@thecreativeone91 said:

@Reid-Cooper said:

That's pretty scary. Makes an argument for just hanging up and not messing with them. This takes it far beyond scamming. This is now threatening and extortion.

Scary but not quite as scary as ISIS using DMCA request to get american's personal information http://www.reddit.com/r/news/comments/2lgot5/terrorists_used_false_dmca_claims_to_get_personal/

Well as the goals of ISIS and of DMCA are both purely to hurt Americans, it makes sense that they would join forces.

A big company I worked at years ago, there was an employee sleeping with a under executive and basically got away with murder all the time, and this was against policy, and yet nobody ever did anything. This company is almost bankrupt today, I wonder why...

@scottalanmiller said:

As Americans, the costs of certification tests are quite low. We don't really think of it as an onerous cost. But to much of the world, any cert test represents a significant investment, especially to people just entering the field. In the US we are used to "grab any cert you can pass", which mostly makes sense. Skip a few nights out, have a few fewer drinks and you've paid for an exam. Doesn't work that way for a lot of people, it's a major investment and picking the wrong cert could be a devastating loss of income.

Ok, fair enough.

LOL, GeekSquad just figured out what malware is.

There is auto-login, but that is probably a step farther than you want to go.

http://www.dedoimedo.com/computers/ubuntu-mint-autologin.html

@scottalanmiller I got an itch to disassemble it, I gotta see it! It's tearing me apart!

@scottalanmiller said:

What issue did you have with XP? I've never heard of an issue with the XP firewall.

The only issues I ever recall hearing about where that some where unhappy that XP didn't block outbound by default. And even today it's easy to setup. But then again I don't want normal users to do that to themselves anyhow.

@JaredBusch said:

I prefer a 12 month or non-expiring password but at least 16 characters long. Complexity can go fly a kite. Those only cause users to write things down.

Finally! For a long time I thought I was the only person who enforced this policy. Even as a part of GPO on our domains I set it as minimum of 12 (due to the entropy at the time), but basically turned down the complexity. Even some of the more non-technical users have extremely complex passwords now that they don't need to write down, because I encourage four random words with maybe a number or two between them.

And hey, if you wanna get inventive with the spelling, go ahead, if it's easier for you to remember, helps against broad dictionary attack as well. More experienced people will try cracking passwords with multiple words and even numbers, especially these days, but obviously even some crap like (3fOe38!45b is not only easy to crack, but also hard to remember, and I'm still baffled as to why this is encouraged. I'm sure you're aware of this, but I'm just saying it for people who may not realise that complex to remember does not mean complex to guess.

@scottalanmiller Social engineering is a great way to get what you want. Buffer overflows, unescaped SQL queries can be patched, people wanting to be "helpful" is an aspect of our culture and I imagine only by hiring the most irritating, least helpful people on the planet can you begin to really secure yourself against your own employees.

@Reid-Cooper said:

If you do not want your VMware host to reach the Internet or any other subnet, you could also not give it a default gateway thus blocking it from communicating over any router automatically.

It's the computer I didn't want to reach the internet. However, I wanted the VMware to be alble to. I've, since then, achieved that mission.

If this is the font patch, there's been reports of it breaking systems.

WTF, they use 443 but do not encrypt. lazy pricks.

That is really nice that so many companies stepped in so quickly to remedy the situation. Kudos to them.

Lol, pwnt

@Reid-Cooper wonderful

This comes after the government site healthcare.gov has been caught sending private information to advertisers via headers.

http://abcnews.go.com/Technology/wireStory/privacy-concerns-governments-health-care-website-28340119

It's always best practice to disable root login over SSH, especially from the Internet; use su or sudo for root access. Another good practice is to disable password-based authentication; only use keys with a passphrase. The setup you're doing here is useful for allowing scripted/automated connections between machines (e.g. for backups, scheduled tasks, etc) but they should be accounts with limited access, not root. You should be creating layers that make it difficult for someone to gain access to your systems; root keys with no passphrase means you're solely relying on that one strong password (which is one keylogger away from being defeated.)