"Just need an Arthur Dent now."
Wears the tee?
3042 posts • joined 29 May 2007
"Just need an Arthur Dent now."
Wears the tee?
"IT remains a ludicrous and most lucrative speciality which resists all attempts at commoditization"
I used to think that about firewalls in general, and I suppose it has taken a long time for the youngsters to be nipping at my heels (I should have been feeling that 10 years ago!) but I think the tools will become more streamlined and integrated, allowing lower skill levels to at least take part, if not excel.
" are they fully deserving of the penalties that result from not having the best that is available."
If this were just some international company then they could live or die by their decisions and only their stakeholders and employees would be in the firing line. Unfortunately the impact of a serious hack on this particular client could have knock-on effects to us all in more ways that I can contemplate. Think half a dozen boulders thrown into a very deep lake of irregular shape, the ripples would be felt for some time. I can only advise however, not dictate, but I continue to resist all attempts at shoddy solutions in the face of extreme bureaucracy :)
"a stroll on the other side of the fence"
I spend a lot of time thinking of ways to break in to my solutions, including leveraging my privileged access and knowledge. As long as I can stop myself breaking in and nicking all the cookies it should stand a reasonable chance against an outsider, assuming they are not a state player of course - I make no such assumptions on that score ;)
I started out in network software and then that became 'commoditized' by the tcp/ip stack being bundled with windows.
I moved into networking and that went the same way, but this time by the process of time and number of people getting CCNA certs with their breakfast cereal.
So I moved into security and I have been noticing the same kind of process happening again.
However, the further down this path we go, the more conceptual some of the actual details and the harder it is to just throw bodies at the equation (well you can, but the quality goes down).
So, the next level appears to be security intelligence - the application of security in complex environments - which requires specialist tools and knowledge - neither of which come cheap.
I'm currently involved in deploying some security products for a large client and they are all starting to talk to one another and to logging/alerting systems and it's all looking pretty good - but we are still at the stage where we are bolting all these things together and bending virtual wires with our brains to make them into the shapes we want - and the software licences aren't exactly cheap either.
For example, a multi-billion profit organisation is penny pinching and trying to cut as many corners as possible to deploy all this kit. All told it will be about $10m up to testing and BAU handover.
The problems really start then, because you need specialists to manage all this equipment and there are no 'experts' yet - so we become experts in the process of building it all and normalising the client network etc., but this means that the high level support that will prevent all this stuff turning into shelf-ware will cost about $1m/year.
Doesn't sound that much considering the assets it will be protecting, but this multi-billion dollar profit organisation is quibbling and considering outsourcing a lot of it just to save a couple of hundred $k.
So, if we have big organisations deploying expensive tools that need specialists to bolt it all together and keep it working (think of a team of racing car mechanics) trying to pinch a penny - what is the likelihood of smaller organisations a)buying the stuff in the first place and b)spending the money to make it run properly?
"SDN could allow a change in network configuration that is transparent to the attacker"
..and also transparent to the owners of the network until it is too late perhaps? Or not at all if they don't have the real-time tools to tell them what is going on and to ensure a gaping hole hasn't just been punched through their network.
Still, the more people do this kind of stuff, the more of a market it creates for people like me, but I shudder to think of how much will get broken before this level of the security tree gets commoditized.
"head right back to Skyrim"
I've just started playing Skyrim (recently saw the whole lot on special offer).
Gotta say I'm enjoying it. Knowing from past experience you can only experience these things for the first time once I am going steady and not rushing through anything.
At one point I used the restoration potion upgrade cheat to get buffed equipment and magical items etc. but I'm selling all that stuff off now as it made things too easy, no sense of fear :)
""Diary strike on my position!""
I can schedule you in for next week.
+1 for "gawk holes"
"Stick your inner child back up your arse"
You sound like a bureaucrat*.
**apologies to anyone sensitive to such harsh language.
"... if our spies spent more time spying on the baddies instead of pissing around creating ever more elaborate mass surveillance programmes for domestic use."
But that would be against their current charter, after all - the 'baddies' aren't the enemy - the public is. None of the 'baddies' can remove their power, and they are doing their damnedest to ensure the public cannot either.
Do I hear the tones of an operatic female vocal indicating substantial body mass?
Best BOFH for ages, proper lol'd at the Bourne protocol :)
This is a very thorny subject, prone to misinterpretation (both deliberate and accidental).
What about the threat of Sharia Law which would seek to remove a lot of our freedoms?
Do we allow it to be promoted unhindered (total free speech) to the point where it becomes normal and so no longer have total free speech.
Or do you try and curtail it (limited free speech) in order to prevent total free speech from being lost (which it already has - but you still have some i.e. paradox).
We *have* been too tolerant of those wishing to undermine our way of life by importing alien cultural influences into our island nation en-masse in my opinion.
I have no problem with immigration, but if someone comes to this country then they should adopt this country's ways - not seek to destroy them in favour of their own cultural habits.
The problem is that government (and more usually - councils) tend to take a foot should you give them an inch. These kind of proposals of restriction are dangerous and need to be closely monitored by an external, independent, oversight body (that is also not exempt from FOI).
Possession of socks and sandals with intent to wear
"Teresa May can't"
I blame the baryonic photino birds - ftw!
"I am not a dumbass"
Well, perhaps he would convince me if he made his clients take a polygraph about being undercover cops *before* training them.
Arrogance is a gateway crime apparently.
tcp/ip - don't you mean http?
so where is the 'Windows 10 Secure' version? That's the only one I would be even remotely interested in.
I might be a bit out of touch but I wish games developers/publishers would focus more on Linux. Perhaps someone could start up a project to develop a 'standard gaming' variant to make life simpler for the developers. Kickstarter?
Which average? Mode, median, mean?
"The Japanese launched Ikaros five years ago next week."
I think the time travel aspect is of worthier news than a light sail!!
Bargain...sign me up.
They owned Tucows? Who knew.
To be honest I would be more impressed if they came up with a way of re-programming the headset button(s) to be able to mute a fucking call instead of disconnecting it like I'm used to on my BB.
I've tried loads of different apps supposedly capable of changing the operation, but none of them work. So in order to mute/unmute I have to have the phone in my hand/on the desk in front of me and open in order to quickly go on mute (should my dog start barking insanely at a bee or something for example).
Can't be too hard can it? Apparently it is. Official support response is to use the 'mute' button on the screen. (This is on an S5)
Life, don't talk to me about life.
100% agree. It will probably resemble the event horizon of a black hole.
Here ya go
Collected over $8.5m if you can believe that.
A search will bring up more of the shameful details of how fucked up this planet has finally become. Not that I'm bemoaning the creation of such a card game, but there are worthier causes for people's excess cash I'm sure.
Isn't this the kind of thing that Kickstarter would be ideal for?
Or do people only put money to card games of exploding kittens?
Agreed. I read "It doesn't help that the younger characters – who are supposed to be intelligence agents – come across more like Johnny English than James Bond." and I thought it was a true representation of the slide into mediocrity that our education systems seems to be on (or passed and well on the way to digging to new levels depending on who you vote for).
I've always thought that to help reduce congestion on the roads that trucks should be allowed a 'booster' button that can be used once every 30 mins (or whatever is deemed most efficient) in order to be able to quiclly pass another truck and get back into the inside lane - especially useful on dual carriageways I would think.
The number of times you see a tail-back forming behind two lorries trying to out-drag one another isn't funny.
"Perhaps some of the more techie guys here can show me where to look?"
Are you just looking at inbound stuff? You really need to be looking for outbound stuff.
Pick some times when you know you won't need your net connection and lock the firewall/router down during that period and log all the traffic attempts (whilst your machine is connected of course and not running anything that you initiated).
Then sift through the stuff you find with a packet analyser for anything dodgy looking and investigate what it is.
Alternate exercises include the use of a conical bath made of ebony and some white sand - but that's really only for experienced network analysts :)
"Oh, that's just HR drones for you"
If only that were true. This was the guy in charge of the banks' security consultants.
"McGrath says the irony of blundering spooks listing OPSEC as a skill is not lost on him."
Considering some of those listed appear to be disillusioned with the whole shebang you can't help but think some of those posting project names are doing so deliberately.
I was once asked in an interview why they couldn't find me on Facebook etc. and thought it was suspicious that I didn't have an account. Considering what I do for a living I explained that providing that much detail is asking for my personal equipment to be compromised and along with it potentially all their internal security designs. He got the point in the end but I was dismayed at having to point this simple fact out at all!
How did everyone get to comment on this article?
The whole thing was 'removed' from the reg front page, but digging around I managed to get the article - and then there wasn't a link to the comments section. I had to fudge the URL to get to this page.
I can give you two bits of advice to counter Google and Facebook, and you don't have to buy my book to get them either:
1. Don't use Facebook
2. Don't use Google (use Duckduckgo for example)
Not perfect, I know - but it's a good start.
Next week: Setting up VPN's with exit points in countries with better protection laws than our own.
"..because the power from Solar and Wind only occurs during daytime hours."
I'm pretty sure I've woken up to a missing shed roof before now, and I don't think it was the pixies!
I always liked "Chair to Keyboard Interface Error"
Considering how widespread internet access is these days there is not much excuse for not self-educating.
For some reason The Truman Show sprang to mind when I read all that - How will it end?
"Genuine question, what do I realistically need to have seen to watch this film?"
This isn't a sequel to My Left Foot you know :)
The i.net is dead, all hail the e.net.
Also of note in this presentation was that the original site (reportedly a government site although we have no proof of that) was running a default password on the back end server, which was also handily stored in a backup folder in plain text.
The other (important) aspect of the exploit was that once uploaded, you could view the uploaded image, forcing the web server to run the code.
It was also quite instructional on how to leverage a basic shell once obtained to delve deeper into the network. Lots of simple things could stop this exploit going any further than the DMZ if you take the time to look at how it's done.
fyi all the datestamps from the video presentation were from August last year.
Still interesting to see how simple it is to circumvent the firewalls just by hijacking existing processes. I didn't know any details about metasploit before this video.
Don't worry, they'll just pass a law saying that accessing these things will constitute a terrorist activity and that will sort everything out.
I have a very tender nerve in my groin, when tweaked unexpectedly it results in a sharp 'knee-jerk' reaction into whatever is in front of me.
The principles behind it could prove of benefit to 3d-engines though.
Imagine specific code for 'rocky terrain' based on machine learning using a large batch of 2d pictures as the source material - you'd never see the same rock twice.
Repeat for all other types of terrain, mix them up with some basic rules about what goes next to what and what that should look like and you can build a unique planetary landscape. Add in some villages/towns/cities/transport etc. and you could, in theory, add massive replayability to sand-box games by having a different world to play in every time you start a new game.
Or is that a bit ambitious?
How about using some reversed audio for a particular sound effect?
eg. ID number spoken, reversed and blended into a sound effect for a wheel-cart going over a bump?
or what about a blacksmith hammering out an id number in morse code?
There are a number of opportunities available.
la la la I'm not listening
"Maybe the Universe is a big Mobius strip, huh?"
My personal experiences lead me to believe it is Torus shaped.
During one very deep meditation on the fabric of space-time I delved into the realm of the very small, at a certain point I realised that the small was representing the large and that I had 'wrapped around' so to speak. As I continued to go smaller I ended up back where I started - only by this time I was 'looking' at the back of my own head*. YMMV.
*I've never tried this thought experiment by going 'large' first, I expect it would end up like I was looking in a mirror.
My knowledge and understanding of this subject is severely limited by a tiny brain, so I will stick to asking a question.
Is it possible that there is some form of naturally occurring anti-gravity that pushes the fabric of space apart rather than bringing it together (perhaps at the baryonic level)?
So, with all that water hanging around waiting to be scooped up, all we need to do is crack fusion and we can be on our way to the stars?
So, 20 years then? Grand.
"Thank you for admitting you just like to buy lots of gimmicks"
You are welcome :) I could probably build a half-decent gaming rig from spare parts that are kicking around, let alone the near 10 year old Core-i7 sat gathering dust in the other room, or the two NUC's that are stuffed in a drawer waiting for me to do something useful with them :)
However, they won't quite deliver what I would want, because half the fun of a good gaming rig is overclocking the shit out of it without deafening yourself or flooding the place with de-ionised blue water :P
Once I get settled in my new house it will defintely be OR time, and new gfx card for the old gaming rig and an ssd and I will be cooking with binary bits :D
"At a brick and mortar store, I cannot pay with credit card info."
Not entirely true. I managed it once (at a hairdressers of all places) where I convinced the lady on the till to process a 'cardholder not present' transaction because I have all the card details stored in my memory.
So, not a normal thing to do, but it does prove it is possible :)