I normally don't respond and just sit back leeching knowledge, however
this incident with LinkedIn & eHarmony strikes close to home. Not just
because my password was in this list of dumped LinkedIn accounts, but
the fact that this incident struck virtually every business professional
and corpo
Exactly!
Passwords = Fail
All we can do is make it as difficult as possible for them to crack it
until the developers decide to make pretty eye candy.
- Robert Miller
(arch3angel)
On 6/20/12 3:43 PM, Leo Bicknell wrote:
In a message written on Wed, Jun 20, 2012 at 03:30:58PM -0400, AP
I have two concerns with this thought, while at the same time intrigued
by it.
How will this prevent man in the middle attacks, either at the users
location, the server location, or even on the compromised server itself
where the attacker is just gathering data. This is the same concerns we
hnologies that work with each other.
In a message written on Thu, Jun 21, 2012 at 10:43:44AM -0400, AP NANOG wrote:
How will this prevent man in the middle attacks, either at the users
location, the server location, or even on the compromised server itself
where the attacker is just gathering data.
I still believe that the final solution should be some sort of two
factor, something you know (i.e. a passphrase) and something you have
(i.e. key / token / something which has been verified).
Up till recently RSA was a good platform, but was not very effective for
smartphone use.
If there i
I used the example I did based on YubiKey, I own one and use it on a
regular basis. The real issue I am trying to make is the fact that even
in the scenario I placed forward it still requires trust. Trust of a
person or trust of a company. This reminds me of a quote:
Onl
+1 - Took the letters right out from under my fingers :-)
--
- Robert Miller
(arch3angel)
On 6/22/12 4:44 AM, Barry Greene wrote:
Shadowserver.org has a public benefit notification service.
Sent from my iPad
On Jun 22, 2012, at 2:46 PM, Yang Xiang
wrote:
Argus can alert prefix hijacking,
Still playing devils advocate here, but does this still not resolve the
human factor of "Implementation"?
--
- Robert Miller
(arch3angel)
On 6/22/12 7:43 AM, Robert Bonomi wrote:
Rich Kulawiec wrote:
On Wed, Jun 20, 2012 at 12:43:44PM -0700, Leo Bicknell wrote:
(on the use of public/privat
Kyle,
I may be mistaken here, but I don't believe anyone is truly laughing the
matter off.
There may have been some remarks about second or third parties, but the
fact does remain these are the areas which current concerns still lay.
--
Robert Miller
(arch3angel)
On 6/24/12 1:02 AM, Kyle
This may not help Matt now, but I just came across this today and
believe it may help others who have to deal with incidents:
http://cert.societegenerale.com/en/publications.html --> "IRM (Incident
Response Methodologies)"
If you changed the file contents before noting the created date,
mod
On 6/27/12 12:51 PM, Matthew Black wrote:
Ask and ye shall receive:
# more .htaccess (backup copy)
#c3284d#
RewriteEngine On
RewriteCond %{HTTP_REFERER}
^.*(abacho|abizdirectory|acoon|alexana|allesklar|allpages|allthesites|alltheuk|alltheweb|alt
avista|america|amfibi|aol|apollo7|aport|arcor|a
While I was working for a wireless telecom company our primary
datacenter was knocked off the power grid due to weather, the generators
kicked on and everything was fine, till one generator was struck by
lighting and that same strike fried the control panel on the second
one. Considering the s
Do you happen to know all the kernels and versions affected by this?
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
On 7/1/12 12:44 PM, George Bonser wrote:
-Original Message-
From: Roy
Sent: Saturday, June 30, 2012 10:03 PM
To: nanog@nanog.org
Subje
This is an excellent example of how tests "should" be ran, unfortunately
far too many places don't do this...
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
On 7/2/12 12:09 PM, Leo Bicknell wrote:
In a message written on Mon, Jul 02, 2012 at 11:30:06AM -0400,
I believe in my dictionary Chaos Gorilla translates into "Time To Go
Home", with a rough definition of "Everything just crapped out - The
world is ending"; but then again I may have hat incorrect :-)
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
On 7/2/12 2:
Sabri,
As I was going through reading all these replies, the one thing that
continued to poke at me was the requirement of the signed binaries and
microcode. The same goes for many of the Cisco binaries, without direct
assistance, which is unclear at this point through the cloud of smoke so
to sp
Roland,
I did fail to mention the HUMINT (Human Intelligence) side of things,
thank you for bringing that up!
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
On 12/30/13, 11:33 PM, Dobbins, Roland wrote:
> On Dec 31, 2013, at 11:06 AM, [AP] NANOG wr
I would look into Asatro, they have a solid product and good support.
If you want a contact person let me know and I will email you directly.
On 4/9/11 11:55 AM, pr...@cnsny.net wrote:
Andrew,
We use and offer Postini - a front end service. Postini is a anti virus and
spam filter, and can spo
18 matches
Mail list logo
