* Posts by usbac

165 posts • joined 4 Oct 2010

Page:

World's largest CCTV maker leaves at least 9 million cameras open to public viewing

usbac

Re: Security? We've heard of it.

We run a bunch of these cheap Chinese cameras at several sites. What we do is put them on their own physical network segment (not VLAN) fire-walled off from the rest of the network. They don't have access to the internet at all. We then run Blue Iris NVR software on rack-mount servers that are on the isolated segment. These servers are accessible from the internet through an enterprise class firewall for certain authorized people.

Any security contractor that installs a camera system that is not isolated from the company's internal network should be sued out of existence.

I once tossed an alarm contractor out of the building when the technicians (with very poor IT skills) insisted on having access to our internal network. I told our CFO to find a more cooperative vendor, and he did.

1
0

Russian rocket goes BOOM again – this time with a crew on it

usbac

"But astronauts are a different breed. They probably said "wheeeee! Can we go again?"

I remember during my flight training the day we went out for spin recovery training. After our first deliberate spin and subsequent recovery, my comment was "that was fun, can we do it again?" followed by a cold stare from my instructor. I was young then. It's amazing how we change when we get older...

12
0

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

usbac

I don't think it's that difficult to do something like what is mentioned in the original article. Everyone needs to understand that the "chips" we see on circuit boards aren't the real chip. The actual die inside the package is much smaller than what we see on a board. The die can be as small as .1mm square. The dies are placed into much larger packages so that they can be soldered to a circuit board.

If properly done, a die could be placed between layers like an embedded via. It would take a great deal of knowledge and skill to do it, but it could be done. With some of the innovative assembly techniques being developed by companies like Apple (as much as I dislike Apple), the Chinese contract manufacturers have been taught how to do some crazy things.

Tapping something like an SPI bus isn't that hard. It's only 4 signals. One could create a chip that would normally be a pass-through, but would change commands when it needed to. I have done quite a bit of SPI software and hardware, and I can see how this could be done. It would be rally hard, but when state sponsored, it's possible.

Our government would not even blink at spending $100 million on something like this. With that kind of money, it would be easy to find a few very talented engineers that could pull this off.

I remember back in the 90's people were opening up ICs and probing them under a microscope in live running circuits to break the encryption on satellite TV receivers. If people will do this to get free TV channels, what do you think a government with nearly unlimited funds can do?

24
0

Convenient switch hides an inconvenient truth

usbac

Re: Surely this shows...

I've worked with many "licensed" electricians in my career, and I'm not sure that would have changed anything here. My experience has been about 50/50. There are many good electricians, but there are just about as many that should never be around electricity!!

From a previous el reg post:

We share a large industrial building with a ball bearing factory (I know, it sounds like a line form Hogan's Hero's!) A while back we had a sudden power outage. Our data center has good UPS backup power; enough for about two hours for all of the systems including cooling.

Senior management called the power company, and they said they would investigate, but that it would likely be the end of the day before they had an answer. So, management sent almost everyone home (almost, meaning I had to stay to shut down all of the production systems when we got close to UPS exhaustion).

So, I had just finished shutting everything down, when my boss and another VP came by and said "let's take a walk next door, and see if they know anything that we don't?" As we are walking around the side of the building, an electrician comes out of a side door. We stop him and ask him what he knows about any of this. He suddenly has a horrified look on his face. He then makes some half-assed excuse about having to check something, gets in his truck, and literally leaves long black skid-marks across the parking lot.

It turns out that the stupid jackass had turned power off to the whole building! There are four very large electrical boxes at the end of the building. Two are for us, and two for the neighbor. None of them are marked, of course. We turned them all back on, since if someone was actually working on something, they would be properly locked-out, right? Needless to say, our boxes are all padlocked now.

20
0
usbac

Dave,

If you use a low voltage control circuit, you need other components like step-down transformers, etc. If this is controlling an entire data center, you want as few components in the circuit as possible. The last thing you need is for a $20 transformer to bring an entire company to it's knees.

16
0

Rookie almost wipes customer's entire inventory – unbeknownst to sysadmin

usbac

Re: And then billed 3 extra hours?

A few years back I bought a fancy new digital oscilloscope. The scope was offered in both a 50MHz and 100Mhz version with about $200 difference in price..

The manufacturer actually went to the trouble of adding parts to make the 50MHz version. They added an RC filter to the input to limit the bandwidth. Someone discovered that you can just lift the capacitor, and you have the 100MHz version (and thus voiding your warranty).

Then, someone else figured out that it's not even that hard. All you have to do is load the firmware for the 100MHz version, and the filter is disabled by software.

It still baffles me that they would spend money to make the scope slower? Why not just offer the 100MHz version only?

13
0

Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security

usbac

@TonyJ

You want to see how fast I can lift one of your fingerprints off of any surface and be logged into your AD account?

There should be no problem finding a copy of your "password" laying around everywhere you have been today...

0
1
usbac

"give users the option of using Authenticator to sign in via a PIN, fingerprint, or face scan on their iOS or Android device."

So instead of a secure password, now we are using a numeric only password (a PIN - that will surely be easier to brute force than a password) or fingerprint (a password you leave a few thousand copies of laying around everywhere you go every day)?

This sounds like something Microsoft would think is progress!!

11
8
usbac

Re: Phones ? really ?

What if you don't have a cell phone? I guess you just don't exist anymore if you don't?

What a fucked up world we live in now...

14
1

No, that Sunspot Solar Observatory didn't see aliens. It's far more grim

usbac

Re: Unconvinced

This is America. We seem to lead the world in overreaction. We practically invented it.

It's what makes terrorism so successful here...

101
0

What's that smell? Oh, it's Newegg cracked open by card slurpers

usbac

Re: Certificate does not equal legimitate - never has

@FlamingDeath

Most browsers would also warn with something like "this page contains insecure content". That should be a big red flag on a checkout page!

I remember when you had to show that you are a legitimate legal entity to get an SSL certificate. Those days are long gone, and now we have this crap. It seems that EV certificates were an attempt to make certificates attributable to a legal entity again.

2
0

If you have to simulate a phishing attack on your org, at least try to get something useful from it

usbac

Re: What's the metric?

The security team member that clicked and tried to enter their credentials should be either reassigned or dismissed. They clearly should not be on the security team!!!

We just started using an outside service for testing for phishing. I sent out the first wave of emails without letting anyone know ahead of time. Even senior management wasn't informed. Frankly, I wanted to know if they would click through?

Fortunately, our CEO very much values efforts to keep us secure, and he has a good sense of humor (and a lot of humility). If he would have fallen for it, we could have just had a big laugh about it. When I told him about the test (a few days later), his response was "good job!, oh crap I didn't open it did I?" No one from senior management fell for the test. That is a very good thing.

I did get a good butt chewing from a couple of managers during the test for not sending out a company-wide email warning everyone about the phishing attempt. This would have of course ruined the test. They understood later when everything was explained, and some apologized.

Out of 45 people, I had 2 open and click the link. No one tried to enter credentials. As people mentioned above, what does this data mean? It's good news, I think? The two people that did click have openly admitted it to everyone, and thus been humorously embarrassed internally. I wasn't going to name names, just speak to them personally. They outed themselves!

Overall, I think it was a successful educational moment. I was very happy that so many people called or emailed me asking about this suspicious email.

What I wasn't mentally prepared for was how to answer the questions like "what should I do?" or "does this email look suspicious?" The fact that the user called me to ask, I considered that a success. What I didn't think through was the effect of, if I told someone that "yes, that does look suspicious, don't open it" they would warn other users. How many of the other users might have clicked through if they didn't get warned ahead of time from other users?

Bruce

3
0

No, eight characters, some capital letters and numbers is not a good password policy

usbac

@vir

Many years ago I worked for a managed services provider that had a contract with a major US bank. We provided support for the entire half of the state.

Their corporate IT folks had a very strict password policy. They required a password change every 30 days, unique passwords, and over 10 characters. What this did however, is to create an environment where no one could remember their passwords. So, on EVERY monitor there was a yellow sticky note with the last few passwords crossed-out, and the current one at the bottom of the list. Even the director for the whole state had the sticky note.

So, in the end, no security whatsoever!

53
0

Abracadabra! Tales of unexpected sysadmagic and dabbling in dark arts

usbac

Re: Case sensor

Many, many years ago I was the service manager at a local computer store.

One day we had this very nice older gentleman come in with a really old PC. He was an accountant, and (you can all see this coming) had no backups. He was about in tears. There was something like 15 years of his clients records on the hard drive that just failed.

We mentioned the option of sending in the drive for data recovery. In those days there were only two reputable companies in the US that did data recovery, and the bill usually ran between $5,000 and $15,000. He told us that he couldn't possibly pay that kind of money (this was in the early 90's).

I told him that I would take a look at the drive, but that we didn't have a clean room, and we might make the drive unrecoverable by opening it. He told me to go ahead and try.

It seems that somehow the drive managed to seek too far towards the outer edge of the platters, and the heads went over the edge. Since they are kind-of spring loaded, they were stuck. So, I very gently spread the heads apart and slipped them back onto the platters. What do you know, the drive worked again. The fact that I opened it in a dusty back room meant that the drive would not run very long, but it ran long enough for me to get the data off of it.

We sold him a new drive, copied his data to the new drive, and he was off and running. The joy on that man's face made up for a lot of the BS from cranky customers we otherwise had to put up with! I kept a copy of his important data in our safe on a zip disk for quite a while, as I figured that even after this event, he would never back up his data.

42
0

When's a backdoor not a backdoor? When the Oz government says it isn't

usbac

Re: If Apple didn't knuckle under to the FBI

Well, if Apple, Google, Samsung, etc. stop importing devices into Australia, how long do you think the political career of these idiots will last? If all of the device manufacturers put a note on all of their websites like "* devices are not available in Australia, contact your MP for details why." how long do think this nonsense will last?

We will see how long the citizens of Oz like living in North Korea?

12
0

'Unhackable' Bitfi crypto-currency wallet maker will be shocked to find fingernails exist

usbac

Re: Business plan

You forgot part 3b:

3b) Make the rules of the so-called bounty program so razor thin that you can wiggle out of paying the bounty.

8
0

Early experiment in mass email ends with mad dash across office to unplug mail gateway

usbac

Re: alert emails

Years ago I was working on writing a new alert system for HVAC in our data center. I missed a flag in code and sent about 1000+ text messages to both my boss and myself (personal cell phone).

My boss went from fairly pissed off to laughing his ass off when I explained to him that HE had unlimited texting, however I pay 25 cents per text!!

6
0

Sen. Ron Wyden: Adobe Flash is doomed, why is Uncle Sam still using it?

usbac

At some point soon, I intend to block Flash at our corporate firewall. I know I will hear a lot of wailing, but I'm very tempted to see how broken the web will be for our users.

If the C-suite folks don't scream too loud, I might get away with it!

I demanded that our in-house web developers remove flash from our sites years ago. There was a lot of whining about it but I simply told the developers that I'm going to block Flash access to our sites on a specific date. I told them that when some executive asks why our sites are broken, I would send them to the web developers.

I've been putting a lot of pressure on any vendors still using Flash. We'll take our business elsewhere, kind of pressure. Some are complying, some aren't.

2
0

No big deal... Kremlin hackers 'jumped air-gapped networks' to pwn US power utilities

usbac

Re: More detail please

@DougS,

There was a research paper a while back where they were able to re-program the microcontroller in some USB flash drives to turn them into a keyboard emulator.

What do you know, it was on El Reg...

https://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/

11
0

Fix this faxing hell! NHS told to stop hanging onto archaic tech

usbac

Re: User story

How about option 4 - set things up properly so users can easily email scanned documents?

4. Place document on scanner, select your name on the touch-screen, press scan. Go back to your PC and find the reasonably named document under the folder "Scanner" in your "My Documents" folder, right-click, then send as attachment. Done.

With modern VOIP phone systems, supporting FAX machines is an absolute nightmare. Yeas, I know T.38 and all that, but just try to make it completely reliable. We tried for about a year, and about the fifth time some executive comes in on a rampage about their FAX not going through, you give up and order an analog line. We run a consumer call center on VOIP, and yet our one analog FAX line costs about 1/2 of our total monthly phone costs!

11
1

Insurers hurl sueball at Trustwave over 2008 Heartland megabreach

usbac

I don't think anyone in IT security has ever thought that being "PCI Compliant" means you are un-hackable. It just means that you maintain a certain baseline level of security.

No one is un-hackable, and if you think you are, you are delusional. It's really just a matter of how hard you are to hack, and is it worth the time of the hacker to break in? High value targets will always have a very hard time keeping systems secure.

I'm sure Heartland paid huge insurance premiums for years. The insurance companies (like someone above noted) are just trying to double-dip. It's sort of pathetic to bring the lawsuit after 10 years.

7
1

Security guard cost bank millions by hitting emergency Off button

usbac

Re: Exit the Cleaner

@ gnasher729

A similar thing happened here. We share a large industrial building with a ball bearing factory (I know, it sounds like a line form Hogan's Hero's!) A while back we had a sudden power outage. Our data center has good UPS backup power; enough for about two hours for all of the systems including cooling.

Senior management called the power company, and they said they would investigate, but that it would likely be the end of the day before they had an answer. So, management sent almost everyone home (almost, meaning I had to stay to shut down all of the production systems when we got close to UPS exhaustion).

So, I had just finished shutting everything down, when my boss and another VP came by and said "let's take a walk next door, and see if they know anything that we don't?" As we are walking around the side of the building, an electrician comes out of a side door. We stop him and ask him what he knows about any of this. He suddenly has a horrified look on his face. He then makes some half-assed excuse about having to check something, gets in his truck, and literally leaves long black skid-marks across the parking lot.

It turns out that the stupid jackass had turned power off to the whole building! There are four very large electrical boxes at the end of the building. Two are for us, and two for the neighbor. None of them are marked, of course. We turned them all back on, since if someone was actually working on something, they would be properly locked-out, right? Needless to say, our boxes are all padlocked now.

Our CEO sent the bill for all of the lost work to the company next door. He suggested they pass it on to the electrician's insurance company.

It took me the rest of the day to get all of our systems back up and running.

15
0

Sysadmin shut down server, it went ‘Clunk!’ but the app kept running

usbac

Re: DEC Engineer

@The First Dave

"This is _exactly_ why you MUST let the outside person do it. He might be more likely to make the mistake, (though is more likely to check things properly beforehand,) but when things go wrong, it's not _you_ that gets the bullet."

Back when I worked in consulting, I often thought that was the reason we were there. I though the in-house guys were more than capable of doing some of the projects we worked on. I think the reason they called us was to have someone to blame if things turned to shit!

8
0

IBM memo to staff: Our CEO Ginni is visiting so please 'act normally!'

usbac

Re: "Act normally! Ginni and the team are here to see what Austin is really like."

@IT Hack

Our CEO eats his self-packed lunch in the break room with the rest of the staff.

Everyone shares the same tables, from VP's to forklift drivers in the warehouse. None of this elitist bullshit here!

20
0

Trainee techie ran away and hid after screwing up a job, literally

usbac

Re: He started a new life

@Phil

"I've never understood what drives normal, non-psycopathic, people to take up dentistry anyway, even if they were competent with power tools. Yet they do. Funny old world, sometimes."

To me there is a long list of professions that I wouldn't want to do, but like dentistry, I'm very glad someone does! It gives me a lot of respect for those people.

12
0

Cops: Autonomous Uber driver may have been streaming The Voice before death crash

usbac

Re: Dick Heads

I really do like the concept of recording "parallel" data sets. I think where the concept breaks down is that it would only work if the human driver was a highly trained professional driver. Letting just any driver be the source of one data stream isn't going to be a big help. Look at how many terrible drivers are on the road. Would you want them to be the "control" data set with which to compare the computer's idea of how to drive?

4
1

Amazon staffers protest giant's 'support of the surveillance state'

usbac

Yeah, they think pressuring their CEO for doing what CEOs are supposed to (even required by law, in some cases) do for their companies, is going to help. The CEO is legally responsibility is to generate as much revenue for the company as possible.

These same people (who I happen to agree with), need to focus on voting out the oppressive, power hungry scumbag politicians that are buying these service from Amazon.

Even though I agree with what they are saying, if I was the CEO, I would tell them to go work elsewhere if they don't like the work they are doing. If they were my employees, they would do the work assigned to them, or they would be gone.

As people above have said, there is a consequence for standing up for one's beliefs. If you aren't willing to accept the consequences, then why should anyone listen to you? That's the problem today, people moan and wail about things, but aren't willing to sacrifice for their beliefs. Not many anyway. We've become a society of cowardly complainers.

6
3

US Supreme Court blocks internet's escape from state sales taxes

usbac

Re: Death and Taxes

We run several e-commerce websites. We already subscribe to a service that provides a web-API to calculate sales tax based on the full address of the customer. They handle the tax holidays, etc. They also deal with the other "ouch" here, remitting to each state (and having to fill out each states confusing sales tax form).

Remitting is actually the worst part of this mess.

3
0

Hold on. Here's an idea. Let's force AI bots to identify themselves as automatons, says Cali

usbac

Re: The bill is probably sponsored by telemarketers...

Does this mean I have to make "Lenny" play an announcement first? That will kill most of the fun...

1
0

Microsoft gives users options for Office data slurpage – Basic or Full

usbac

Re: Firewalls?

I actually put this question to our Firewall vendor. We are a corporate customer with a paid support agreement. I put in a feature request to be able to block "Telemetry" from the various software companies. I asked for telemetry to be a category in their web blocker module. They already have a long list of categories like adult, hate speech, advertising, etc. Each category has various sub-categories. I thought that having telemetry as a category, and each slurping asshole company be a subcategory would be perfect.

I knew they would never do it. The pressure from Microshaft, Adobe, etc. would be too much. I just wanted to see them squirm. At first their approach was to ignore the feature request. So when our sales rep called about a major upgrade and support agreement renewal, I told her that we are considering switching to PFSense, and oh, by the way, what about the feature request that wasn't ever answered?

After that little poke, I did actually get an answer from a manager in software development. Their explanation was actually fairly legitimate. They agreed with the need for it, and confirmed that I'm not the first customer to ask for it. They gave me several good reasons why it's not workable. The first was the wack-a-mole problem of many (hundreds of) IP addresses that change constantly. Then, they said that Microshaft has tied Windows Update into the same servers that receive the telemetry. So, blocking the telemetry at the firewall would break Windows Update. There is a similar problem with Adobe they said. If you run Adobe's rent-ware Creative Suite (which we do), it will stop working if you block their telemetry.

So, as long as we have to run the crap from Microshaft and Adobe, we are stuck. If I owned the company, we would be 100% open source. It's possible to run a company on open source, one just needs to have the balls to do it. For us, it's not even all that big of a stretch. Several of our major systems already run on Linux servers, and have both Windows and Linux clients. Others are web browser based, and the client doesn't matter. The killer apps for us are MS Outlook, and Adobe Creative Suite (which to be run on Macs - almost Linux). Man I wish there was an open source replacement for Outlook!

7
1

Sysadmin hailed as hero for deleting data from the wrong disk drive

usbac

"And OS/2 booted up instead of Windows"

So, it was an upgrade?

6
0
usbac

No need for physical drives

I do something very similar, but with a cool little tool called Drive Snapshot. I make an image of any PC I need to reload/refresh before blanking the hard drive. I put the images up on a NAS share that only I have access to.

Drive Snapshot allows you to mount an image as a local drive. So, when the inevitable "I know I told you about everything I needed backed up, but I forgot this one extremely important file/folder/etc." situation comes around I can mount the image and retrieve the file. It happens all the time. Here it's usually the damned Excel macros that people don't think about.

I could even recover the entire bootable drive if I really had to. I haven't had to go that far yet.

2
0
usbac

Placebo effect

I would guess that most of us here have at one time or another, told a user that we made a change that will speed things up/fix a problem/etc?

My experience is that it works more than half of the time. I will frequently try it first (based on who the users is, and past history). If the first "fix" doesn't do the job, I will go on from there...

4
0

Zookeepers charged after Kodiak bear rides shotgun to Dairy Queen

usbac

Re: Sense of humor

This was a very young bear raised by humans at a zoo. It was about as dangerous as the neighbor's German Shepherd.

These people were trained zookeepers with extensive knowledge of animal behavior. I would trust their opinion much more than local law enforcement. We all know what geniuses most local law enforcement officers are!

35
30
usbac

Sense of humor

Wow, here I am thinking that having a sense of humor was being outlawed here in the US. Now I find out that Canada is following along with us! Poor bastards!

29
14

You have GNU sense of humor! Glibc abortion 'joke' diff tiff leaves Richard Stallman miffed

usbac

Re: concern about the potential offensiveness of the words

@ handleoclast

I wish I could up-vote you 100 times. That's about the best explanation of the current political situation I have ever read.

As an American, I think our founding fathers would be disgusted by the far ends of either party. If you look at very early American history (early for us anyway, a mere few hundred years), the political parties associated with by our founding fathers don't look anything like our current political parties.

2
1

Skype for Business has nasty habit of closing down… for business

usbac

Re: Why are people still on 32-bit windows

Because some of us have business critical software that won't run on 64-bit Windows. Some of it due to driver issues.

I'm typing this on an i7 Quad Core PC with Windows 7 32-bit installed! It's too much grief to constantly launch VMs for daily tasks.

13
0

Fatal driverless crash: Radar-maker says Uber disabled safety systems

usbac

Re: The Shape of Things to Come...

You talk like any tech company has ever stood behind their product. For the last 20 years or so the tech industry has been rushing buggy insecure products out the door to beta testers (paying customers). None of them have ever cared if their products actually work, why do you think autonomous vehicles would be any different?

It's an industry mentality now...

16
0

The e-waste warrior, 28,000 copied Windows restore discs, and a fight to stay out of jail

usbac

@jabuzz

The new Dell PCs coming in with Windows 7 installed (but are actually licensed for Windows 10, yuck!), don't have COA stickers anymore. They do have the Windows 7 key in the BIOS so if you use a Dell Windows 7 CD, it will install and auto-activate. But, there is no sticker anymore.

3
0

Aching bad: 'Kingpin Granny' nicked in huge prescription drugs bust

usbac

This is the US. It seems that a "Resisting Arrest" charge is automatically added to each arrest. Kind of like VAT.

I think if you told the cops "I give up" and actually put the handcuffs on yourself, you would still be charged with resisting arrest.

Since the purpose of the court system is for plea bargaining, this gives them a little more leverage. It's like having cash in hand when bargaining for a new car. It's that little "extra".

21
0

Uber and Waymo sitting in a tree, S-E-T-T-L-I-N-G

usbac

Re: Aw

This is like watching a really good movie, that ends too soon without a satisfying ending.

3
0

Fella faked Cisco, Microsoft gear death – then sold replacement kit for millions, say Feds

usbac

"I once tried to convince a small firm that it would be much cheaper to buy their networking kit off the grey-market and buy double what they needed. That way they can have a fully configured device on standby should one of the primaries fail. This would be a)much cheaper and b)much quicker."

We actually do that here. When we buy some major new piece of network gear, we usually get at least a year of warranty with it. By the time we purchase it, it's usually been out for a year or more. So, by the time the warranty is out, I can find a used one on ebay for less than the cost of an extended service contract. When the used one gets here, I load the current config image for the device it's meant to replace. Then, I have a drop-in replacement! Much easier than having to overnight a new unit with systems down.

I have found that even with supposed same day support contracts, the techs usually have to overnight in a part anyway. So much for same day support. If you question it, they point out that the contract only promises that a tech will be on site the same day.

The best part is that I usually get to take home the ebay purchased item once it's determined that we don't need a spare anymore.

3
0

You want wires with that? Burger King backs, er, net neutrality

usbac

We can at least hope this presents the issue in a way that the typically apathetic Joe Public can understand. I frankly don't care if Burger King gets a little extra publicity out of it, if it helps to get the issue in the minds of people that wouldn't care otherwise.

At my workplace, most of the people I talk to have no idea what Net Neutrality is, or why it's so important. When I explain it to them, they get it. I just don't have time to go around and explain it to the other 330,000,000 people that need to understand it.

26
0

The Reg visits London Met Police's digital and electronics forensics labs

usbac

Re: At leas the article demonsrates a point I have been making for a while

Especially using fingerprints. What good is a "password" that you leave lying around at least 1000 places every day!

7
0

Hot chips crashed servers, but were still delicious

usbac

Re: My keyboard stupidity.

"(caps lock is the worst thing ever to be put on a keyboard)."

Agreed! At our company I have a number of users that do everything in all-caps. I sit at their computer and try to log in, only to find their Caps-Lock on! When I comment, the answer is always "x system requires everything to be in capitals". My answer is always "there is not a single system in our company that requires all capitals". Doesn't change anything.

I swear, one evening I'm going to take a screwdriver and break all of the Caps-Lock keys off of every keyboard in the company. I wonder if anyone makes a keyboard without Caps-Lock? I could be a product idea?

4
0

Funnily enough, no, IT admins who trash biz machines can't claim they had permission

usbac

Re: I've, umm... done most of that stuff

Same here!

This brings up a really big question. I've done all of these things. I think, even forwarding the boss's email somewhere else. All done legitimately, as part of doing my job.

Where does the line exist? Do I need to get written permission every time I delete a backup. Format a server? Change contact info with one of our cloud provides? Since I haven't been expressly given permission to do these things, am I breaking the law each time? It sort of opens a can of worms, doesn't it?

11
6

Oregon will let engineer refer to himself as an 'engineer'

usbac

Re: Oregon is a nanny state

I agree. I used to think the "can't pump your own gas" was a control freak thing. We live in a neighboring state, and our gas prices are higher than they are in Oregon, and I have to freeze my ass in the winter and fry my ass in the summer to pump my own gas. Suddenly the idea doesn't sound too bad!

24
5

Looking through walls, now easier than ever

usbac

We're getting ready to build a new house (owner builder), and I'm really considering wrapping the whole thing in foil that's properly grounded.

It would kill cell phone usage. However, maybe our guests would actually want to talk instead of just sitting with their face stuck to their goddam phones. My long time best friend from out of state visited with his wife a while back, and I don't think he had his iCrap out of his hand for more than 10 minutes the whole weekend!

2
0

Spy-on-your-home Y-Cam cameras removes free cloud storage bit

usbac

Re: Stuff like this is why I went with a host it yourself camera system

I did something similar. Being generally frugal with tech stuff, and always wanting control of my gear, I built my camera system myself.

I bought a bunch of the cheap (<$30) HD IP cameras off of Ebay. They work great by the way. I then installed Blue Iris ($59) on an old PC running Windows 7 (yes, I know, Windows yuck!), and it works very well. I have all of this on it's own network heavily fire-walled from the internet. This way the cameras can't phone home with god knows what in their firmware, nor are they accessible from the internet.

The best part of all of this is, no cloud bullshit. The whole system will work without any internet connection at all. And, I have about 30 days worth of storage.

7
0

Amazon Key door-entry flaw: No easy fix to stop rogue couriers burgling your place unseen

usbac

"What I would suggest to Amazon is to incorporate local storage to cache video, and log lock activity, until the [Wi-Fi] signal is restored. It's not a perfect fix – a bad guy can just continue DoS'ing until the storage fills up or cycles through – but it would increase the complexity to exploitation significantly."

Why wouldn't the thief just take the obvious looking camera with them? I mean if you are set up the jam the wireless, you would be expecting to see a camera mounted somewhere pointing at the door, right?

These "security researchers" make a suggestion like this, but really didn't think it through, did they. I hope they aren't going to be doing our next security audit!!!

3
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018