Re: "“inject keystrokes as a local user”," into an app designed to control embedeed PC's.
20 posts • joined 21 Oct 2017
I have seen this too often. I took over a security group and found out that my star performer was the lowest paid employee (< $70K) in our division North Carolina. He also had a masters in CS. When I explained to HR that a security expert could walk out and get a job for $150k, they checked and came back and said yes, but it is not appropriate ... His problem? He was a muslim from Bangladesh. It was a struggle to get him a 10K raise. He got his green card, got a better paying job (with my help), quit, did an MBA simultaneously, and is now a managing partner in a fund.
I'd say that there are a lot of variables here but salary compression can also be a factor. If she joined at a low salary then she would see only small annual increases. Hiring managers have to pay above the regular salary to get new talent in. And then they go through an adjustment phase.
It is the manager's job to level the salary. I think they just took her for a ride. Happens to most minorities. The worst are stock options. I remember in a group I worked in, only white guys got stock options. Not even white women. The director was a good old boy from Georgia.
Yup. They will get together and formulate a plan with lawyers. Pull all the emails together and any responses including any emails she sent. Pick a few sentences from here and there. Management can say that they were blindside by her performance but she had sent some unprofessional email. Or she missed something.
My ex-wife did that to an employee and was describing the process gleefully. Quite an ego trip for managers.
This is so stupid. They should be dinged on PCI non-compliance. Yeah, I know it takes money and the DB guys push back really hard. Have been there, handled that. Management needs to understand this issue. Most executives don't prioritize security. The compensation models don't include security compliance metrics. They would therefore rather ship a feature or cut costs. SAKs has high value customers. The last thing they want to do is compromise on security. The value of the asset they should be protecting is huge. This is not a small mom and pop corner grocery store catering to students buying chips and sals.
Agreed. The idea that one can walk into the workplace drugged out is almost impossible to comprehend. I think you will be walked out of the door very fast. Haven't seen it in Silicon Valley except for a couple of IT admin guys who got walked out.
The whole scam around hiring only young engineers has us in this mess; software written without any consideration for quality or security. Talk to anyone who interviewed with Google or Facebook and they will tell you that all the questions are geared towards new college graduates. People over 40 are considered old timers. FB even has a group for over 40 people. After being at the cutting edge of software engineering for more than 30 years, I am still trying to master the beast.
Other companies have followed the Google/FB model and it is disconcerting the amount of blatant age discrimination that goes on. It is fairly overt. Maybe the government should hire these more experienced engineers. It spends these billions of dollars. Most of these engineers are very capable.
You need only be able to have a vulnerability so that you can inject your code in. This can be triggered when you, for example, visit a malicious website or have a spearfishing email. Just one of the few examples. Moreover, most trusted enclaves run code in the processor's internal static ram and reference data (including keys) in the static ram itself. In theory external code can't see the internals of this static ram. That section of static ram is not cached out to the general CPU cache. These researchers found a way to cross the wall because of speculative instruction execution.
The general consensus is that it takes anywhere from 2-3 years to change a company culture. That is when the company is operating ethically but has some challenges. However, an unethical and immoral company requires many more changes. Uber will keep on disclosing many more violations. By not disclosing the breaches to the customers and drivers, Uber violated California law. There is no excuse.
The NSA can get into any equipment. Remember that when Apple asked the FBI director if they had approached the national security agencies, he replied, 'Yes, we have asked.'. But he did not say what the response was.
The FBI will be trying to make this a political case to go after the phone manufacturer again. But the case is not about this POS; it is about our rights to not have our personal records open to government spying. The government wants to spy on us in every way possible.
Intel has been very secretive about a lot of their code but a vendor that used Intel code in a certain processor turned of static code analysis (Klockwork) because it was giving 'Too many errors'. When we went to a white hat hacking company they found 14 P0 vulnerabilities without access to the source code in 3 days. Intel denied that they had problems.
Biting the hand that feeds IT © 1998–2020