And... I'll give this one a + -10 -b
On Mon, 2004-09-20 at 17:44, Stryc9 _ wrote: > What is with the current state of debate in the Information Technology > sector? Why does every post seem to follow the very illogical and > seemingly uneducated format of: > > 1.) point > 2.) bad, stupid analogy > 3.) ??? > 4.) I am right!! > > Stop using farking analogies!! You aren't talking to your IT director > or Project Manager here... we all understand the issues and the > technology surrounding them. > > All further communications containing analogies will be moderated -5 Retarted. > > On Mon, 20 Sep 2004 14:57:13 -0400, [EMAIL PROTECTED] > <[EMAIL PROTECTED]> wrote: > > Think of this not so much as criminal vs. noncriminal but in warfare > > terms. Security defenders have to design fortifications to keep out > > attackers. > > > > If I am trying to build field fortifications and my forces have captured > > one of the enemy's designers of attacks, I might very reasonably want to > > pick his brain to help me get better defensive designs. > > > > That doesn't mean I will (or should) believe he has come over to my side > > of the conflict, nor does it mean I would have him design any part of my > > defenses, lest he build in weaknesses. Yet if I tell him of various defenses > > and he tells me of attacks on them which I had not considered, I may find > > value in his advice. What I have to validate for myself, even though I > > distrust its source, still has some usefulness. > > > > The thing is, if I am fighting a war I can probably find people to guard this > > guy and make sure he doesn't see anything but what I show him, and keep him > > from escaping back to rejoin or inform his old friends. > > > > A company wanting to do this had better be more confident than most in its > > ability to build internal barriers to information, and in its ability to > > watch what of its sensitive information gets into the enemy or ex-enemy > > hands, and what leaves them for where. > > > > They should remember: if the captured enemy designer should retain his old > > loyalty and report their secrets to other enemies, the value of that company's > > secrets will be lost. > > > > So how good is the internal security being practiced by the hiring firm? > > Does this indicate, perhaps, some overconfidence? > > > > Glenn Everhart > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Harlan > > Carvey > > Sent: Monday, September 20, 2004 1:20 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [Full-Disclosure] Scandal: IT Security firm hires... > > > > > > Does it not strike anyone that there is a > > > disturbing trend in > > > > malicious hackers (yes, yes, I know, they are not > > > hackers if > > > > they are malicious, so call em whatever you want) > > > getting > > > > hired to security firms, > > > > Regardless of the reason for hiring these individuals, > > this fact should be noted by any organization subject > > to legal or regulatory compliance with regards to > > computer/information security. While the laws in the > > US do not specifically stipulate that reputable firms > > must be used when seeking compliance with vuln/risk > > assessments, etc., one would hope that the > > professional reputation of the assessing firm would be > > considered, as well. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > ********************************************************************** > > This transmission may contain information that is privileged, confidential and/or > > exempt from disclosure under applicable law. If you are not the intended > > recipient, you are hereby notified that any disclosure, copying, distribution, or > > use of the information contained herein (including any reliance thereon) is > > STRICTLY PROHIBITED. If you received this transmission in error, please > > immediately contact the sender and destroy the material in its entirety, whether > > in electronic or hard copy format. Thank you > > ********************************************************************** > > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- -- Unix is sexy. "find", "talk", "unzip", "strip", "touch", "finger", "mount", "split", "unmount", "sleep". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
