Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't)

khasim Re:Sure... (313 comments)

And one of the aspects where I disagree with him:

Low-focus attacks are easier to defend against: If Home Depot's systems had been better protected, the hackers would have just moved on to an easier target.

He is phrasing it incorrectly. The attacks are scripted and BLIND. They don't attack X and skip Y if X is vulnerable. Or attack Y if X is not vulnerable. They attack A - Z regardless of the success or failure of any single attack.

And 100% agreement with your air gap recommendation.

With attackers who are highly skilled and highly focused, however, what matters is whether a targeted company's security is superior to the attacker's skills, not just to the security measures of other companies.

He's got it right there. Once you are online you can be attacked by anyone anywhere. The only advantage you have is that you control the wire in your organization. Wireless is more of a pain. But you can see every packet moving on the wire.

It is hard to put a dollar value on security that is strong enough to assure you that your embarrassing emails and personnel information won't end up posted online somewhere, but Sony clearly failed here.

In my experience, the problem is not money. The problem is EGO. Someone is always convinced that what they are doing is more important than following what the IT nerds say and they have the political clout within the company to force exceptions be made.

It is the exceptions that damage your security.

It is the exceptions that allow the easy-to-prevent attacks to get a foothold on your network. THEN the more advanced attacks are unleashed.


The Dominant Life Form In the Cosmos Is Probably Superintelligent Robots

khasim Re:Well, duh (352 comments)

Well if you look at what has been "common knowledge" in SF in years past ...

And she gets her terms wrong.

Knowing that we are not alone in the universe would be a profound realization, and contact with an alien civilization could produce amazing technological innovations and cultural insights.

The universe includes all the galaxies. Our sun will probably burn out before we get a message from another galaxy. Stick to your own galaxy. That is difficult enough.

Which brings up the next error:

Even if I am wrong -- even if the majority of alien civilizations turn out to be biological -- it may be that the most intelligent alien civilizations will be ones in which the inhabitants are SAI.

SAI is her term for "superintelligent artificial intelligence". So she has just written a tautology. Unless you want to get into super-superintelligent or ultra-superintelligent.

And the rest is more of the same.


"Team America" Gets Post-Hack Yanking At Alamo Drafthouse, Too

khasim What are they going to do? (226 comments)

They're computer crackers. What are they going to do? Why all the fear?

2 days ago

US Links North Korea To Sony Hacking

khasim Re:I don't see the big deal here. (181 comments)

It's not as expensive to spend the money to properly maintain your security than it is to have it massively breached and all your data stolen.

Not as expensive if you only count money.

But in my experience, the problem is the upper executives and their insistence on special exceptions for them and their people who are doing work that is just so important that they cannot be burdened with following the security that applies to non-important people.

And I hope Sony, and all other Big Companies (tm), learn a lesson.

I think that this reinforces the wrong lesson. Everything is okay as long as you can find someone else to blame. Whether it's an employee or a hacker group or a country. The focus will be more on THEM rather than Sony executives who broke security so that they could feel more important than the nerds in IT.

2 days ago

Top Five Theaters Won't Show "The Interview" Sony Cancels Release

khasim Re:Home of the brave? (580 comments)

Yep. And even more so.

If you live in the USofA then you have a larger chance of being killed by your spouse / boyfriend / girlfriend / YOUR OWN CHILDREN than by a terrorist.

Just by waking up alive you have alread beaten the "terrorist" odds today.

And in this specific case, what are the "terrorists" going to do? Steal your credit card number? Pay cash instead.

2 days ago

In IT, Beware of Fad Versus Functional

khasim Mod parent up. (153 comments)

And he makes a FUNDAMENTAL mistake by focusing on "defining how a new technology approach will add value".

At the CxO level that is easy to do. It will allow the company to synergize your core with blah blah buzzword blah buzzword.

But the reality is that it is about adding more achievements and buzzwords to someone's resume so that they can move on before their choices bite them.

3 days ago

Apparent Islamic Terrorism Strikes Sydney

khasim Re:Check your math. (874 comments)

Conservative Christians do indeed suck, but I can't think of any serious terrorist or even violent activity by Christians in a very long time, except for a couple cases of some lone wacko shooting an abortion doctor.

The difference is the power structure.

You don't have to personally beat someone for your beliefs if you can have the police do it for you because your beliefs are the law.

Muslims, however, are infamous for organizing to do violent deeds.

The same can be said (and has) about the black "rioters" and the current protests here.

Advocating for various laws (which aren't very successful BTW, gay marriage is becoming more and more accepted in America now and is becoming legal all over; these days I think most ultraconservatives are more worried about illegal immigration, gun control, and various other issues than about gay marriage) is not similar to carrying out violent, terroristic acts.

The difference is whether the majority view them as "legitimate" exercises of violence.

Passing a law that will be used more against X than Y will not be seen as a problem by Y. And the Y's will tend to view any X that complains as being a problem.

100 years ago blacks could not marry whites. And violence against a black man accused of sex with a white woman was "justified".

20 years ago gay marriage was illegal. And it wasn't a "hate crime" to beat someone just because you thought he was gay. I remember online arguments just 10 years ago.

Right now there are states where it is legal to have an abortion BUT it is almost impossible due to the legal restrictions placed upon it. Even if the woman's life is in danger.

Those with the power to make and enforce the laws do not need to personally take hostages.

5 days ago

Apparent Islamic Terrorism Strikes Sydney

khasim Check your math. (874 comments)

Islam is a peaceful religion, that's why followers just went out of their way to do this.

There are about 500,000 Muslims in Australia.

1 of them is committing this crime.

5 days ago

Blade Runner 2 Script Done, Harrison Ford Says "the Best Ever"

khasim Re:Why do I care what Harrison Ford thinks? (297 comments)

If he thought the sequel script was bad, I doubt he would waste his time on it, as he doesn't need the fame, and probably doesn't need the cash.

He did "Kingdom of the Crystal Skull". I wouldn't trust his motivations on this one.

But my question is whether they will keep Deckard as a Replicant. And whether he will know that he is or not. Or will they retcon something stupid in.

Blade Runner was a great movie. There is no need for a sequel. They could make another movie in that universe without needing to make it a sequel.

about a week ago

2014 Geek Gift Guide

khasim Mod parent up. (113 comments)

So far timothy, soulskill, and samsenpuss all post this crap from Bennett. Is it official dice policy to promote the shit this guy writes?

Seconded! Is he paying for this placement? Is he someone's friend? WHY is he getting this space on /.?

His posts always follow the same pattern.
1. He becomes aware of ... something.
2. His massive intellect solves it.
3. He posts 1,000+ words to /. about how he solved it.
4. His solutions fail to address anything other than the most superficial aspects of whatever it is that he just became aware of.

That's not "News for Nerds". There's no in depth analysis.

So WHY does he keep getting space on /.?

about a week ago

Is Enterprise IT More Difficult To Manage Now Than Ever?

khasim Re:"cloud" = "someone else's computer" (241 comments)

As always, security is not a line-item. You cannot purchase "security".

I prefer to measure "security" as "how many people can successfully attack X".

If fewer people can successfully attack X after a change then that change has made X more secure.

If more people can successfully attack X after a change then that change has made X less secure.

So moving anything to "the cloud" will result in it being less secure. In almost every instance.

about a week ago

Is Enterprise IT More Difficult To Manage Now Than Ever?

khasim Re:Is it more difficult? (241 comments)

I think more and more IT is becoming a manager of services, instead of a manager of servers.

Services run on servers.

Users access services that are running on servers.

When there are companies out there making the basics easy to manage, then you can afford the time to get the Like buttons running.

I keep getting marketing literature from companies promising that. But it never seems that they can deliver on their claims. Instead, it's just another service that needs to be maintained.

Just PATCHING systems includes identifying/testing/deploying:
for every server / workstation / switch / router / firewall / wireless connected to your network.

about a week ago

Is Enterprise IT More Difficult To Manage Now Than Ever?

khasim "cloud" = "someone else's computer" (241 comments)

The main problem is that most of the people making "IT decisions" do not understand the full impact of those decisions (or believe that they will not be held responsible).

Moving anything "to the cloud" simply means moving it "to someone else's computer". How do you judge their security?

What happens when one of their other clients is arrested for something illegal and the "cloud" computers get confiscated?

Anyway, from TFA:

If IT wants to stay relevant, weâ(TM)re going to have to find a way to leverage our deep understanding of technology to a new environment, working with other parts of the organization and relying on influence and expertise instead of gatekeeping and rigid rules.

Which will NEVER work. Spend some time reading up on the latest cracks that leaked credit card info. If you have to rely on "influence" you should look for another job. There will always be someone with more "influence" than you.

about a week ago

CIA Lied Over Brutal Interrogations

khasim Why does it keep working? (769 comments)

If I were President and I felt that X was necessary then I would document why I thought X was necessary and that I was solely responsible for X.

Afterwards, I'd release that to the media.

There wouldn't be any of these rolling revelations. Everyone would know that I thought it was necessary to torture persons A, B and C (and no one else) and that they were tortured and (redacted) information was collected and that the people who did so did so under my DIRECT ORDERS. No one else tortured anyone other than A, B and C.

Instead, we have denials, euphamisms, "extraordinary rendition", "black sites" and unsubstantiated claims.

about two weeks ago

In North Korea, Hackers Are a Handpicked, Pampered Elite

khasim Mod parent up. (102 comments)

So 1,800 "cyber-warriors" crash 48,000 machines. Or ... each "cyber-warrior" crashes 27 machines. Yeah. Big threat there.

And crashing 48,000 machines? What is "elite" about that?

This sounds less like "a sophisticated cyber-warfare cell" and more like a few script-kiddies. If you want to cause damage then you search for Excel files and you make a few, random changes to the numbers. Do the same with any database files you can find.

And, lastly, you NEVER crash a machine. You want to maintain control for as long as possible.

So, yeah, it reads like bullshit propaganda. It probably is.

about two weeks ago

Twitter Should Use Random Sample Voting For Abuse Reports

khasim Where slashdot got it wrong. (132 comments)

First rule of crowd moderation: flagging as abusive/trolling/offtopic will be used as 'I don't agree'.

Yep. Which is why /. should require that every down-mod be accompanied by a short explanation of WHY it fit "abusive/trolling/offtopic".

Up-mods don't matter. If you want to mod something up then no explanation is necessary since they don't "bury" unpopular opinions.

about two weeks ago

Twitter Should Use Random Sample Voting For Abuse Reports

khasim Those with an agenda. (132 comments)

What kind of people are those going to be who volunteer to do a corporation's job?

That would be those people who already have an agenda that they believe could be furthered by restricting other people's accounts.

Tyranny of the majority.

And that isn't counting hiring people to do that. For just $X a day, you can down-vote post opposing Y and up-vote posts supporting Y. Think about whatever political position you don't like and imagine those people doing that.

Bennett Haselton is an idiot. That's okay.

The fact that Bennett Haselton's idiotic ideas get front page posting on /. is a problem. Why did samzenpus feel that this was worth posting?

about two weeks ago

Hawking Warns Strong AI Could Threaten Humanity

khasim Re:Ignored? (574 comments)

Since the AI will probably be a computer ... doesn't the exact nature of the threat come down to what that computer is connected to?

AI + tank is a different issue than AI + colour printer.

about three weeks ago


khasim hasn't submitted any stories.


khasim has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?