Tuesday, January 27, 2015

Heaven Knows It's a F'ed Up World - What I am reading 1/27/2015

I don't really have much at the moment so lets open with a song that is currently heavy in my rotation:

Heaven Knows

Medium - The Way We Hire Is All Wrong -

The author starts out with the fact that 48% of new hires won't make it through the first year at their new job (apparently this is kind of a global statistic that applies across all companies).  From there she concludes that the current hiring process is wrong and a better paradigm is needed.  The one offered here is a 48 hour workshop where participants build a project and present it to a company or companies sponsoring the workshop.  They will then decide whether to make an offer.  The article kind of falls apart though when it turns out that this process doesn't work either.  Read the article for the details but it seems just as haphazard. 

Dark Reading - NSA Report: How To Defend Against Destructive Malware -
NSA's recommendations recap some strategies the NSA previously had published in its "Information Assurance Mitigation Strategies" report. Among the best practices in the latest report for preventing, detecting, and containing attacks are:
  • Segregate network systems and functions so that if an attacker hacks in one area, he can't necessarily reach others
  • Reduce and protect administrator privileges to minimize the damage if a bad guy obtains them
  • Employ application whitelisting to prevent malicious code from executing
  • Limit workstation-to-workstation communication to reduce the attack surface
  • Run perimeter firewalls, application-layer firewalls, forward proxies, and sandboxing or other dynamic traffic and code analyses
  • Use and monitor host and network logging
  • Implement pass-the-hash mitigations
  • Run Microsoft's EMET or other anti-exploit tools
  • Employ antivirus reputation services to augment traditional signature-based AV
  • Run host intrusion prevention systems
  • Regularly update and patch software
Mostly commonsense stuff but since it has the NSA imprimatur on it it will be instantly discarded.

Slashdot- Coding is not the new literacy -
He further suggests that if anything, the "new" literacy should be modeling — the ability to create a representation of a system that can be explored or used. "Defining a system or process requires breaking it down into pieces and defining those, which can then be broken down further. It is a process that helps acknowledge and remove ambiguity and it is the most important aspect of teaching people to model. In breaking parts down we can take something overwhelmingly complex and frame it in terms that we understand and actions we know how to do."
Actually I would say that literacy should be the new literacy but that's just me.

And I guess we will close with another song -

Fucked Up World -

Post a Comment

So whats going on here

Not much.  Started indexing my ICS456 books (Fundamentals of Critical Infrastructure Protection).  I am still on track to be one of the fi...