@thecreativeone91 said:

Pfsense doesn't do well performance wise virtalized. At least it didn't used to. I think they have a pay for version optimized for VM platforms.

It's just FreeBSD plus drivers, right? It should do as well as FreeBSD does on whatever platform is in question. That FreeBSD doesn't have PV support for Xen is a major drawback to FreeBSD as a platform in general. But it should only be a question of drivers, in general.

And think about how many things cannot be reasonably secured.... Heartbleed is a great example. You discover you have Heartbleed, so either you wait for a patch and hope for the best or it is available and you patch right away. A security department telling you that things are vulnerable does no good as you would have already known. You just need people to help with the actual patching!

@scottalanmiller said in Are Security Careers Real?:

@IRJ said in Are Security Careers Real?:

@scottalanmiller said in Are Security Careers Real?:

@JaredBusch said in Are Security Careers Real?:

@scottalanmiller said in Are Security Careers Real?:

@VoIP_n00b said in Are Security Careers Real?:

I friend of mine just made the transition to security. He said his pay doubled.

What did he transition from?

And WTF is security?

Right? Everyone says it, but what exactly is that job?

Its a cross between IT and compliance. There are different security roles, but they all fall in between those two sides. Some closer to IT, some in the middle, and some that are almost strictly compliance.

The biggest problem is that often they are just called "security" and can mean almost anything.

Likewise, the IT jobs are often just labeled "administration" or something and equally mean almost anything.

Here (a Fortune 100) the IT Security Department is a joke, It's all CYA stuff to limit liability to the company, nothing of real substance is done there, the normal IT department does more security than they do, a Chief Security Officer was hired a few years back, and I might add under the CFO, not the CIO. And they brought a few entry-level helpdesk guys from IT over with him to help the security team. No real experts. The CSO just copy/Pastes NIST documents. The guys on the team just pull emails out and stop a spread after a phishing attack or disables accounts that were compromised etc. Not real security work, it's just to limit legal liability is all.

Don't waste your love on somebody, who doesn't value it.

@thecreativeone91 said:

Yep, I'm sure it's some of the same people using it. I really never understood using these it's too risky. If you need a VPN get a virtual server you can use or something.

In this case, it's because you want to select the country out of a large list, some of which you cannot easily get a virtual server in. Normal people can't maintain a dozen virtual servers around the world and build their own VPNs just to watch television.

@nadnerB said:

So the Apple has been rotting for 6 months, yet no one has thrown it out?
lol, couldn't resist.

Youtube Video

@Carnival-Boy said:

@Dashrender said:

I agree with Nick and Scott - while this is not good, it's definitely not as bad as it sounds... the bad thing - non technical people won't understand why and they'll just crucify LastPass instead.

I'll include myself as non technical person here. It does further put me off hosted solutions. That's not the only reason I use on-premise (Keepass) as I didn't really like LastPass when I tried it anyway. I do store my Keepass databases in the cloud though, but that's a different risk.

The sad fact of the matter is that unless you completely unplug yourself, you just can't avoid hosted solutions. I say sad, and others will say, what makes it sad? Life has so many advantages today because of the hosted/integrated solutions - this is a conundrum I haven't reconciled yet.

@scottalanmiller said:

If you show only one thing, showing something over and over that is 3% of the market is weird.

As you said, it's only weird if you do sell more than just that one thing that is such a small part of the market.

Look what I just found!

Authy.png

@g.jacobse said:

[TrustedInstaller]

This is normal, and is expected for system files.. http://helpdeskgeek.com/windows-7/windows-7-how-to-delete-files-protected-by-trustedinstaller/

@thecreativeone91 said:

I've never been in a one man shop but, was always required to check email, and phone messages and have VPN access if available at every job I've had while on vacation.

I think you can read more about one man shops in the Divine Comedy

A lot of places restrict the allowed characters because they're morons who don't understand SQL injection and think it's a way to avoid it. Ideally any character should be allowed that can be transferred over HTTP without breaking the hell out of things, which is everything which can be properly encoded.

I do trim passwords though, something old school jackasses think is bad, because after all, if there's a space at the beginning or end of a password, or a newline/return character, it must be on purpose, despite the fact that 99.9999999999% of the time it's because someone copy/pasted the password from an email or something and accidentally added on the space/\r/\n. Of course you can make the argument of never sending a password in an email (and we don't), but tell that to users who will do it all day long.

I also wrote a method to deal with "easy" passwords, things like repeating words, pattern recognition for phone numbers, birthdates, etc.

Yeah I can't recall when I started using it either. At least 4 years, but probably more.

I've been talking to my boss about it for use in our office for years, but she says she doesn't trust the technology - i.e. passwords stored on the computer in general.

Recently she while she won't use it, I'm welcome to get others to try it. Of course we all know that without management buy in, software like this rarely takes off due to originating start up cost (time to learn it - sadly no password manager is truly easy to use, especially when websites don't conform).

That said I will be trying to make a better push.

@thecreativeone91 said:

Seems appropriate

Youtube Video

Looks like a lot of fun!

My brother lives in Istanbul, what a crappy country.

@scottalanmiller said:

Well the setup in the article uses the graphical login interface, so no.

Darn. That'd be cool.

@Dashrender said:

That's definitely different than other trusted sources lead me to understand.

Check your sources. Are they quoting the laundry list of 2013 (this article was 2014) references to the opposite being true? Looks like there was reason to believe it in 2013, but nothing substantial, so everyone repeated it. But it got put to the test in 2014 and proved to not be what people had been saying.