On Thu, 6 Apr 2006 21:51, Tim Churches wrote: > No, I didn't miss it, as I took pains to explain at some length in my > last post, if you care to read it. What I did miss is the logic I have > come to expect from Horst, sadly absent in this instance. I will repeat: > NSW Police revealing Internet mailing list passwords: stupid mistake. > HeSA's policies on key generation (and just about everything else): > stupid mistake. Are the two even vaguely related: nope. > > Horst, I don't care if you bag HeSA: they deserve it. I don't care if > you bag NSW Police, or any other government organisation: they probably > deserve it too. I do care however, if you of all people, suggest that a
What you don't seem to understand: - no level of our government or it's institutions has got any demonstrable expertise in IT security - various levels of government have -even repeatedly- embarrassed themselves with security blunders - despite these observations they expect us to depend entirely on their "security" models - most people don't understand this because they are clueless themselves; but showing them examples like this one helps them to get the drift If our government had a clue, it would have a policy that would make such blunders a rare exception rather than the rule. It would actually listen to expertise and take advice on board instead of just hiring consultants who diligently repeat what they are told to tell, or who diligently just report what they are expected to report. I see the government as a whole - if one part of it blunders, I wouldn't expect other parts to perform any better. Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
