Re: "“inject keystrokes as a local user”," into an app designed to control embedeed PC's.
Double PoS
Posts by lifetime security
20 publicly visible posts • joined 21 Oct 2017
NUC, NUC! Who's there? Intel, warning you to kill a buggy keyboard app
Who had Intel in the 'discrimination lawsuit' pool? Congratulations
Tuesday 3rd April 2018 07:34 GMT
I have seen this too often. I took over a security group and found out that my star performer was the lowest paid employee (< $70K) in our division North Carolina. He also had a masters in CS. When I explained to HR that a security expert could walk out and get a job for $150k, they checked and came back and said yes, but it is not appropriate ... His problem? He was a muslim from Bangladesh. It was a struggle to get him a 10K raise. He got his green card, got a better paying job (with my help), quit, did an MBA simultaneously, and is now a managing partner in a fund.
Tuesday 3rd April 2018 07:28 GMT
Re: She did it to herself
I'd say that there are a lot of variables here but salary compression can also be a factor. If she joined at a low salary then she would see only small annual increases. Hiring managers have to pay above the regular salary to get new talent in. And then they go through an adjustment phase.
It is the manager's job to level the salary. I think they just took her for a ride. Happens to most minorities. The worst are stock options. I remember in a group I worked in, only white guys got stock options. Not even white women. The director was a good old boy from Georgia.
Tuesday 3rd April 2018 07:22 GMT
Yup. They will get together and formulate a plan with lawyers. Pull all the emails together and any responses including any emails she sent. Pick a few sentences from here and there. Management can say that they were blindside by her performance but she had sent some unprofessional email. Or she missed something.
My ex-wife did that to an employee and was describing the process gleefully. Quite an ego trip for managers.
Hacks Fifth Avenue: Crooks slurp bank cards from luxury chain Saks
Tuesday 3rd April 2018 04:51 GMT
Why on Earth are they storing CC numbers?
This is so stupid. They should be dinged on PCI non-compliance. Yeah, I know it takes money and the DB guys push back really hard. Have been there, handled that. Management needs to understand this issue. Most executives don't prioritize security. The compensation models don't include security compliance metrics. They would therefore rather ship a feature or cut costs. SAKs has high value customers. The last thing they want to do is compromise on security. The value of the asset they should be protecting is huge. This is not a small mom and pop corner grocery store catering to students buying chips and sals.
US mulls drafting gray-haired hackers during times of crisis
Thursday 22nd March 2018 18:29 GMT
Re: How many of these retired people can pass the drug test?
Agreed. The idea that one can walk into the workplace drugged out is almost impossible to comprehend. I think you will be walked out of the door very fast. Haven't seen it in Silicon Valley except for a couple of IT admin guys who got walked out.
Thursday 22nd March 2018 18:21 GMT
Trend of hiring only young software engineers
The whole scam around hiring only young engineers has us in this mess; software written without any consideration for quality or security. Talk to anyone who interviewed with Google or Facebook and they will tell you that all the questions are geared towards new college graduates. People over 40 are considered old timers. FB even has a group for over 40 people. After being at the cutting edge of software engineering for more than 30 years, I am still trying to master the beast.
Other companies have followed the Google/FB model and it is disconcerting the amount of blatant age discrimination that goes on. It is fairly overt. Maybe the government should hire these more experienced engineers. It spends these billions of dollars. Most of these engineers are very capable.
Commonwealth Games are just the ticket for Facebook
Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves
Wednesday 7th March 2018 19:01 GMT
Re: @Mark 85
You need only be able to have a vulnerability so that you can inject your code in. This can be triggered when you, for example, visit a malicious website or have a spearfishing email. Just one of the few examples. Moreover, most trusted enclaves run code in the processor's internal static ram and reference data (including keys) in the static ram itself. In theory external code can't see the internals of this static ram. That section of static ram is not cached out to the general CPU cache. These researchers found a way to cross the wall because of speculative instruction execution.
Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU
Friday 24th November 2017 10:33 GMT
Changing a company culture is not easy
The general consensus is that it takes anywhere from 2-3 years to change a company culture. That is when the company is operating ethically but has some challenges. However, an unethical and immoral company requires many more changes. Uber will keep on disclosing many more violations. By not disclosing the breaches to the customers and drivers, Uber violated California law. There is no excuse.
Does UK high street banks' crappy crypto actually matter?
Parity calamity! Wallet code bug destroys $280m in Ethereum
You know what's coming next: FBI is upset it can't get into Texas church gunman's smartphone
Wednesday 8th November 2017 06:08 GMT
The NSA can get into any equipment. Remember that when Apple asked the FBI director if they had approached the national security agencies, he replied, 'Yes, we have asked.'. But he did not say what the response was.
The FBI will be trying to make this a political case to go after the phone manufacturer again. But the case is not about this POS; it is about our rights to not have our personal records open to government spying. The government wants to spy on us in every way possible.
Estonia government locks down ID smartcards: Refresh or else
FBI: Student wrestler grappled grades after choking passwords from PCs using a key logger
Wanna exorcise Intel's secretive hidden CPU from your hardware? Meet Purism's laptops
Saturday 21st October 2017 15:10 GMT
Intel has been very secretive about a lot of their code but a vendor that used Intel code in a certain processor turned of static code analysis (Klockwork) because it was giving 'Too many errors'. When we went to a white hat hacking company they found 14 P0 vulnerabilities without access to the source code in 3 days. Intel denied that they had problems.
Biting the hand that feeds IT
