A better understanding of the fundamental problem is that the entire .gov, and most of the .mil, posture is: "we are in compliance with standards". The problem is, those standards were developed by a committee to address threats defined when the committee was formed, and are thus years out of date.
>-----Original Message----- >From: [email protected] [mailto:[email protected]] >On Behalf Of [email protected] >Sent: Friday, May 15, 2009 7:51 PM >To: Larry Seltzer >Cc: [email protected] >Subject: Re: [funsec] U.S. Attorney's office tells employees not to log >onto Drudge Report > >On Fri, 15 May 2009 20:38:11 EDT, Larry Seltzer said: > >> But what really has me concerned here is that the Justice Department's >> malware management technique is to tell their users not to surf to a >> specific web site. That can't be an effective answer. They can't deal >> with this at the gateway somehow? > >You gotta remember that DoJ's computer security stance is probably best >described as "at least it doesn't suck as hard as Dept of Interior". _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
