My post, just not here.
…me, Ron Gula, Sheldon Malm, and Bob Greenbaum. You can listen to the recording here.
Here’s a slideshow of the worst US cities for IT workers. Here’s the list of them:
1. Detroit, MI
2. Bentonville, AK
3. Cleveland, OH
4. Syracuse, NY
5. Boston, MA and San Francisco, CA
6. Any town in Alaska
7. Orlando, FL
You can compare that to the 10 cities with the best IT job prospects:
1. Atlanta, GA
2. Boston. MA
3. Chicago, IL
4. Dallas, TX
5. Los Angeles, CA
6. New York/New Jersey
7. Philadelphia, PA
8. Seattle, WA
9. Silicon Valley, CA
10. Washington D.C/Baltimore
Poor Boston seems a bit schizophrenic. Of course, one could argue that “Silicon Valley” and “San Francisco” are too close to each other to be counted differently. I mean, what percentage of IT workers employed in SF actually live within city limits? To be fair, ‘where the jobs are/aren’t’ is a different metric from ‘best/worst.’ You could have a high number of jobs, but still end up in the ‘worst’ group if the external environment is bad.
There are a lot of businesses that make it hard for their customers to actually buy something. They organize their stores in confusing ways, open and close at odd hours or on odd days, and institute policies that *seem* good for the company or shop, but really only serve to make it harder for customers to buy. Return policies are the best examples. Many companies institute policies that are restrictive about how and when you may return merchandise you don’t want. Operations like Zappos and Nordstrom take the opposite approach. It’s hard to argue that one way or the other is the right way to run a business. Both are successful, and when talking about return policies, there’s probably a right balance.
There are other ways, however, to ensure that your product is easy to buy. I walked by this shop called Gather (warning, auto-music on link) yesterday and it had this sign in the window.
Caribou, as you can probably guess or already know, is a cafe. Gather is located right next to Caribou. There are a lot of shops that post signs saying “no food or drink,” which is really saying that if you are eating or drinking, they don’t want your business. Gather could have posted nothing, implying that drinks are ok. This sign, however, simply suggests that once you have your half-caff, extra strong, skim, no-whip mocha, you might just enjoy drinking it in their shop instead of sitting in Caribou.
I have a strong dislike for automated help systems that fail almost completely to actually help you. So I was really pleased to find that Whirlpool is actually quite helpful with my refrigerator. I heard a dripping sound from the fridge, checked out and found that it was indeed dripping and filling a pan underneath. I went to Whirlpool’s website, put in that I have a refrigerator, the type and ‘dripping water.’ The second search result was “A water dripping sound may be heard as water runs into the drain pan during the defrost cycle,” and it comes with an mp3 of the sound so I can identify if it’s the same sound I’m hearing. Nice.
Some stats about Web Application vulnerabilities from White Hat Security.
Around 30 percent of Websites are likely to contain content spoofing bugs
18 percent, insufficient authorization
17 percent, SQL injection
14 percent, predictable resource location
11 percent, session fixation
11 percent, cross-site request forgery (CSRF)
10 percent, insufficient authentication
9 percent, HTTP response-splitting flaws
To be fair and accurate, of course, these statistics apply to the sample group of White Hat Security customers, not the entire Internet.
The Segway was a revolutionary feat of engineering. It’s called “dynamic stabilization” and allows the Segway to run on two wheels without falling over or causing the rider to tumble off. When it came out, people were interested.
The problem with Segway is that the thing that makes it unique, the feature that’s hard to replicate, isn’t actually that important to the market. See, you can deliver a personal mobility machine suitable for almost everything the Segway does without ‘dynamic stabilization’ technology. Just add a third wheel.
Not a Segway
Ok, it’s really only one question: Why am I here?
The link is to a short blog post that’s worth reading if your day generally involves attending meetings.
PCI FAQ featuring me at Practical eCommerce: http://tinyurl.com/dcsevk
Tagged tweet
General Protection Fault indeed.
Ok, so ATMs are computing devices and ergo they’re vulnerable to attack. Why is this attack interesting? Why is it worth a post? Well, let’s start here:
“This is not something the average hacker on the street would have access to,” he adds. “They need physical access to the ATM — they need to have someone on the inside or involved with the manufacture of these devices to gain access and install the software. ”
Even the outsider attacks are insider attacks. You know, with the technological advancements in virtualization, I can’t help wondering if the attackers didn’t just develop against a virtual machine. Heck, I can’t imagine that Diebold doesn’t have a way to virtualize their own ATMs for development and testing. So, conclusion #1: just because you are an ‘appliance’ doesn’t mean you can’t be copied and hacked.
“The Trojan collected PINs and the so-called Track 2 encrypted data stored on magnetic stripes on ATM cards, he says, which allowed the attackers to clone real ATM cards. They would then insert their own specially crafted card into the Trojan-infected ATM machine to gain access, and the machine would then spit out the stolen information via the machine’s printer.”
So they went to the trouble of hacking ATMs, but the only method they developed of delivering the data was for someone to walk up to the ATM and print out the info that’s been collected? Seems to me that if they’re skilled enough to pull off this hack, then they’re skilled enough to find a way to bulk deliver the data. Of course, sometimes low-tech is the most successful route, but it wouldn’t surprise me if this wasn’t a proof of concept or if this ATM malware doesn’t have a longer life in some unexpected way.