see, I knew my maths was wrong. :)
I didn't honestly think they would be storing it in DRAM, either.
4259 publicly visible posts • joined 19 May 2010
In British English, electrocution is defined as injury or death caused by electric shock, so to a British English speaker, fatal electrocution or lethal electrocution is permissible.
I believe US English defines it as only death caused by electric shock - in which case your pedantry is correct.
If you (or your team) have done this, I'd be really interested to know how you manage this process etc :)
We were put in the position that the client wanted a secure environment with WAF / IPS but was too cheap to pay for it.
So we built a lash up of nginx, naxsi, and fail2ban, with munin to provide some reporting and pretty graphs, as a proxy to our apache servers. HTTPS was decrypted, read, and re-encrypted using the proper certs and ciphers.
It worked surprisingly well, although I wouldn't say it was as effective or as maintainable as a commercial appliance product would have been.
The main problem? Simple: you have to know what the heck you're doing. You need a basic underlying understanding of the encryption process, how to monitor network connections (I've come across too many people who had no clue how to use tcpdump or netcat for example) and interpret the results.
And that seems a bit too much for more "modern" companies, time is also money after all, so they'd rather rely on out-of-the-box ready to use gizmo's like these. Without stopping to think about possible consequences.
I think you have to bear in mind that to achieve PCI-DSS compliance, it is often much easier to use a recognised appliance rather than roll your own monitoring at the server level, most QAs I've come across like to have pretty graphs every month, rather than have to wade through log analysis reports.
I remember being met by a stunned silence when one QA asked how we had implemented IDP for HTTPS traffic, and we told him how we did it with a roll-your-own setup on an Nginx box.
Looking at some of the big names shown in the report, it really is a sorry state of affairs.
Of the 12 appliances tested, only one, from Bluecoat achieves an A rating, and the majority of the others are C or F. The Microsoft one deserves an F--- if such were possible, as it only offers SSLv2 connections, but you expect better from Barracuda, Checkpoint et al.
I shouldn't be surprised though, as we recently had to remove ECDHE ciphers from some of our servers on an e-commerce site, as the WAF didn't support them, thus weakening the whole environment's security.
@ Codejunky,
Solving a problem when there is a problem is better than stopping progress.
There already is a problem with IoT, it just seems not to have reached the threshold where "OMG we'd better do something!", by which time it will be too late.
Trying to retroactively impose regulation when manufacturers are already doing their own thing is not going to work, the framework to regulate the industry needs to be in place early on.
The US Federal Trade Commission is holding off regulating the Internet of Things industry until there is an event which “harms consumers right now”, according to its acting head.
Because it's always better to run round like headless chickens after the event, instead of planning how to deal with it before it happens...
Well, it certainly wasn't the reliability. They break down all the time.
This is just not true, earlier Defenders (and Series Land Rovers ) will go for years without breaking down. The problem is with the more recent electronic bits, but the general mechanicals will go for ever with a bit of maintenance occasionally.
Hmmm, maybe eccentric is the wrong word, if you take it to mean how circular it is.
My understanding however, is that however circular their orbit, the moons' track across the planet (is it called the orbit footprint) can change in quite a random fashion, dependant on their interaction with each other?
Perhaps time to do some mapping of Mars' moons to refine the models a bit more?
If I remember correctly, the orbits of Phobos and Deimos are quite eccentric, and the tidal forces between the two moons and Mars mean that predicting the exact orbital path for the moons over time is non-trivial.
Smart meter billing problems have also been documented in the US.
And in the UK:
http://www.bbc.co.uk/news/uk-39169313
From the BBC story...
A spokesperson for the department for business, energy and industrial strategy, said: "Smart meters are a vital upgrade to Britain's energy system."
"The technology will bring an end to estimated billing, and give consumers real-time information about their energy use to enable them to make more efficient energy choices."
Hahahahahahahahahahahahaha!
Voyager ZZ333 was returned to RAF service after exhaustive tests, including X-rays of the captain’s stick assembly and assessments of cosmic radiation measurements
With apologies to PTerry, but I saw that and thought of:
"Special offer this aeon is various measurements of paracosmic significance built into the very fabric at no extra cost"
@Lusty,
You put:
The lack of any legitimate data would flag it up as a security risk. Using Telnet without encryption to connect to a TLS service is a dead givaway that it's not legit since Telnet doesn't set up the TLS before the connection.
And just how do you imagine a TLS session starts? If you are using telnet to prove or disprove connectivity exists to a host, then the initial connection attempt is all you need, and that is the same for any tcp connection, whether it be a TLS negotiation or any other protocol.
I agree with you about ping, most secured environments block ICMP traffic nowadays, however, it and traceroute are still useful for investigating latency and routing so long as you temporarily enable it on the endpoint.
People learn far more from their mistakes than successes. Sure fire the IT dept, but can bet your boots those guys/girls won't make the same mistake twice.
Except in this case, they obviously have, not once, but multiple times. Their databases have been deleted on several occasions, and replaced with warning messages, and they have had to restore the databases each time, and yet apparently, at no stage did they wonder why this was happening, or investigate ways to stop it.
Part of that is, no doubt, down to increased levels of security vetting involved. After all, they don't want another Snowden in the ranks.
Much too late:
https://www.theregister.co.uk/2017/02/08/us_grand_jury_indicts_harold_martin_nsa/
"Zachary Myers, an assistant US attorney with the District of Maryland, told a court last year Martin had 50TB of potentially secret and top-secret data at his home."
Also a Booz Allen Hamilton contractor, strangely...
An awful lot of commentards seem to be missing the point of this story.
Thomas has never disputed that what he did was wrong, and would be grounds for a civil lawsuit from his ex employer, however, he was very specifically charged with a criminal act under the following:
"intentionally causing damage without authorization , to a protected computer."
His argument is that he should not have been charged under that statute, as he was authorised to access the computer(s) in question.
As a shaky analogy, If I cause a road accident by throwing a concrete block off a bridge, and then got charged for "driving without due care and attention" I would be within my rights to appeal, as I wasn't driving at the time.