying your IT dept is under orders. 2) You wouldn't be posting to /.
3) You would have better grammar, punctuation and spelling.
Try again.
Um. Everyone trademarks there product name. Including the most ardent of free software distros Debian (Software in the public interest owns the trademark). If the name wasn't trademarked I would be very wary. If you don't have enough belief and passion in your product to trademark it, I don't want to even consider using it.
I am curious as to the source of your number here (95%). Is this just an off the cuff number, or do you have some sort of metric based tracking you use in your investigations? Also you don't give any information about the types of companies you are investigating. Or how many you have looked at.
For all I know, your some 22yo who has done a security audit at a couple mom and pop shops. (Not that I have anything against 22yo as thats how old I am). I just happen to have quite a bit of experience and versatility for my age (see my website and resume or talk to anyone who uses Linux in the SoCal area).