Forwarded from: Dean Bushmiller <dean.bushmiller (at) expandingsecurity.com>
The Painpill- because no one takes vitamins regularly. This is a weekly
security discussion and sometimes rant with a commercial at the end for
training.
Government shutdown, fiscal cliff...
Everyone is talking about the government shutdown. It is important. I
don’t want to play the blame-game, but I do want to talk about what I feel
is an unnecessary Denial of Service attack by NIST on all of us.
Let’s frame the conversation with a few questions?
If you go on vacation or a break, Do you turn off your web server or
website?
If you cannot afford your power bill, do you light a neon sign that says
"We're Closed" ?
If you set up your website and find you cannot do updates, Do you tear the
whole site down?
Everyone reading this would likely say NO to all the above. NIST said YES
due to the government shutdown.
Why are SP800 documents important?
We all use the collective guidance of Special Publications to direct
security decisions. For Expanding Security, we use Special Publications as
part of classes. I share their importance and always tell students to get
a copy. These documents were created and paid for with U.S. tax dollars.
Done. Access to the documents should be… accessible no matter what
current political problem is occurring.
Here's the thing, it costs nothing to let a website run. Well OK it costs
server time and electricity. So if you ran out of money, you would turn
off the server. But NIST tore down the main page and put up a big fat
FINGER to all of us. What do I mean?
The server doesn’t need to have a person feeding it data; there is no
person on the other side of the server waiting to hand me my SP800-37.pdf.
The documents and pages once built do not need any support.
The correct way?
I would have total respect for NIST if they turned off the server because
they ran out of funding. But to leave it running and DoS people who need
pages is just wrong. It goes against everything that information
technology is about.
Hey NIST if it's really about running out of money, turn off your server
instead of flipping everybody off.
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
