> From: Jared Mauch <[email protected]> > Because someone told them the wrong thing and they don't know any > difference. Just because they're an auditor doesn't mean they are > clued. Simple thing would be to show them a dns query that requires > tcp, such as:
Would you show anything to a doctor prescribing bloodletting to cure what ails you or would you quietly leave? (except for lab work) Someone who let a financial auditor with equivalent ignorance about the fundamentals of bookkeeping near the company's books (not to mention hiring) would fear being fired or indicted as an accessory. If your boss or boss' boss' boss etc. hired an equivalent to audit the company books, you'd infer the worst and start looking for a new job while the banks are still cashing your paychecks. The same should apply to network security quacks. Bogus security audits or auditors might not signal as much about your paychecks as bogus financial audits, but they do signal coming security disasters that probably won't help your career. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
