|
Indeed.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
Those who seek perfection will only find imperfection
nils illegitimus carborundum
me, me, me
me, in pictures
|
|
|
|
|
Homir Munn wrote: What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets.
Far as I know no specific information has been released about how the problem occurred. And the vast majority of problems occur from the inside. In a case like that encryption wouldn't matter. But other than that most places do not take security seriously at the corporate level even when they have actual security processes in place. It is often a secondary task of which only specific individuals can make a difference.
Homir Munn wrote: I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud:
Actually it is different and banks do take it seriously at least in the US. The reason is simple because for Visa/Mastercard the bank is libel for the entire amount except $50. Banks for years have been running data analysis for reducing fraud. That is why you might encounter a stop on your card if you travel infrequently or you might be required to give your zip code or even security code at a retail purchase.
|
|
|
|
|
Fair point.
jschell wrote: Actually it is different and banks do take it seriously at least in the US.
They do in the UK as well. However, those are software fixes and do not cure the problem. Again, until it costs less to fix than the losses, I suspect nothing much will change.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
Those who seek perfection will only find imperfection
nils illegitimus carborundum
me, me, me
me, in pictures
|
|
|
|
|
Last night I submitted a project to CP.
It is an encryption pad which encrypts text using Triple DES into 64bit string garbage and back again.
You can use it all the time or occasionally, encrypt your entire mail or just a couple of words.
Unfortunately, for some reason I couldn't upload the screen shots, which include the sample key string.
Still, it's fun.
05yO8J1m9HphMAAM4bpJPdJM48St6PYOtnPPAHc9euNLU0Sof43hDiP95uJDxrzo
(as the alien said to the actress).
|
|
|
|
|
Homir Munn wrote: Why wouldn't you encrypt everything?
Because it's too much trouble and is not the default option... that's what anyone who is not tech savvy would say, in my case, until recently, I had encrypted my drive with Bitlocker and EFS (Yes, I use Windows), I found it adequate, but it was really too much trouble, specially, if you wanted to share something with anyone else.
|
|
|
|
|
I also use Bitlocker, it's as seamless as it gets. It takes a very small hit on my measly Core i3 but any Core i5 upwards has dedicated hardware for this task and as such, has precisely zero hit on performance.
|
|
|
|
|
Why encrypt everything? To prevent the digital equivalent to the Brandon Mayfield fiasco from happening.
We haven't seen any detailed walkthrough of the attack at Target, so we shouldn't automatically assume that poor encryption was the problem.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
|
|
|
|
|
I left the company over a decade ago, but I had a sensitive position, so they set up encryption capabilities for me. Over the 5 years I had it, I got maybe 6 encrypted E-mails and with 4 of them, I wondered what was in it that justified encryption.
If I told you what was in them, I never had the capability to shoot you. Of course, now I won't tell you because I have no idea what they said.
|
|
|
|
|
What is it like to look out the window on the ISS??
Find out![^]
|
|
|
|
|
Awesome, how would you like to wake up to that every day
|
|
|
|
|
great post, thanks....
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
..so i was dated with a very nice woman...
she did some sort of "shifting"
anyways, i got an Invitation for elder scrolls, to be exactly time conventions relating, i got it on wednesday, see here for some "rare" infos:
STRESS TEST SESSION FRIDAY AT 6:00PM ESTFrom Friday, January 10th at 6:00PM EST
Until Sunday, January 12th at 11:59PM EST
so i decided not to let those b**ches rule my live and concentrate myself on important things....
so, as Timestandards also rule, i need to wait another 46 minutes... to enter paradise!!!
until then, i´m listening to Label: Harthouse, Artist: The Ambush(Oliver Lieb) track: Sun, Release Date: ~ 1993
|
|
|
|
|
To assuage your heartbreak, I suggest you take comfort in the amazing co-incidence that your, and her, bodies were, and are, on the same planet 24/7.
“There are obvious things, and there are many obvious things no one tried, because no one needed to try them.” Sergey Alexandrovich Kryukov, January 1, 2014
|
|
|
|
|
|
Clodetta del Mar wrote: as we Germans tend to say:
ätschi-o-lätschi
Gesundheit.
Will Rogers never met me.
|
|
|
|
|
< rant>
me: "Mr. Customer, please understand that I really don't want to do your project, but I know you are in a bind. I will give it a shot as time permits. Your code is old, it is not documented, and I am the only one that has a clue how it works. There is RISK involved."
customer: "Wonderful, whoot! I'm so happy!" <--- likely never saw the last part of my reply.
time passes...
customer: "Why aren't you done yet? I hate you!"
me: "Sigh"
< /rant>
To quote my predecessor, "I can sleep when I'm dead."
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
modified 10-Jan-14 14:49pm.
|
|
|
|
|
I worked for a company that I wrote a large portion of software that controlled a water plant and told the manages all the time I was doing it that the hardware would not be adequate for the job they were supposed to do. So when I got done and the machine was running the customer asked that I write some journaling software to run in the "Computers Idle" time and again I resisted but in the end wrote an journal system in PDP assembler.
Well I left the company and one day about 2 months later my old manager called and asked if I would go down on the weekend and take a look at the system and see what I could do.
When we met I reminded him of all the resistance I had given during development and he explained that it was a moot point that the water company was going to sue them if they didn't do something and wanted me to go down with a contractor from DEC and look at the system.
Well I had done a little work for them after I left and the contract stated that I should receive $45/hr, this was 1987 or so but the contract had expired and they had written an updated contract with the same conditions and wanted me to sign. Well I didn't want to go because I knew and told them that the system couldn't be fixed and if they wanted me to go, and I just picked what I thought was an outrageous figure of $125/hr. Well they didn't even bat an eye the manager changed the figure and I went down for the weekend and made a butt load of money.
Now the kicker, when I got home on Sunday evening I was tired and stressed and wanted a beer and there wasn't on in the house so I asked my ex for enough to buy a 12-pack and she said that she had spent the ~$3000 I made that weekend before I even got home.
Soon after she became my ex.
|
|
|
|
|
Mike Hankey wrote: she had spent the ~$3000 I made that weekend before I even got home.
I don't blame you for making her your ex!
OT: How's the WinHeist thing coming along?
Getting information off the Internet is like taking a drink from a fire hydrant.
- Mitchell Kapor
|
|
|
|
|
And that was just the last straw!
|
|
|
|
|
I mean - wow.
Yes, we're about at the point of rewriting the entire system. I have 100K lines of FORTRAN that could be culled to 15K lines of C# and a sql server. But I digress. Right now, my other customer is going like gangbusters.
Then again, I do have that mountain land that needs a cabin on it....
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
charlieg wrote: Then again, I do have that mountain land that needs a cabin on it....
And in about a year I will need a project.
|
|
|
|
|
charlieg wrote: Your code is old, it is not documented, and I am the only one that has a clue
how it works.
So you wrote the code in the first place?
|
|
|
|
|
No, no, a thousand times no. I comment my code, the original developers were not anything close to software developers. They were engineers that had had a FORTRAN class in college.
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
I stated that I would like to travel more!
Well someone must have heard me because the hiking club I belong to is planning a backpacking trip to San Juan, Puerto Rico in April.
Woot I'm lining up travel plans this week.
I'm stoked!
|
|
|
|
|
Is your doctor trying to break some bad news gently?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|