* Posts by lifetime security

20 posts • joined 21 Oct 2017

NUC, NUC! Who's there? Intel, warning you to kill a buggy keyboard app

lifetime security Bronze badge

Re: "“inject keystrokes as a local user”," into an app designed to control embedeed PC's.

Double PoS

Who had Intel in the 'discrimination lawsuit' pool? Congratulations

lifetime security Bronze badge

Any Stock discrepancies?

I wonder if the discovery process will uncover stock grants/options discrepancies too.

lifetime security Bronze badge

I have seen this too often. I took over a security group and found out that my star performer was the lowest paid employee (< $70K) in our division North Carolina. He also had a masters in CS. When I explained to HR that a security expert could walk out and get a job for $150k, they checked and came back and said yes, but it is not appropriate ... His problem? He was a muslim from Bangladesh. It was a struggle to get him a 10K raise. He got his green card, got a better paying job (with my help), quit, did an MBA simultaneously, and is now a managing partner in a fund.

lifetime security Bronze badge

Re: She did it to herself

I'd say that there are a lot of variables here but salary compression can also be a factor. If she joined at a low salary then she would see only small annual increases. Hiring managers have to pay above the regular salary to get new talent in. And then they go through an adjustment phase.

It is the manager's job to level the salary. I think they just took her for a ride. Happens to most minorities. The worst are stock options. I remember in a group I worked in, only white guys got stock options. Not even white women. The director was a good old boy from Georgia.

lifetime security Bronze badge

Yup. They will get together and formulate a plan with lawyers. Pull all the emails together and any responses including any emails she sent. Pick a few sentences from here and there. Management can say that they were blindside by her performance but she had sent some unprofessional email. Or she missed something.

My ex-wife did that to an employee and was describing the process gleefully. Quite an ego trip for managers.

Hacks Fifth Avenue: Crooks slurp bank cards from luxury chain Saks

lifetime security Bronze badge

Re: Owned by Hudsons Bay Co.

They will not learn till the high level execs get their ass kicked.

lifetime security Bronze badge

Why on Earth are they storing CC numbers?

This is so stupid. They should be dinged on PCI non-compliance. Yeah, I know it takes money and the DB guys push back really hard. Have been there, handled that. Management needs to understand this issue. Most executives don't prioritize security. The compensation models don't include security compliance metrics. They would therefore rather ship a feature or cut costs. SAKs has high value customers. The last thing they want to do is compromise on security. The value of the asset they should be protecting is huge. This is not a small mom and pop corner grocery store catering to students buying chips and sals.

US mulls drafting gray-haired hackers during times of crisis

lifetime security Bronze badge

Re: How many of these retired people can pass the drug test?

Agreed. The idea that one can walk into the workplace drugged out is almost impossible to comprehend. I think you will be walked out of the door very fast. Haven't seen it in Silicon Valley except for a couple of IT admin guys who got walked out.

lifetime security Bronze badge

Re: What's Important Here

Unless you are over the age of 40. Then the private sector will not hire you.

lifetime security Bronze badge

Re: No me

And you don't think the people already serving don't know this already? They used to mark bombs with the names of oil companies before loading them on planes ...

lifetime security Bronze badge

Trend of hiring only young software engineers

The whole scam around hiring only young engineers has us in this mess; software written without any consideration for quality or security. Talk to anyone who interviewed with Google or Facebook and they will tell you that all the questions are geared towards new college graduates. People over 40 are considered old timers. FB even has a group for over 40 people. After being at the cutting edge of software engineering for more than 30 years, I am still trying to master the beast.

Other companies have followed the Google/FB model and it is disconcerting the amount of blatant age discrimination that goes on. It is fairly overt. Maybe the government should hire these more experienced engineers. It spends these billions of dollars. Most of these engineers are very capable.

Commonwealth Games are just the ticket for Facebook

lifetime security Bronze badge

Will the data end up with something like Cambridge Analytica? I wonder what kind of data mining FB is doing if Cambridge Analytica can do so much. The difference is we all trust FB, right?

Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves

lifetime security Bronze badge

Re: @Mark 85

You need only be able to have a vulnerability so that you can inject your code in. This can be triggered when you, for example, visit a malicious website or have a spearfishing email. Just one of the few examples. Moreover, most trusted enclaves run code in the processor's internal static ram and reference data (including keys) in the static ram itself. In theory external code can't see the internals of this static ram. That section of static ram is not cached out to the general CPU cache. These researchers found a way to cross the wall because of speculative instruction execution.

Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU

lifetime security Bronze badge

Changing a company culture is not easy

The general consensus is that it takes anywhere from 2-3 years to change a company culture. That is when the company is operating ethically but has some challenges. However, an unethical and immoral company requires many more changes. Uber will keep on disclosing many more violations. By not disclosing the breaches to the customers and drivers, Uber violated California law. There is no excuse.

Does UK high street banks' crappy crypto actually matter?

lifetime security Bronze badge

The bank is looking at us as an aggregate and doesn't want to be bothered with problems I have. I am a security aware professional and I want MY connection safe. The bank is least bothered about me and will go on using the older system.

Parity calamity! Wallet code bug destroys $280m in Ethereum

lifetime security Bronze badge

Re: This is when I know I'm getting old...

For the last 40 years or so, money has been in software. They are in database transactions but still software .

You know what's coming next: FBI is upset it can't get into Texas church gunman's smartphone

lifetime security Bronze badge

The NSA can get into any equipment. Remember that when Apple asked the FBI director if they had approached the national security agencies, he replied, 'Yes, we have asked.'. But he did not say what the response was.

The FBI will be trying to make this a political case to go after the phone manufacturer again. But the case is not about this POS; it is about our rights to not have our personal records open to government spying. The government wants to spy on us in every way possible.

Estonia government locks down ID smartcards: Refresh or else

lifetime security Bronze badge

That is how you handle security issues

There is no perfect security. There will be mistakes and errors. Estonia did the right thing and moved forward.

FBI: Student wrestler grappled grades after choking passwords from PCs using a key logger

lifetime security Bronze badge

Re: FBI make federal case out of school keylogger

Sorry, black hat hackers are generally beyond redemption. The track record is miserable.They never change.

Wanna exorcise Intel's secretive hidden CPU from your hardware? Meet Purism's laptops

lifetime security Bronze badge

Intel has been very secretive about a lot of their code but a vendor that used Intel code in a certain processor turned of static code analysis (Klockwork) because it was giving 'Too many errors'. When we went to a white hat hacking company they found 14 P0 vulnerabilities without access to the source code in 3 days. Intel denied that they had problems.


Biting the hand that feeds IT © 1998–2020