Fighting against your civil liberties since 2006!

Where to go for and post Political chatter and gossip, including Government screw ups, Military covert operations, top secret files, anything related to Government.
User avatar
xierox
Hoopy Frood
Posts: 314
Joined: Sat Dec 31, 2005 2:08 am

Post: # 19708Post xierox
Thu Jun 15, 2006 8:29 am

J_K9 wrote:Well Opera are just idiots for that, then.. Did you write to the Mozilla crew, by any chance? ;)

So catch, where exactly DO you work now? The government? I thought you were going to Microsoft? :?


// Everybody: Feel free to slap me :roll: :P
Mozilla (I'm guessing) won't do anything that would make their browser dependent on any one operating system.

At least that's my theory. :D

I was going to (in all seriousness) suggest he contact Red Hat or Novell. But the problem with that is that everyone already considers Linux secure, so... :(

- Xierox


Image
Sometimes the light's all shining on me, other times I can barely see. Lately it occurs to me what a long strange trip it's been.

User avatar
Aspman
Frustrated Mad Scientist
Posts: 8867
Joined: Mon Jan 09, 2006 10:07 am
Location: Scotland

Post: # 19719Post Aspman
Thu Jun 15, 2006 9:09 am

So if I see a report on the news with a rep from the DHS pulling apart everyones arguments with a research paper for every point I'll know its Catch :D

Seriously they're no point on being on a downer before you start it might be ok. Think positive.
"Man will never be free until the last king is strangled with the entrails of the last priest."
- Denis Diderot (1713-1784)

catch
Wankers Cramp - no - its from typing - HONEST
Posts: 995
Joined: Tue Jan 10, 2006 3:49 am

Post: # 19723Post catch
Thu Jun 15, 2006 9:26 am

I see I missed a few posts in my last reply.

Egaladeist:
I am an information security solutionist. I help organizations solve specific security related problems (address additional risks, more predictable, cheaper) to support their progression from a tactical, reactive stance to a strategic, robust, and proactive one. I am not a programmer or administrator... in fact for the most part my technical skills are about good enough to display a concept and no better.

alleyCat:
Just the way i prefer to do things... by the hour and you can find yourself getting bogged down in projects for ages because nothing has been clearly defined and if you take the time to clearly define everything, you might as well bid as a project.

Debs:
No badge for me, my experience in offensive cyberwarfare will apparently be useful domestically.

und3rtak3r:
"Mate.. I am not an Australian, I am really a Chinese operative" is clearly fake. "Commrad.. I am not an Australian, I am really a Chinese operative" I would have bought. ;)
Know any useful job contacts in AU? I quite like it there and can get a work visa easy. ;)

J_K9:
Nah, I haven't contacted Mozilla... I contacted Opera because I would love to be in Norway and because their product is so very close to being far and away the best on the market, yet some how is lacking in just enough ways that is sucks for any real organization wide use.
Read my comments above about what happened with MS... their idea to security these days is to just add more obvious buttons for features that have been present for years.

xierox:
Shame on you, I would not make Opera OS reliant... it would ship with its own compartment for whatever OS.
RedHat has no interest in what I would do to Linux.

I am still debating going into independant consulting, like how I started out... but I just don't care for sales these days.

cheers,

catch
Proud Nubian Princess

User avatar
xierox
Hoopy Frood
Posts: 314
Joined: Sat Dec 31, 2005 2:08 am

Post: # 19726Post xierox
Thu Jun 15, 2006 9:30 am

catch wrote:xierox:
Shame on you, I would not make Opera OS reliant... it would ship with its own compartment for whatever OS.
My bad. You're ahead of my train of thought.

- Xierox
Image
Sometimes the light's all shining on me, other times I can barely see. Lately it occurs to me what a long strange trip it's been.

catch
Wankers Cramp - no - its from typing - HONEST
Posts: 995
Joined: Tue Jan 10, 2006 3:49 am

Post: # 19730Post catch
Thu Jun 15, 2006 9:47 am

My bad. You're ahead of my train of thought.
Haha no worries... it would be ideal for them though... by using a secondary compartment, ideally a kernel device. A custom API could be developed so that regardless of the platform, the same Opera binary would be used...

Gee, so a universal binary would deal with all of the usability and interface... and the platform dependant one would be the reference monitor that should be so small and assured initially to rarely require changes... I wonder...

Aside from adding security... might that also enable cheaper and more rapid development of the primary application... the whole no security or compatability concerns?

I don't know why people are resistant to such things, they do work... and quite well.

cheers,

catch
Proud Nubian Princess

User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18908
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Post: # 19733Post Egaladeist
Thu Jun 15, 2006 10:02 am

Network Security Consultant Jobs

intJobs.org currently has live Network Security Consultant jobs in its database so don’t delay - find the perfect Network Security Consultant job and kick-start your career today.

Remember to also post your resume online so that employers and recruiters can match you to any Network Security Consultant jobs that they may be recruiting for.

http://intjobs.org/jobsearch/category.p ... T+Security
intJobs.org > IT Security Jobs > NETWORK SECURITY CONSULTANT Jobs

NFORMATION SECURITY CONSULTANTS & MANAGERS Jobs

EXECUTIVE

To work in the Information Security Services team, you will need a strong technical background in the design, implementation, testing, troubleshooting and administration of complex IT infrastructure. You will also have a good understand of risk management principles and how to apply them to a complex IT infrastructure in order to reduce the risk of systems failing or being compromised due to a security weakness.

http://www.executivesontheweb.com/uk/jo ... m?id=68677
INFORMATION SECURITY CONSULTANTS & MANAGERS Jobs, Executive Jobs, Senior Appointments

Closer? :D

Johnno
What DO you mean : real life
Posts: 273
Joined: Tue May 23, 2006 8:46 am
Contact:

Post: # 19736Post Johnno
Thu Jun 15, 2006 10:31 am

J_K9 wrote:Well Opera are just idiots for that, then.. Did you write to the Mozilla crew, by any chance? ;)

So catch, where exactly DO you work now? The government? I thought you were going to Microsoft? :?


// Everybody: Feel free to slap me :roll: :P
/slap

catch
Wankers Cramp - no - its from typing - HONEST
Posts: 995
Joined: Tue Jan 10, 2006 3:49 am

Post: # 19737Post catch
Thu Jun 15, 2006 10:44 am

Well eg, that is still quite hands on/lower level... troubleshooting and all that.

cheers,

catch
Proud Nubian Princess

User avatar
J_K9
THE Prancing Pirate
Posts: 8123
Joined: Fri Feb 24, 2006 10:47 pm
Contact:

Post: # 19780Post J_K9
Thu Jun 15, 2006 2:05 pm

catch wrote:J_K9:
Nah, I haven't contacted Mozilla... I contacted Opera because I would love to be in Norway and because their product is so very close to being far and away the best on the market, yet some how is lacking in just enough ways that is sucks for any real organization wide use.
Hmm.. Firefox seems to be a more popular browser, and it certainly is one of the best on the market. I'm assuming you don't think they're good enough for use in an organisation because they don't support ActiveX? There may be a plugin for Firefox - I'm not sure about this though...

And I'm sure the rest of us would appreciate a more secure Firefox ;)
Read my comments above about what happened with MS... their idea to security these days is to just add more obvious buttons for features that have been present for years.
To add a touch of lemon to the wound.. They are dumbing down security too much, and rather than teaching users how to secure their systems properly, they are simply adding a bunch of GUI tools so that the user can do it themselves without education.

I guess we can blame Microsoft (and Apple, to a certain extent) for end-user stupidity then :roll:

Oh - and your point is that Microsoft are, at the moment, trying to make Windows more secure by making it easier for end-users to secure their systems, rather than refining the current security controls available.. Correct?
RedHat has no interest in what I would do to Linux.
And Novell?
"Don't gain the world and lose your soul, wisdom is better than silver or gold." - Bob Marley

[CS:Source Admin]

alleyCat
I type, therefore I am
Posts: 843
Joined: Wed May 24, 2006 12:24 am
Location: Sydney, Australia

Post: # 19936Post alleyCat
Fri Jun 16, 2006 2:23 am

catch wrote:I am an information security solutionist. I help organizations solve specific security related problems (address additional risks, more predictable, cheaper) to support their progression from a tactical, reactive stance to a strategic, robust, and proactive one. I am not a programmer or administrator... in fact for the most part my technical skills are about good enough to display a concept and no better.
OK this sounds like my dream job... How long you been in the industry and can you tell me how you got there? (Was it luck?)

I've always wanted to be an architect, but I need so much technical background I just feel I'm slowing down... maybe prefer to retreat into a system administration position and live out my days comfortably...

User avatar
Vorlin
Taz's very own Fireman [RIP]
Posts: 2378
Joined: Fri Jun 16, 2006 3:48 pm
Are you a Spammer: No
Location: N. Augusta, SC
Contact:

Post: # 20875Post Vorlin
Tue Jun 20, 2006 2:01 pm

I guess we can blame Microsoft (and Apple, to a certain extent) for end-user stupidity then
I've always blamed companies for doing nothing to educate the end-users but rather making everything glitzy, shiny, and full of the "Press me!" look. There should be a big fat "READ THIS FIRST NOW YOU UNEDUCATED LUSER" text file opened on an initial boot for Windows. I blame MS more than anyone else because they've not been in the business for a more secure OS and it took them all the way up to XP SP2 before their OS became inherently more secure just because they turned on stuff that should've been on before and turned off stuff that should've have been enabled to begin with. That still doesn't solve the question of "hey, what's this firewall thingy do" or "why should I not be directly connected to the internet" or whatever else comes out of someone's mouth.

Another sad thing is, a lot of people in general have adopted the mentality that after they get done with their highest level of education, be it college or high school, and they've moved out of their parents house, nobody can tell them what to do and that's a horrid mentality to live by. I try to learn as much as I can and I've learned stuff from people ten years younger than me. Pride's a tough thing to put aside sometimes and a lot of people have that problem. Add that ideaology to an operating system that looks good but doesn't provide the level of security that should be initial as well as not educating the user how to be more efficient, productive, AND security-aware and you have 98% of the MS users out there being mindless idiots that click every button they see.

Security = 1 / Convenience

I'm aware of that algorithm more than I care to think about. Locking down systems and keeping the evils of the internet at bay is a tough task. Tripwire is a great tool but when people cover their entire file system, they get tired of reading logs left and right and just ignore them...so what's the point of Tripwire at that stage?

To get back on topic, catch, I hope you find a way to get your soul back, hehe. I can't imagine working for a company where my sole job would be to integrate spying technology and techniques to use against my own country's people. I think I'd rather move to Redmond and work as a Vista programmer before that, hehe!
In the world of protection, one thing is for sure: security = 1 / convenience.

User avatar
xierox
Hoopy Frood
Posts: 314
Joined: Sat Dec 31, 2005 2:08 am

Post: # 21059Post xierox
Wed Jun 21, 2006 4:54 am

J_K9
J_K9 wrote:I'm assuming you don't think they're good enough for use in an organisation because they don't support ActiveX? There may be a plugin for Firefox - I'm not sure about this though...
I'll almost guarantee you it's not a reason as simple as that. ;) And yes, there is a plugin that will do that, although I do not personally use it. http://www.iol.ie/~locka/mozilla/mozilla.htm
J_K9 wrote:To add a touch of lemon to the wound.. They are dumbing down security too much, and rather than teaching users how to secure their systems properly, they are simply adding a bunch of GUI tools so that the user can do it themselves without education.
This is what the end user needs: a desktop that's decently secured (not perfectly as this is both impractical and impossible, but decently for the average user) by default. Microsoft has had the tools to properly secure their OS for years and yet they're still criticized for being "insecure" because 95% of people have no clue to use them.

J_K9 and Vorlin:
I've always blamed companies for doing nothing to educate the end-users but rather making everything glitzy, shiny, and full of the "Press me!" look. There should be a big fat "READ THIS FIRST NOW YOU UNEDUCATED LUSER" text file opened on an initial boot for Windows. I blame MS more than anyone else because they've not been in the business for a more secure OS and it took them all the way up to XP SP2 before their OS became inherently more secure just because they turned on stuff that should've been on before and turned off stuff that should've have been enabled to begin with.
What's the difference between a button that screams "Push me to secure your system!" and having the system secured by default? Very little, if either a) the button does nothing but make the system more secure or b) the user presses the button but ignores the documentation stating what the button does. (This is a likely scenario. Working in tech support has taught me how few people read documentation.)

Users don't want to learn how to use a computer. They just want to use it. Yes, this is irresponsible, but it's what most companies (have to) cater to in order sell their product successfully.

Just my $.02.

- Xierox
Last edited by xierox on Wed Jun 21, 2006 5:09 am, edited 2 times in total.
Image
Sometimes the light's all shining on me, other times I can barely see. Lately it occurs to me what a long strange trip it's been.

User avatar
Debs
Mrs. Drunky McDrunkpants
Posts: 860
Joined: Wed Jan 04, 2006 9:07 pm
Location: Florida

Post: # 21063Post Debs
Wed Jun 21, 2006 5:04 am

I love reading your posts catch. I can go directly from reading one of your posts to cleaning out my cat litter box and feel like I'm probably cleaning up something that's smarter than I am.
The post office just released a new stamp in the shape of a clitoris but it's not selling very well because only 3% of men know how to lick it.

User avatar
xierox
Hoopy Frood
Posts: 314
Joined: Sat Dec 31, 2005 2:08 am

Post: # 21064Post xierox
Wed Jun 21, 2006 5:06 am

Debs wrote:I love reading your posts catch. I can go directly from reading one of your posts to cleaning out my cat litter box and feel like I'm probably cleaning up something that's smarter than I am.
Agreed! :mrgreen:

- Xierox
Image
Sometimes the light's all shining on me, other times I can barely see. Lately it occurs to me what a long strange trip it's been.

catch
Wankers Cramp - no - its from typing - HONEST
Posts: 995
Joined: Tue Jan 10, 2006 3:49 am

Post: # 21067Post catch
Wed Jun 21, 2006 6:07 am

I'm assuming you don't think they're good enough for use in an organisation because they don't support ActiveX? There may be a plugin for Firefox - I'm not sure about this though...
ActiveX, group policy, integrated Windows authentication, and the lack of sanity in supporting redundant software.
I'll almost guarantee you it's not a reason as simple as that. And yes, there is a plugin that will do that, although I do not personally use it. http://www.iol.ie/~locka/mozilla/mozilla.htm
That plugin is less than stellar.
I've always blamed companies for doing nothing to educate the end-users
I have no issue with this, in fact my belief is that end users should not need to know anything about security, only about how they wish to use their computer. Security should support their use, not impede it.
What's the difference between a button that screams "Push me to secure your system!" and having the system secured by default?
Heaps. By default the use is assumed... if i were hired to be head of OS Security at Microsoft or anywhere for that matter... I would use templates like those the NSA had authored... but more comprehensive.

The user would select for a series of simple menus how they plan to use their computer and the appropriate templates would be applied. If the user wished to do something new, like run a web service, during the installation of IIS the user would be presented with the template menu again, reduced to be relevant of course. If the user installs something else like Apache, provide no template. Users that seek outside, unapproved software should know how to handle their own security.
Users don't want to learn how to use a computer. They just want to use it. Yes, this is irresponsible, but it's what most companies (have to) cater to in order sell their product successfully.
Which makes you wonder why this fact isn't embraced and supported rather than fought against. Even if every user on earth spent time learning computer security... could they secure their system as well as a top security professional? Of course not, so why try, have the top professionals define templates and everyone wins. Users focus on using and security people focus on security... just as Our Lord, Jesus Christ intended.
I love reading your posts catch. I can go directly from reading one of your posts to cleaning out my cat litter box and feel like I'm probably cleaning up something that's smarter than I am.
Yikes, I'm sorry... it isn't my intention to be condescending or insulting.
Agreed!
Quiet you! ;)

cheers,

catch
Proud Nubian Princess

Post Reply