Disqus - Latest Comments for skiermm89

Re: Black Hats in the Ivory Tower? Unlikely.

skiermm89 — Wed, 06 Aug 2008 21:19:09 -0000

It's all about the matter in which they go about vulnerability communication and escalation. That's what draws the line between the security researcher and hackers.

In the big picture, the responsibility falls onto the corporation to monitor all facets of vulnerability sources. Security through obscurity should never be a strategic posture.

Re: Security in Beijing

trim17 — Wed, 06 Aug 2008 18:59:39 -0000

Another side note: US Secretary of Commerce Carlos M. Gutierrez left a laptop unattended for a few minutes last December, and it's being investigated as to whether it was cloned as well.

Re: Black Hats in the Ivory Tower? Unlikely.

trim17 — Wed, 06 Aug 2008 18:55:08 -0000

Hat color.

Joking aside, there really is no difference other than intent. And disclosure. At least how I see it.

You raise an excellent dilemma in the security world. What is the difference between a security firm contracted to audit Germany's biometric passport system, and the hackers from the Chaos Computer Club proving it insecure for free? (cf. http://www.theregister.co.uk/2008/03/30/german_...) Why pay for a
"security tool" when hackers release such excellent cracks and tools for free? (http://insecure.org)

Undoubtedly there are very professional security researchers at the highest levels of business, government, and academia and producing excellent work. Equally true is that many vulnerabilities and exploits are still found by amateur hackers.

Re: Black Hats in the Ivory Tower? Unlikely.

skiermm89 — Tue, 05 Aug 2008 19:36:26 -0000

What's the difference between a Hacker and a Security Researcher?

Re: Security in Beijing

skiermm89 — Tue, 05 Aug 2008 19:29:34 -0000

Foreign citizens traveling to the Beijing Olympics should definitely be aware of this heightened level of “security." On top of video surveillance, China is ordering hotels to install network monitoring devices. I advise anyone to traveling to the Olympics to leave any laptop (and smart phone) that contains confidential information at home, or expect to share it with nationalist hackers and Chinese government.

On a side note: A top UK aide was social engineered last year after being picked up by at a disco party. His Blackberry was missing the next morning. They most likely cloned it. I don't Gordon Brown was too happy with him when he found out.

Re: Techies’ Top 20 Apps and Websites

daehee — Sat, 10 May 2008 10:48:54 -0000

Outlook is not open-source. Switch to Thunderbird.

Re: Techies’ Top 20 Apps and Websites

skiermm89 — Sat, 10 May 2008 07:41:09 -0000

I've been using Outlook for the past year with my school's email account. I haven't had any real problems other then the occasional freeze-up when starting it up, and that is more likely a Vista issue than Outlook. I really like the interface with the calender and task features, because it makes it easy to become your own taskmaster. I understand that the major downfall with desktop applications like Outlook are the mobility and data portability, but I don't think you could justify classifying Outlook as horrible. David and Hannah, what do you think is so bad with Outlook?

Re: Xobni featured in New York Times

skiermm89 — Mon, 05 May 2008 23:23:43 -0000

Xobni is open to the public as of today. Download Xobni Here!

Re: Xobni featured in New York Times

skiermm89 — Mon, 05 May 2008 16:00:39 -0000

thanks for the correction

Re: Xobni featured in New York Times

daehee — Mon, 05 May 2008 15:17:41 -0000

I wish I could try it but I'm on a Mac.

Re: Xobni featured in New York Times

skiermm89 — Mon, 05 May 2008 14:53:25 -0000

I am a current beta tester of Xobni, and I must say that I am extremely impressed. My only issue is with the phone number extraction. Xobni has problems with incorrectly linking phone numbers in the message to the sender. I don't know what sort of query that Xobni uses at the time being, but it seems like there should be more work put into it. It should look for contact information near the number to determine if it is the sender's number or someone else. I also wonder if there is any special query to locate the email signature. Overall, I think Xobni can go really big, and I'm proud a Penn State IST alumni was a part of it.