Obama May Toughen Internet Privacy Rules
Okay. I think I'm done. I'm going to terminate my traffic, all of it, via VPN in some other country.
BlackBerry Battle In India Going Down To the Wire
Do they want to secure customer data, or provide a documented mechanism for institutional wiretaps.
They should pick one and stick with it.
Please Do Not Change Your Password
I think you know what you're asking for is impossible, John. Is that your point?
Physical penetration tests can validate the presence of password lists in wallets, in desks, and in caches on workstations. I think I can say with confidence that there are no sources of metrics for what you have specifically asked.
So where are we then? No one can prove anything and therefore we can all claim to be correct? That's awful. That's also the state of the security industry; mountaintop sages and so called best practices sold by vendors.
Your suggestion on having a little book with them is also pretty bad. It breaks the password model of being something you know to something you have.
Remember everyone, multi-factor authentication should be a combination of something you are, something you have, and/or something you know.
If everyone did as you suggest, all thieves would have to do would be to throw an admin in the back of a van. In fact, I'm surprised that we haven't been seeing more of that anyway.
Please Do Not Change Your Password
If anyone gathered metrics on such practices, I would bet that for most environments, they would find that it yields the opposite effect of what is intended.
It makes strong passwords and lots and lots of password lists under keyboards, in text files, and on post-it notes.
I gave a little talk at a Toorcon event a couple years ago where I included some pictures of password lists found in the wild.
I think everyone competent knows about these things, they just choose not to say anything about it because it is a "best practice."
The Economy of Wikileaks
I could explain it, but why not watch their presentation that they gave a couple weeks ago at CCC and actually understand what they're talking about firsthand.
Presentation page, big mp4 video, torrent.
Should You Be Paid For Being On Call?
As a consultant, I was paid quite a lot for being available for an on-call basis; several thousand a month.
I also didn't have to do much when things happened. I would join a call, establish that it was not my problem, and then drop off.
If you're deeply concerned for your jobs, get better at your jobs and leave your bad gigs. Retention and performance problems should correct this problem of thinking that management assholes can get people to work for free. They would never work for without compensation. Why should people who are smarter than them?
Pirate Bay's Anonymity Service Enters Beta Testing
RTFA, guy. It's not free.
Also It's been done before and well. The code has been open for a long time now. I'm just surprised it hasn't happened sooner.
The code used to be archived by some of the industry cool kids for quite a while, but I'm not readily finding it in the allowed attention span of this comment.
Microsoft vs. Google — Mutually Assured Destruction
I always suspected that Cringely was completely clueless, but now I have something to point to which by his own words damn him more than anything I could ever say.
This is the kind of writing that you can point at as an example of how some people do not get it despite their pomp and bigdealness.
Give Up the Fight For Personal Privacy?
With the rise of consumer databases, I realized that it was pointless to spurn social networks as anyone with pocket change can buy more information from any of these firms than I know about myself.
Sure. You can have privacy from the casual websearching douche, but if they don't mind spending tens of dollars, they can know all there is to know.
The game is over, and unless you go all unibomber off the grid and only pay cash, forget about it. You might as well get laid by scenewhores on myspace.