The GSA should be held accountable for the solarwinds123 fiasco. They have sat on their hands for years spending billions (trillions?) and not really taking their supply chain seriously. Also worthy of mention is the NTIA's Software Transparency initiative:
  https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.ntia.doc.gov%2FSoftw...

You can get a pdf of the south expo floor plan here:
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.rsaconference.com%2F...

Exabeam booth was #555

So the adjacent booths may be part of the RSA coronavirus cluster:
Unisys, Thycotic, KnowBe4, Signal Sciences, Siemplify, were all within about 15 to 25 feet of the Exabeam booth.

Knowing whether the infection spread from that both is now just a waiting game.

....find another client.

The real value here is it enables much more granular logging.

I object to this article, however, on grounds that this is not news. It's a press release, and crap like this is why I only visit slashdot every few months any more.

Wish this had made the real news. We know this sort of thing happens, but airline industries are highly effective at having this never reach public discussion.

So... "fun gimmick, or a serious commentary on an increasingly surveillance based society?"

Really?

How about both. Are having a sense of humor and making a serious comment mutually opposed? Slashdot deserves better.

Not 100% sure this is WebKit-free. On MacOSX there's still a reference to webkit in the UserAgent string as: "AppleWebKit" anyway.

Wild, I never expected these poll results to look like a progress meter.

du -h

Duh.

Anyone can be seriously "offensive" in this business. All it takes is $100 laptop and msf.

Defense? That, my friends, is the multi-tens-of-billions industry we're in.

Cyber Command? Show me your defensive game and stop wasting my tax money.

Apparently, I'll never understand Slashdot. The latest junk from Facebook, Microsoft, Amazon, Apple, Oracle, et al. make the front page, but one of the highest quality open source releases gets buried. (It's almost like people self-medicate their marketing these days, but separate issue.)

I got 6 years of uptime once off of NetBSD on sparc. This stuff is gold. It's platinum. It's so stable, you have to worry about making sure you get around to patching your apps because the OS just never dies... stick this on solid state storage with the new NAND support, and you don't even have to worry about spinning disk fails. As a network device OS, this will be an awesome high-uptime packet sensor or embedded packet router.

Bravo NetBSD! Keep up the good work. This is top headline stuff.

I was 28 years old when I entered university. With a background in law enforcement and military the idea of being some prep-school university type was not something I wanted to do. In my late 30s I received my Masters degree in computer science and saw a significant increase in perception of how my income was made. After the dot.bomb I was doing pretty good but shrinking staffs, horrible hours, executives who ran IT shops like they were slave pens, had me burning out pretty quick. I'd stepped out of doing the stuff I thought was fun and started getting paid to do stuff nobody thought was fun. I took a mid-university professor job, but they wanted me to get a PhD. A masters degree is sort of like being a journeyman. You've mastered the discipline. A PhD is about defining the future of the discipline. There are a lot of junk PhDs out there. I've read their dissertations. There are a lot of good people with bad degrees and bad people with good degrees. Look at the trends to define rather than specific anecdotal evidence like my case. Don't mix up the history PhDs with the Computer Science or Technology degrees. What I would say was that I took nearly a 66% cut in pay to become a professor and full time researcher. I got the opportunity to do what I want, when I want, and how I want. After I got my PhD I ended up in one of the top engineering schools in the world, have done tours at major science institutions and government agencies, and turn down opportunities to work with others. So, yes a mid life PhD can be a great thing for your career. You will find that people who don't have a PhD don't have any clue what it means to have one are either jealous or ignorant. A research based doctorate (PhD) versus an applied doctorate (DSc) will give you a broader understanding of what research is and how it is done. I was just speaking at a major national lab to a bunch of masters degree students about why they should get a PhD. I told them "don't do it." Unless, you love research, are willing to commit 5 to 7 years towards the goal, have your employers buy off, family buy in, and time management skills to die for. Nobody listens but the PhD is really about what you put into the effort. That will be obvious when you finish the longest test of your life. The dissertation. In the end that will determine whether it was worth it.

Exactly. Clinton never said they hacked anything. One news agency ran with the hacking story, and over 12 hours ago they already were reporting that it was "buying advertisements". Not that reality, facts, or truth should ever be used in these situations. Even the Washington Post has changed their story http://www.washingtonpost.com/world/national-security/us-hacks-web-sites-of-al-qaeda-affiliate-in-yemen/2012/05/23/gJQAGnOxlU_story.html but don't let that stop anybody.

More like Logan's Run. I have been Michael's number two guy for about 5 years. And we make a great team. We're like one of those classic famous teams. He's like Mozart and I'm like... Mozart's friend. No. I'm like Butch Cassidy and Michael is like... Mozart. You try and hurt Mozart? You're gonna get a bullet in your head courtesy of Butch Cassidy. - Dwight Schrute

Not sure about that. DOD Instruction 8500.2 (2003) says 8, but the construction requirements are exactly the same as we did it. There are differences based on the information found on the system. The Windows Server 2000/3 wouldn't even allow more than 14 characters if I remember right.

My students using 300 nodes of a computing cluster were able to crack 57K DOD spec passwords (7 characters, upper, lower, symbol, number) in a few hours (Windows 2003 enterprise server). The goal was to crack 450K passwords in 24 hours but we had to call off the last run due to finals. Nothing about this project was hard. Using F/OSS and a lot of computing cycles cracking them was a piece of cake. Simple two-factor authentication is horrible. Especially when you give up the userid as an email address, or use a standardized naming scheme. Yes this would have required basically physical access to the server. Still as a test with enough horsepower and some tuning you can break even tough passwords quickly. We were basically trying to up the ante on a previous example where a person did 400K passwords in a few months using commodity hardware.