maybe his co-workers could complain about horse manure! NOW! That's beuracracy
257 posts • joined 3 Mar 2010
Wishful thinking has no place in computer science
As regards to the interviewing question, I despise developers that ask such a question/have that mindset, since if they were proper developers they'd have already researched the physics (including quantum physics) behind it, before asking the question since, critically, computing is a science.
The same applies to "how many sides on a amplituhedron"
Encryption/hashing/salting of password versus transport layer security / SSL
What you are partially referring to in this article is more, the pci-dss standard...
Im sure even the 'plaintext' password is somewhat transmitted over HTTPS? (SSL / TLS) or at least I hope so, otherwise it wouldn't be pci-dss compliant.
'Rainbow tables' comes to mind when talking about supposedly 'one-way' hashing and salting using commonly available/commercial crypto... which is not too hard to decrypt such hashing / salting, so it doesn't really make an ounce of difference to the 'knowledgeable'...
Next, CESG would advise businesses to use publicly available FIPS...? Or would that be a step too far?
webcaching --- theres the simple answer, oh wait they implemented that on most ISPs about 5 years ago...
if any request frame passes through port 80 or port 443 then cache... log data of what IP, time and URL requested (in the frame)
Similar to how a proxy works... its just mandated at the router...
The actual study they used states:
a) it is suggestive...
b) "there are no studies evaluating the carcinogenic potential of meat in relation to its content of carcinogens."
c) "we performed this study focusing on Spanish population."
d) "the study population should halve the monthly consumption of these foods, and also not to surpass the number of 5 servings of beef/pork/chicken (considered together)."
e) mentions chorizo
Title: An estimation of the carcinogenic risk associated with the intake of multiple relevant carcinogens found in meat and charcuterie products
Harmony in a network
I dont know whether its specific to servers or network infrastructure, since infrastructure is what servers sit and reply on, so they must somehow work in unison.
Heres a metaphor:
The network is like a road, a server is like a petrol station... where the server gets its oil from is just as important as who it serves, but also the effect it can have on its customers vehicles too.
Dodgy batch (patch) of petrol? :-S Or is it 'the standard', 'the design' or 'the implementation'?
The problem is, if a remote administrator can do something, if not thought about whos doing what and when... its possible for others to do too? :-/
Just a thought of metaphorical proportion?
Re: You takes your chances..........
In the UK that could be tricky, since the circumstances of bumping the elbow would be taken into account. Given that presumably, the spilling of the pint is a sub-effect of bumping your elbow and the intention.
Criminal legislation in the UK does somewhat cover this, such as the protection from harassment act / equality act and other legislation may touch upon it (for instance in the computer world, communications act / misuse of computers act / data protection act)
The likelyness is, they would plead not guilty in court, normally, just to bump the cost in a typical 'victory for the victor' duel, which actually then makes it economically unviable from the offset for the average joe that may have to pay for rectification of the matter also (e.g. mental health).
"Once you understand the threat, and you understand, the mechanics of 'how', it works"
Yet his 14 year old nephew, didnt understand the mechanics of it....
It's a rarely static threat, so to determine its mechanics is like, likening electricity flow to some cog wheels turning...
Best get the elbow grease at the ready and all turn into mechanics... *shakes head in hands* the irony!
Possible to detect and monitor... but not so easy to filter out
You can capture just dns requests from a dns server itself using a capture filter, such as this one:
"<CONNECTIONTYPE> host <GATEWAYMAC> and src net <LOCALNET/CIDR> or not src net <LOCALNET/CIDR> and port 53" (optionally omitting "and udp" and changing the port if configured differently)
of course you can specify destinations respectively, if you're doing this further upstream by using:
host <IP> or net <IPRANGE/CIDR> or mask <netmask> if its over multiple subnets
Which will capture all requests and responses to and from... Heres where it gets difficult:
You would just need to apply filters to this, using pattern matching for distinguishing characteristics but there may be need for utilising comparisons within the filters.
so are you saying that TTL, expiry and any cache including an EDNS0 cache timeout are redundant and are of no effect in relation to caches and if that is the case... caches may aswell not exist...
If that is the case, I also think a cached response shouldn't have its own flag assigned to it?
Or, depending upon your network setup... you could implement the use of a router/switches iptables/netfilter (provided it has --match --hexstring and --algo filters) by matching the request for the recursive flag set on usually UDP packets inbound at a certain offset. I believe iptables/netfilter is included within most linux and unix distros. Zeroshell (a linux based router distro) may even allow you to enter raw commands to utilise this.
Wireshark is useful for finding what offset and the dns query flags--- which is the hex string you wish to filter for... you may also apply a rate limiter using the same patterns, but with the rate respectively.
*interjects* You would need a method of applying an address answer limit... but then surely this could also be covered by:
http://tools.ietf.org/html/rfc2827 or http://tools.ietf.org/html/bcp38
it says primarily about forged packets, I assume that would be dns spoofing or even related to cache poisoning? Is there a difference between the two?
All relational to root
DNS amplification Is more to do with forwarding queries to root servers than recursive lookups, if you wish to have a look through some whitepapers, although recursive lookups can play a part of it, hopefully you enabled DNS spoofing/DNS cache pollution protection too and spool size to limit queries to an adjustable level?
Rate limitation only works so far given it can be small but many... the counter to this is big but few
What about 3 Mobile's dns resolvers that queries/matches the ip listed in the SOA record and checks that against the A record... and will fail to resolve if one cannot be resolved successfully... as is, with section 2.4.2 of here: http://www.iana.org/procedures/nameserver-requirements.html
One would assume...
That this model would work, if these three conditions return true...
your contractor has no bias / hangups for whom gets the position and judges purely upon merits AND
big data should be considered a philosophical 'sales term' since... if it is distributed it is, somewhat, modular which forms part of a whole 'architecture' AND
the company is willing to pump in the resources, for what people require to achieve this aim with (this includes trusting your team to do their job properly)...
Some developers, I think are better at coding than others, results will vary depending upon coding style, but you do get incompatibilities between styles, so knowing what resources you have already and what is missing , might perhaps, be best left to a philosopher or even the youth of today (since youth by nature are best at pointing out anomalies)... the downside with that, can be, that it comes with some ego?
A degree in awards anyone?
Configure and manage advanced enterprise virtual computing environment
Monitor and troubleshoot enterprise virtual computing environment
Design and configure enterprise desktop virtualisation
Manage security controls for cloud service deployment
Direct the development of a cloud computing strategy for a business
All of those tasks would probably be worthy of a Noble Award!? no?
"hospitals, dams and nuclear power plants" are out... okay... I'm alrite with that!
What about other power plant types? air traffic systems? maritime systems? mobile systems? satellites (in space) and on the ground (set top box networks?)... internet capable vehicles? even drones? missile systems of not a nuclear ability?
How would one be able to define who and how someone is targetting civilian systems? could a malformed DNS response packet be sufficient?
I reckon this whole cyberwar thing is somewhat, just asking for trouble... :-( *shrugs*