Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Heartbleed To Blame For Community Health Systems Breach

TMYates Re:Blame them, not Heartbleed (89 comments)

Saying that an exploit couldn't have been used in the first place is just nonsense. It would be better to say that with the adequate security and audit policies in place, they should have been alerted as soon as someone started trying to test for a heartbleed vulnerability. Action should have been taken as soon as they saw traffic repeatedly running a heartbleed exploit to prevent the disclosure of the information. Nothing can cover 100% and in this case, they were likely waiting on a vendor to patch their system. At the time the passwords were scraped, Juniper may have still been working on a patch (assuming the information that it was a week after announcing heartbleed). This should have been where the IT admins ordered the 72oz cups of coffee and stared at the screen for days on end.

about two weeks ago
top

Munich Reverses Course, May Ditch Linux For Microsoft

TMYates Re:Open Source Integrated email/calendar/phones/et (579 comments)

As far as I know there is not a single solution to cover everything mentioned in open source. That being said, although Microsoft offers integrated solutions, they are still separate products. Your named features span Lync and Exchange. For the open source side, I would point you to Asterisk and OpenFire to handle the Lync side and you could probably use Open-Xchange to handle email/calendar (though I am unfamiliar with Open-Xchange). Integration between the products would still be limited though. One of the best distributions I have played with is called Elastix and combines almost all the features you are looking for. Not sure about the calendar aspect though.

about two weeks ago
top

Munich Reverses Course, May Ditch Linux For Microsoft

TMYates Re:Open Source Integrated email/calendar/phones/et (579 comments)

There are a couple ways to set it up, but one method is with Exchange integration. In our setup, there is a folder in Outlook called Conversation History. All chat logs and call history end up in there. Lync will also show you some of the information from the Lync client, but older history can be searched there. You can also set up archiving to go to a central database. You can also continue past conversations from within Lync should you wish to.

about two weeks ago
top

Hotel Charges Guests $500 For Bad Online Reviews

TMYates Re:Give us a good review, or else. (183 comments)

Your alternative under the agreement would be to not post anything. I would hardly call that extortion when you have an option like that. I would never stay at such a place anyway and will start to look at any agreements I sign for such verbiage.

about a month ago
top

Satya Nadella At Six Months: Grading Microsoft's New CEO

TMYates Re:Not that hard IMO (151 comments)

I still use Windows Media Center on all my machines running Windows 8.1 Pro. Though they may not be actively developing it anymore, I would hardly call it abandoned when they still support, update, and ship it. Though in reality, the main reason they are not actively developing makes sense in some ways. With Hulu, Netflix and other video providers now making standalone apps for Windows 8, there was not a need to continue development. There is a video app, music app, and pictures app that split the functionality out of Media Center. Everyone seems to hate Windows 8.X, but for my computers hooked up to the TV, it seems to work out well navigating from afar. The Media Center remote control also works for navigating the start screen (to a point). The only thing I wish Microsoft would do is split out the TV app from media center and put it with the other apps like Xbox Music, Video, etc... That is the only reason I still use Media Center.

Zune was an awesome product (still have a Zune HD), but just late to the game. Apple was already trying their best to phase out older style iPods in favor of the iPod Touch. Everyone was wanting either the iPhone or the iPod touch and killing the sales for the other iPods. Microsoft tried to follow a route of moving the Zune app to their Windows Phone platform, but they failed to have Wi-Fi only version like Apple. Once they did that, Zune started to fade out in favor of the Xbox title.

about a month ago
top

Quiet Cooling With a Copper Foam Heatsink

TMYates Interesting Thought (171 comments)

If I understand it correctly, it works similar to materials NASA uses on the space shuttle. By increasing the surface area of the heat sink, you get a better cooling effect. I believe NASA uses a foam made of 95% air or so for the tiles that are on the outside of the space shuttle. These in turn seem to allow heat in but can remain cool to the touch at very high temperatures internally. Somewhere I saw a video of someone holding a block made of this NASA material. In this case, having a "foam" made out of copper allows it to cool very quickly. I bet it would still work better to have some sort of fan blowing and constantly moving air across the foam.

Disclaimer: I do not claim to be an expert in the physics or technology behind this, but it seems logical to me.

about a month ago
top

Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common?

TMYates Re:Vendors.... who needs them... (348 comments)

It depends on whether you are running tagged or untagged VLANs. You are correct for trunk ports that carry tagged VLANs, but the catch there is that you have to have a tap or sit on a trunk port that can see the same tags. Both of these cases require physical access to monitor or make changes (or remoting into a switch). If physical access is a problem, you have bigger issues on hand. VLANs are not end all security, but to completely push them aside is ludicrous. Properly done, VLANs are a great augmentation to security, but I would not rely on them as the only means.

I mainly use VLANs with layer 3 routing so I can have firewall rules at the switch level between the VLANs which I put on separate IP networks. I avoid using the same network across multiple VLANs.

about a month ago
top

New SSL Server Rules Go Into Effect Nov. 1

TMYates Re:Big Problems (92 comments)

I generally haven't as well, but depending on your environment, automatically generated certificate requests may attempt to contain an internal domain. Hence why the default setup would no longer work once this rule takes effect. For instance, an environment that uses a domain.local that you cannot change because you have Exchange (Thanks Microsoft!). It is completely possible to have an internal interface and external and split the roles and certificates (this is what I do). Our internal interface has an internal CA cert and the external a public cert. The problem comes where all the service packs and cumulative updates I have applied required me to remove one of the virtual directories for things like OWA and ECP or the update would fail. The funny part is, they allow PowerShell to create those multiple directories, but the PowerShell scripts they put in the update expect only one directory. Fortunately its easy to export the config of one of the directories and recreate it later.

about a month ago
top

Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common?

TMYates Vendors.... who needs them... (348 comments)

I have seen this so called "requirement" on occasion and think the company that requires it needs to go though a security audit of their own. I also think that anyone that requires Domain Admin/Root access for their software to run doesn't know a thing about security (I get this commonly too). The problem you may face will be through regulatory compliance for various things (as some here mentioned PCI already) There are other regulations you should probably try to discover if you are required to comply with especially if you will be hosting PII (Personally Identifiable Information). Not just talking HIPAA, but some e-commerce sites require a little more security for their data.

That being said, as long as there is a firewall to the internet and your server does not have critical internal only ports open, in most cases you would at least pass basic security requirements, albeit not optimally. Make sure you run a test using something like NMap! As for alternative ideas, you could set rules in the local firewall to allow unrestricted traffic between the servers involved while limiting access from all others to the default rules. You could also set up IPsec tunnels between machines to encrypt that traffic. I would at least make sure you have a path to separate as many features that require higher security as possible. For instance, PCI will require more strict rules and if that is a problem for this vendor, budget a separate server for transaction processing.

Some of those options may help find some middle ground between your requirements and theirs (after all, you are not limiting traffic of interest to them). I would push to have a Business Associates agreement signed by them saying that by not following your configuration requirements, they will hold some or all of the responsibility for a breach involving their solution. It would still hurt you in the case of a breach, but at least it puts them on edge to make sure they do everything they can to secure their solution since they now have a financial consequence for a breach.

Last but not least, make sure you put the POS system in it's own VLAN separate from all other systems. Lock down that network to only POS traffic and put no other device unrelated to the POS system on that network. This is part of the reason for recent breaches from some of the major retailers.

about a month ago
top

New SSL Server Rules Go Into Effect Nov. 1

TMYates Big Problems (92 comments)

This may cause big problems for many of the existing systems out there. How do they determine internal names? Does it require a .com? Will it take into account any new top level domains that opened up? What about certificates for various systems that do not require domain names for communication (I.E. ADFS Signing/Encryption Certificates).

I think it should be required to not mix internal and external names in certificates, but to ban them completely is going to break many things. I know by default Exchange 2010/2013 and Lync Server require internal names in the certificate. You can split the bound IPs and use 2 different certificates, but it makes things more difficult to configure and manage. No to mention that Exchange patches really hate multiple virtual directory entries...

about a month ago
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

TMYates Re:Antivirus (122 comments)

Antivirus applications would never be an end all solution in any case. There might be a chance they can catch it, but you have to be up to date on the definitions for most to be able to catch it. Some newer systems may be able to do heuristics and catch potential cases that look malicious, but can have false-positives and false-negatives. Even cases where you have the best of everything and are up to date may not completely eliminate risk. This is where Zero-Day exploits (or unpublished exploits) can find their way in and disable or bypass many of these countermeasures.

Firewalls would not be helpful for anything other than blocking known ports to command and control servers. In this case, using Tor would be an advantage for the ransomware as it would block any legitimate use you may have for Tor browsing (not that I would allow it for business use in most cases). You are most likely thinking of something like an IDS/IPS system that can sit on the network and sniff out malicious traffic. Some allow for Deep Packet Inspection with SSL decryption. Even that may not cover all cases. If they use custom protocols or a different method for encrypting traffic, it would most likely render such setup useless after an infection. It may help in the initial detection however.

In the end you can never be 100% covered for anything. I always live by the notion that it is not a matter of IF but WHEN something is going to happen. The best solutions are the simplest. Make sure you have recoverable backups (don't just set them and forget). It also helps to reduce your footprint and exposure as much as possible.

about a month ago
top

Justice Dept. Names ZeuS Trojan Author, Seizes Control of P2P "Gameover" Botnet

TMYates Government Control (76 comments)

Just have to put this out there, but now that the government has taken control, how much do you want to bet the NSA will use this opportunity to spy? Even if they do not use Zeus long term, they could use it to install their own software on millions of PCs that are already infected.

about 3 months ago
top

TrueCrypt Website Says To Switch To BitLocker

TMYates Re: Fishy (566 comments)

I may need to look into this for home use again. The USB key was the reason I stopped using it at home since it was nearly impossible to find a consumer level device without a TPM and I got tired of the USB requirement for 7. Of course it has been a few years since I bought a laptop.

I have used both TrueCrypt and BitLocker and like them both, but to be completely honest, BitLocker is the better option for a business with several computers because of the recoverability. I hated having to know our employee's TrueCrypt passwords so I could work on their systems.

Also, I may be one of the few who actually likes Windows 8-8.1.1 (*gasp*) so this would not be an issue for me.

about 3 months ago
top

TrueCrypt Website Says To Switch To BitLocker

TMYates Re: Fishy (566 comments)

Correct. But there is a downside. In order to use BitLocker without one, you will require using a USB drive for unlocking the system. A big security risk with using that method in a company environment would be how many simply leave the key in the computer. That would be like leaving the key to your house in the keyhole on the outside of your house. If you have to go that route, you can also add a password with the USB drive to unlock.

Source: Experience

about 3 months ago
top

Google Using YouTube Threat As Leverage For Cheaper Streaming Rights

TMYates Stand up against it (197 comments)

If I were a musician with a large following such as say Metallica (just an example). I would just look to google and say goodbye. Why should I be forced to something in another service just because I use YouTube for the music videos? Especially when anyone can currently upload to YouTube for free. I would then pull all my videos and music from the play store, YouTube, etc... and then start a campaign against this sort of thing with my cult fan-base. Considering some of the stores then revoke the music from those with subscriptions to Google Play and/or do not allow re-download if you forget to back up your local DRM (Had this happen with a couple of services) even though you paid for the service, who would be the one to suffer long term? I bet at that point, you would see a bunch of people leaving or using a service less and less.

Just my opinion anyway. Take it for what it is worth.

about 3 months ago
top

Google Foresees Ads On Your Refrigerator, Thermostat, and Glasses

TMYates I can see it now (355 comments)

Think about what their thought process might mean for some Android devices:

Before we establish your call, you must watch a 30 second Ad. Only after the first 10 seconds will you be able to skip. You can skip every 20 Ads.

Just look what happened to YouTube.

about 3 months ago
top

Google Foresees Ads On Your Refrigerator, Thermostat, and Glasses

TMYates Re:better question... (355 comments)

If they started playing audio for the ads, I would be pissed. That would be worse in my opinion that the stupid drive by audio bombing advertisements that seem to pop up randomly on sites. At least chrome tells you which tab it is. This is also why I turn flash off unless I know an activity I am doing requires it. Which in most cases is very little.

about 3 months ago
top

Ask Slashdot: How To Communicate Security Alerts?

TMYates Net Send / MSG (84 comments)

For the most part that was restricted or disabled since the XP days (after one of the updates. Cannot remember which). You reminded me of the old school spam I used to get...

about 4 months ago
top

Ask Slashdot: How To Communicate Security Alerts?

TMYates RE: Fix "normal" (84 comments)

And the previous comment that this was in reply to is now gone....

about 4 months ago

Submissions

TMYates hasn't submitted any stories.

Journals

TMYates has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>