Brian Sierakowski

Another thought... What if the USB key versions of distributed software were a bit more? For example, you could buy windows 7 for 200, or you could buy windows 7 on usb key for 220. This would more then pay for the additional costs of the usb key, and the end user would get a 10GB usb key, instead of a disk that they couldn't re-purpose. Probably something I wouldn't mind paying a bit more for, as I'm not one who has 40 usb keys laying around.

Agree 100% about physical media representing an unnecessary overhead for companies in 2009, disagree 100% about the PC dying for home users. One of my first projects when I move into my new house is to buy a new tv, and then set up a media center PC to pipe HDMI out to my TV for hulu, rev3, video games, etc. If we're to talk about dying tech, the TV (and especially cable TV) will be gone in 10 years. I have not turned my TV on in months and months, because we use our PC's for everything. Perhaps the iPhone 12G will be able to output HDMI hulu to my TV, but whatever my PC will be doing will crush that! Beaming the images into my brain perhaps :).

@Barry I think cam makers use CF and such so that they can sell them as addons, and from the uniform and small form factor. I know when I bought my girlfriend a camera, I didn't think twice about buying a 4gb CF card right from the store, if it was USB I would have probably picked one up on newegg instead. On topic, I can easily see USB keys taking over disk media, if the market wanted to shift before downloading (or hosting via cloud technology) becomes the norm. I think we're in a period right now where the average person does not want to wait an hour or two for a program to download, since they have not had the joys of bit torrent in their lives before. When I was in a band, there have been a couple times I ordered large amounts of CD's from different pressing companies. The reason why they could do this quickly and cost effectively is because they had BIG machines that automated the process. Lots of moving parts, which I'm sure required a lot of upkeep. You could make a machine that flashes 100 thumb drives (or more) at a time, and your overheads would be much lower. Also, whenever I ordered a batch of 1000 cds or so, there was always an additional 60 or so added in for "overrun," basically saying that if any of the CD's got messed up while pressing or shipping, the extra 60 should cover that. With flash drives, you don't have to worry about scratches, and imagine how much less shipping materials the companies could use including the smaller size devices, and minus the extra infrastructure to stop the cd from getting crushed. Plus companies save on not having to by default ship extras to account for damaged goods. As for the one time write thing, I'm sure there is something easy that can be done that when you plug the USB key in, it appears as a static drive instead of rewritable... but at that point, why not let people reuse the key? Seems like the eco-friendly thing to do, imagine how many CDr's are sitting in a landfill right now. How about and exciting future where you carry around your microsoft USB key, and you stop at licensed microsoft kiosks in the mall, plug your key in, and then load it with the latest greatest version of..... well.... microsoft has to come out with something great, but you get the idea. Not that THAT would ever happen (and not that it isn't a ridiculous idea), but I think that using USB keys instead of CD's leads us to a more advanced software distribution system. So, are USB keys a reasonable way to distribute software, sure, but if the question is will developers start adopting it... can't really say. I'm sure they've made such large investments into their CD farms that it would be pretty painful to scrap them, even though it's a pretty good idea.

Hrm, I didn't think of the court case thing. I'm not sure if that's what they're planning on doing, but if they are that's a legit reason to withhold some info. However, if not, let's get it done. The damage has been done, both to the servers and politically, I think the best thing for them to do is to own the story, explain everything, and everyone gets a great real life lesson out of it. I know I for one spent a night changing insecure passwords after the attack, but hopefully we can use this for more then just a minor wake up call.

What's your budget looking like? I agree with eazy, free is probably best... How many hackers do you think are trying to inflitrate your personal network? With what's to be gained, I think their efforts are better spent on businesses, since there is more to be had and people are less likely to notice something "weird" happening on the network. Just a thought :).

CCNA Voice is a great call, I think my vendor specific training will help a lot too, but I'm going to recommend this one as well. Any other suggestions would be great, especially if anyone knows any tools you can slap on their network to test for voice readiness. If none exist... that would be a very lucrative product. Drop the app on the network, run a scan, and get a report of how many VOIP conversations can take place simotaneously, detect traffic, raise flags such as blocked ports and other troubleshooting tips, etc. Just a thought :).

All, My company has been running into some issues, we install phone systems into businesses, and increasingly people are opting for the IP solutions. The trouble this causes us is now we not only have to troubleshoot the phone system, phones, programing, etc, but now we have to worry about latency, port blocking, routing, etc. I'm just curious if anyone knows of any tools or techniques we can use to test their infrastructure to drill down and see what exactly is causing the problems we're experiencing. Also, any resources or certifications I can use would be greatly appreciated. Thanks! -Brian

Just a bit of reference, IBM has been doing hardware virtulization since like '92, so if you look at how far we've come in the 3 years that VMware has been popular, we're doing great. If you consider the the technology is 17 years old.... maybe not so much :). On the hard drive note, I think DataCore storage virtulization can do dynamic drives as all their addressing is done through Vvols.

Do you really think so? I think that getting the hash over the wire is slightly more secure then the password, because if you have the password... you have the password! At least the casual network sniffer (if there is such a person) will not be able to then take your password in plain text and log into your account outright. Either way, getting unencrypted traffic sniffed sucks, but i'd rather have my hash sniffed then my cleartext password.

I'm looking forward to the lessons learned episode.

Sort of reminds me of this: http://www.instructables.com/id/Give-Your-...Twitter-Powers/

Yep, there's no data on there anyway other then the win7 install.

Twitter servers have been overloaded for a while, I don't think it would take a very large bot net to take it down, especially if the attack was designed for twitter.

I don't know that it's entirely for "WTF" reasons... we watch shows on executing the cold boot attack, cracking WiFi, etc, but this is a REAL security breach. You would think that out of anything that's happened, we could use this as a "learnable situation," discussing whats happened, how it was fixed, and how it can be prevented (if it can be prevented). It sucks, for sure, but the damage is done (literally and figuratively,) the only thing that the group can control after the fact is how they handle the situation. I think at this point it's turning lemons into lemonade for the community.

I tend to side with the businesses on this one... It's their hard work and inventiveness that's brought the product around in the first place, who are we to complain about how they went about securing the product? It would be one thing if we were talking about a fundamental flaw in the product, but even then, the solution is to not use the product. Don't agree with the way a company handles something? Vote with your dollar and take it elsewhere. I just have a hard time getting too in a bunch over "how dare those sneaky developers stop me from re-purposing their hardware I found on the ground." If someone from the company was on the board, their answer would probably be "to stop you from picking up a free copy off the ground and using our service for free," lol.

Also, you may want to try the low level format utility provided by the hard drive manufacturer if you're dead set on wiping the drive... However it sound like it's wiped enough, you should be fine to put XP on there if the hardware is OK.

I don't know how I feel about giving the USAF my info... lol.

Well... yeah, lol. Anyone who tries to "impress" anyone with the fact they have Sec+ should be shot down. Unless you're getting certs that have a VERY low rate of success, you shouldn't be bragging. Plus, if you're smart enough to pass your CCIE, you probably don't care what other people are thinking :).

I would read the comments here: http://peterkleissner.com/?p=11 before getting too excited :).

I think you might be better off just going with an SSD. Same basic idea, but its persistent. http://www.newegg.com/Product/Product.aspx...N82E16820167005

The passwords would have been compromised, but you would be assured that you aren't being foolish and using the same password in two places. If the server gets rooted... its rooted, but at least we can do damage control on our other accounts so we don't get mubixed. Not that they would have any interest in what I'm doing anyway.

Same, I'm using a firefox plugin to do the same. Used my firefox saved passwords to look up all the sites with the same or similar passwords, then changed it to random stuff. Security 101 I know... but looks like even the best of us make mistakes.

I think we should make the list public, I googled the txt file and I saw that one of my old passwords was on there that I cross referenced on my firefox list.... still was in use on a few sites. Be sure that NONE of the passwords you have ever used on here show up anywhere else.

That is the coolest thing I've seen in a while. I think an instructables is in order :).

Ya, the idea with certificates is that you can verify with a trusted 3rd party, if you skip the 3rd party you don't have too much more then the machine claiming it's own legitimacy.