×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Should Disney Require Its Employees To Be Vaccinated?

Minupla Re:its a tough subject (653 comments)

Sure, over an evolutionary timespan. Assuming that the disease in question kill before you can give birth, and that they kill enough of the population to be impactful in an evolutionary sense.

Call me soft though, I'd prefer we solve this problem in something less then an evolutionary timescale. I kinda care about the kids who'd die otherwise.

Min

3 days ago
top

Apple Agrees To Chinese Security Audits of Its Products

Minupla Re:Absolutely fair.. (114 comments)

Hrmm, this might work out well for us non-govt people.

Consider:

NSA: "Apple, you must let us 'review' your code. We'll keep our findings to ourselves, you can't tell anyone"
Apple: "OK"
NSA digs through code, finds exploits, locks them up for future weaponization ...
China: "Apple, we'd like to "review" your code. We're going to tell the world about it"
Apple: "OK"
NSA: "Crap, now those evyl Chinese will find our exploits. Darn, I guess we'd better tell Apple to fix them after all or the Chinese will be spying on us!

At the end of the day, the best we can hope for is that the various spooks keep each other honest.

Min

3 days ago
top

Insurance Company Dongles Don't Offer Much Assurance Against Hacking

Minupla Re:Time for the Ransomware (199 comments)

Sadly the relevant research shows that while you would like this to be the case, it isn't.

If you'd like to know more, look at the defcon conference videos for the last few years.

Just as a for example, I'll direct you to this article:

http://www.nytimes.com/2011/03...

There was also a talk this last year that went into the architectural design of the car's network, and showed that in most cases there was no device between the head end unit and the sensitive items in a car, and where there was it wasn't a security device, merely a signal management unit, and the presenter expected to be able to jump it. But again, typically if you get access to the bus, you can talk to anything you want. There was also a lovely bonus bit where they showed you could update the to an arbitrary unsigned firmware due to some sloppiness in the process. (if you cut the power at the right time, the recovery process didn't do the appropriate checks. Once they got in and could analyze the python scripts being used, they discovered if you wrote a specific character (I think D but my memory could be playing tricks on me) to the right sector of the CD, it would bypass the signature checks and just update the firmware.

Engineers are generally smart, but they also tend to design to the specifications. If you don't TELL them to consider an attacker in their designs, they don't.

Min

5 days ago
top

Insurance Company Dongles Don't Offer Much Assurance Against Hacking

Minupla Re:Time for the Ransomware (199 comments)

No need to do such extreme damage, when the same effect can be achieved with a simple fuse on the positive voltage line of the port. Suspicious activity? Burn the fuse-- BAM-- port is dead, but easily fixed.

Doesn't protect against other attack avenues that have either been hypothoized or demo'd though. The entertainment unit always seems popular. Trojaned CD in the player, for example or exploit against the bluetooth system. Hey I wonder what happens to that cute bit of software that displays what song the FM station is playing if the station sends YourPawnedxxxxxxxxxx....?

I'm not sure most of the security sector put it together that someone might voluntarily install their own remotely exploitable device into the bus in sufficient numbers to be interesting. Guess we should know better then to underestimate the power of a discount!

(I do agree with the rest of your post btw.)

Min

about a week ago
top

Elon Musk's Proposed Internet-by-Satellite System Could Link With Mars Colonies

Minupla Re:The return of echomail . . . (105 comments)

lol - exactly what I thought. Where's my floppy with OMMM (opus matrix mail masher, fidonet's answer to sendmail!).

Min

about a week ago
top

Insurance Company Dongles Don't Offer Much Assurance Against Hacking

Minupla Re:Time for the Ransomware (199 comments)

Just as a point of interest, there was a talk at Defcon last year where someone built a IPS (intrusion prevention system) for the bus of the car. It turns out that the communication matrix for a car is a very static system. The parts of a car that communicate with each other do so often (e.g. Engine controller and injection system), and predictably. Other parts that don't (e.g. entertainment system, or that ODBII plug from the insurance company and the traction control system) never do. So it's possible to build a device that models the system by listening on the bus and if it suddenly sees new traffic patterns shorts out the bus, leaving you with a less smart, but still on 4 wheels and not careening into oncoming traffic, car.

Seems like something the OEMs should be looking into.

Min

about a week ago
top

Simple Rogue WiFi Hotspot Captures High Profile Data

Minupla Re:some things for any judge to consider (67 comments)

An open network connection at a security conference. That's either a honeypot or a freebie.

This. At the security conference I attend (defcon), assuming you got drunk enough to be dumb enough to connect an open hotspot, you'd be thanking your lucky stars if the worst that happened to you was getting on the wall of sheep (which is essentially the same stunt this guy pulled, with the information projected on a wall for everyone to see). I personally VPN *everything* during that week, and if I have to absolutely connect to a work system, I drive to a random McDs outside of the conference and do my VPNing from there (it's usually faster and more reliable then any network at the conference too, since it's not the prize in a big game of Spy vs Spy).

Min

about two weeks ago
top

Ask Slashdot: Are Any Certifications Worth Going For?

Minupla Re:Practical certs like GIAC help and hold value (317 comments)

+1 to CISSP, I had essentially the same experience as the OP, and decided that IS manager tedious. I went and wrote my CISSP, got 'lucky' a couple of times with breach issues and poof, 5 yrs later I'm a Sr Infosec Manager.

While it doesn't have a practical component, I've met very few people who honestly say they left the exam knowing if they passed or failed. Most nerve wracking test I've ever sat for anyways. And most of infosec (absent specialties such as pentest, and even then arguably) is 90% thinking anyways. Very seldom is it important to know what command to type. Much more important to know the theory like the back of your hand.

All that having been said, if you don't like handling people, infosec is likely a poor fit. You'll top out soon if you can't have a coherent argument with someone that doesn't degenerate into "Because I said so".

Min

Min

about a month and a half ago
top

Ask Slashdot: Can a Felon Work In IT?

Minupla I've hired people with misdemeanors before (720 comments)

I've hired people with misdemeanors before.

Be honest about the crime, don't have it be a surprise that I find out during the background check part of the hiring process.

I also know other managers who've done the same. Its tough to find good people. A drug offense 5 yrs ago, with proof of a completed drug treatment program for instance isn't going to stop me from hiring a good IT worker.

Min

about a month and a half ago
top

"Barbie: I Can Be a Computer Engineer" Pulled From Amazon

Minupla Re:The one woman is the Barbie brand manager (561 comments)

Well since the publication date was 2010, I'm not sure we can blame Jean for this one.

I'm very happy that my daughter gets angry and pissed off whenever anyone suggests something is a boy toy or a girl toy tho. (Drive thru at McD's is rough!)

Min

about 2 months ago
top

Ask Slashdot: Dealing With VoIP Fraud/Phishing Scams?

Minupla Re:This is a legal matter. (159 comments)

Yep, a call to my corporate legal dept would be my first move in this situation. It's amazing how many situations got deescalated when we got the other party on the phone with my legal dept on the line.

Min

about 2 months ago
top

MARS, Inc: We Are Running Out of Chocolate

Minupla My Wife's response: (323 comments)

My Wife's response:

"OK that's it, I'm cutting you and the kid off. More for me!!!"

Min

about 2 months ago
top

Ask Slashdot: Who's the Doctors Without Borders of Technology?

Minupla Re: Check your local community first (112 comments)

I did YKnet around the same era then, out of Whitehorse. Set up an 8 line dial up pop in Old Crow, using bound analog sat channels.

I also did a stint down in the Eastern Carribean. I remember the bribes, favors, etc required to get a UPS from the dock to our building, and members of our team blocking off the main drag in town while we used the (borrowed) cargo forklift from the docks to lift the UPS up the side of the building. While we were discussing how to get it in the window the forklift driver disappeared, leaving the UPS balancing on top of a power pole. Driver was asleep under the lift. Waiting for the ex-pats to make up their minds.

Cricket games were something else too!

Min

about 2 months ago
top

Ask Slashdot: Who's the Doctors Without Borders of Technology?

Minupla Re: Check your local community first (112 comments)

Heyya - just a quick tip of the hat - sounds like we got started much the same way. What part of the Canadian frontier you tame? Yukon here, early 90s with a NPO.

Min

about 2 months ago
top

Android 5.0 Makes SD Cards Great Again

Minupla Re:At last. (214 comments)

I manage this using xprivacy module under xposed. It allows you to whitelist an application for any subtree under where it's requesting access. Works well for me. More work of course, but security tends to be more work.

Min

about 3 months ago
top

Flaw in New Visa Cards Would Let Hackers Steal $1M Per Card

Minupla Re:Just ask your bank to send you (126 comments)

proper Faraday cage has to have no gaps,

Acutally not quite accurate - a faraday cage that blocks at all wavelengths would need to have a very small mesh. Rule of thumb is you want your mesh to be less then 1/4(c/freq) m.

Since freq in the case of NFC is 13.56 MHz, that will yield us with 22/4=5.5 meters (excuse the rounding, you get the point) so anything you can wrap around your wallet is going to do the trick.

Google NFC blocking wallets for some selections.

Source: I attend hacker conferences. All my credit cards are NFC enabled. I don't want to have conversations with my CC company that starts with "I was at Defcon when..." - those don't end well!

about 3 months ago
top

Rite Aid and CVS Block Apple Pay and Google Wallet

Minupla Re:Good luck with that. (558 comments)

Actually, post Chip+Pin (and RFID interact flash for that matter) this sort of attack isn't possible. That's because the chip inside the card creates a unique one time approval for the transaction. The approval is un-replayable,

At worst, attack wise, you might be able to perform a turnstile attack on it (Interac flash reader, taped to a turnstile say), but transactions over Interac flash are capped at under 100$ and every 5 transactions you have to re-auth with a full chip and pin, so the banks' risk is pretty limited there.

Disclaimer: I've not done an indepth analysis of the security controls myself. I know there were some weaknesses in the Euro implementation around not signing the list of allowable transaction verification mechanisms or somesuch (look up the blackhat talk if you need to know) but it's a LOT more difficult these days then inserting a skimmer on the terminal and video recording the pin. (Interac was always two factor, until interac flash).

Min

about 3 months ago
top

Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

Minupla Re:Until we upgrade the dumb bunnies (384 comments)

World wide 2013 air crash fatalities: 29
World wide 2010 traffic crash fatalities 1,250,000 (est)

So unless you're going to argue that I'm 4310300% more likely to walk away from a fatal car crash, we're better off spending money there, looking at it from an objective point of view.

Fear drives us to make poor decisions. I fly a lot, but I understand that I'm just as dead from making an error at 70 mph as I would be asleep in my seat when the back end falls off my 737. Just 4310300% more likely to experience the former then the latter.

*disclaimer: Yes, I know, I mixed statistics from 2013 and 2010 above. I was too lazy to go back and find 2010 air crash statistics, but I seriously doubt it impacts the statistical analysis any more then the rounding error in the world wide traffic fatality stat.

Min

about 3 months ago
top

Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

Minupla Re:Until we upgrade the dumb bunnies (384 comments)

On traffic safety, agreed, long term, autonomous cars are the way to go. Some of the answer there is time and market forces, but I suspect a billion or two from the war on terrorism could move that along nicely. Faster technology evaluation and approval pipeline, more money for NSF funded core research, etc. But nearer term there are technologies that exist in high end cars that would lower traffic fatalities tomorrow if available in all cars. Blindspot object detection, lane departure alerts, etc. If the concern is about an objective attempt to lower the number of people who die each year, a dollar spent in this area is going to save more people than a dollar spent in airport security.

On diseases, if you're talking about a billion dollars to paradrop a few thousand doctors into africa to do contact tracing, then you have my support. If on the other hand you're discussing mobilizing the national guard to protect North America from Ebola, not so much, spend the money on the flu, which kills many more people world wide. If we do the right things in Africa, Ebola will never be more then a hideous way for a couple of people to die in the US. This is one of those situations where the "Protect the Homeland" mantra is worse then useless.

Min

about 3 months ago

Submissions

top

Minupla Minupla writes  |  about 8 years ago

Minupla writes "I've been asked to put together a new IT dept in a regional office. Among other things, I'm going to need to put together a set of tools, both hardware and software for my department. So that got me to thinking "What things have other geeks found handy in doing their jobs?" So how about it? What tool in your kit would you never want to do without?"

Journals

top

The year in review

Minupla Minupla writes  |  more than 11 years ago

Wow what a year.

I appologize for the long delay between journies, for the few people I know who check up on me in here.

First in late June, I got an older sister. Yep, you read that right. It turns out that my mother had a daughter before I was born, whom she adopted out at birth. The result of a marriage that failed on their way to the alter.

This seriously shook me, as one might imagine. She's a good person and fits in well with the insane state of the rest of my family though, so all's well that ends well.

Then this fall a job application I dropped off hit pay dirt, and after several interviews, I've accepted a job in the Carribean! So a mountian of paperwork is currently burrying me, as you might imagine! :)

So if any of you would like a postcard when I make landfall in the land of no snow, drop me a line here, or ICQ, or email, with a snail mail address and I'll drop one in the mail to you as soon as sanity restores itself (at an improbability level of 1:1.24*10^10000000 against) I'll fire off some postcards of pretty beaches :)

Min.

top

Thinking to myself

Minupla Minupla writes  |  more than 12 years ago

If a journal gets written and noone is there to read it, does it consume harddrive space?

It's a bizzare world we live in these days, and I haven't felt like writing in here for a long time. Although I live in a different country, sept 11 hit us here too. It was surreal for several days after the 11th. I had a job interview on the 13th, I had to travel by passanger boat to the interview. Usually the boat has children running around talking excitedly, the usual burble of adult conversations, ecetra. Not on the 13th. The whole trip was a surreal silence. Children sat silently beside their parents, occasionally looking toward their mothers and fathers, as if understanding that the world had changed, and not for the better, and willing their parents to make it all better.

Even in Canada, I was touched by the tragity. Friends of mine lived in a city that had a suspicious plane land, in the far north. They came over the radio and announced that everyone should head to high ground out of the city incase the highjackers decide to take the plane into the hydro-electric dam just upstream of the city.

My friend's daughter was in NYC not a week earlier and had bought tickets to a performance in the WTC.

My cousin was just across the water, and saw the planes hit. She was down there on a work trip.

I had come in second in a job competition that would have had me in the WTC on the 11th, and my Fiance had planned to work at the bookstore in the basement.

And I was one of the remotely effected people. I didn't actualy know anyone who died on Sept 11.

I wrote this on Sept 15th in my paper journal.

To all my friends and relitives in the US, my thoughts are with you.

top

Wow, my first journal entry

Minupla Minupla writes  |  more than 13 years ago

"Reflections on a Conversation with 'Angie'"

First allow me to note that the excerpts from my conversation are used with her express permission. They were personal thoughts and I would not have dreamed of reprinting them without that permission.

I was travelling home from the movies tonight, and waiting for the bus at Georgia and Granville, when I was approached by a young lady, asking for some spare change. Before I could respond with my now practiced evasions, (it is strange how it's one of the first things you learn when you live in the big city), she offers to read me some of her poetry. This is new, and I've got time to burn before the bus arrives. I accept her offer, not supplying the change. She proceeds to recite from memory for 4 minutes poetry much better than I, with my college education ever could have written.

I hand her what money I have on me, and bid that she take a seat and talk with me for awhile until my bus shows up. She's obviously not your stereotypical street person, and I want to hear her story, and felt that I'd just paid much more to hear some producer's made up story, I could certainly spare a few dollars to hear her real one.

Except for a shift in economic status, it could have been my story. She started lower so when her family crashed, she ended lower, and didn't have my aptitudes to fall back on. She told me stories of protecting her little sister from her dad, and how eventually they left him, opting to live on the streets rather then continue to accept the abuse. She told me of a boyfriend who wanted her to push dust, and her refusal to inflict that on other innocent people. She also told me of the punishment she received for this refusal.

Part way through the stories, I stopped listening so closely and listened to the tone of her voice, and watched her bearing. This was a young lady (of all of 18 years old!) who had the confidence, and self-assurance of any professional I've ever dealt with. I questioned her about this. She responded "There comes a time when you have to make a decision, you undergo abuse from your parents, and you have to decide, you can either be like them or you can learn from them. I thank my father for giving me the example not to follow."

Eventually, as many conversations like this in my life have gone of late, the subject of religion came up. I myself am a confirmed fence sitter. I'm agnostic. After having recited a common saying, it occurred to me to inquire as to her belief system. She said, "People need something to keep them going. It can be anything. If believing in a God does it for them, more power to them, it could be a doorknob they believe in, and that would be fine too." So I asked, "And what keeps you going Angie?". Her response was, "I want to see where this train stops. That and taking care of my little sister." At about this point, my bus pulled up, and Angie pointed it out. I quickly scribbled my email addy "bofh@ufies.org" on a scrap of paper and handed to her, noting that if she was ever in a position to access the net, to please drop me a line, and stepped out of her world.

Never once during my conversation with her did she express more then a quick thanks, and never did she indicate that more money would be appreciated, this would have been beneath her dignity, she had what she needed, and in return she gave freely of what I requested, conversation.

So, as I sit on the bus on my way home trying desperately to type this into the laptop while it's still fresh in my mind. I ask myself, "What has this changed about me? What does Angie have to teach me?"

I think we take people for granted. Here's a lady that if you read her story in a fictional tale you'd go, "Ya, OK, but who can believe the character?" These people exist in real life. And you find them where you least expect to find them. When I logged out of #UF tonight and decided almost randomly to see 13th floor (good movie, btw, and well worth seeing), I never expected to meet a role model, and certainly never expected for her to be a street person. But in this day and age, I'll take my heroes where I can find them.

Thanks, Angie, and I hope my 10$ bought you a warm place to spend the night, it was more then worth it, and I hope one day you will be in a position to tell your own story, as I'm sure you could do so with much more eloquence then myself.

 

Slashdot Login

Need an Account?

Forgot your password?