My point was to what data was remotely accessible. -- Espi
On Tue, Aug 6, 2013 at 10:33 AM, Steven M. Caesare <[email protected]>wrote: > Seeing as how you are obviously referring to me, allow me to ask:**** > > ** ** > > Given that I responded to your _*SPECIFIC*_ point about this being a MTIM > attack (quoted below for you convenience), why your subsequent dismissive > response?**** > > ** ** > > -sc**** > > ** ** > > (quotation follows)**** > > ** ** > > “> The resulting exposed data in a MitM scenario is unique and has > substantial potential. **** > > Why is this unique as compared to something like the VPN algorithm itself > being compromised allowing the same level of remote access in to your org? > Both have the same potential for damage.”**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Micheal Espinola Jr > *Sent:* Tuesday, August 6, 2013 1:19 PM > > *To:* [email protected] > *Subject:* Re: [NTSysADM] man-in-the-middle attack**** > > ** ** > > My "whatev" was a sarcastic reply to someone I have known online for > years. Like I said, I'm not repeating myself. You see the point, or you > dont. Some people do (as reflected by offline communications), and some > people don't. This is a matter of choosing to or not. I'm not going to > try to change your theology on risk management. But I will state /one last > time/, that my opinion on this reflects a specific scenario and is not a > generalization of risk assessment as many have tried to infer.**** > > ** ** > > And with that, if nothing new is introduced, I'm archiving this thread.*** > * > > > **** > > -- > Espi**** > > **** > > ** ** > > On Tue, Aug 6, 2013 at 9:10 AM, Lora Cates <[email protected]> > wrote:**** > > I find it interesting that there are several folks, myself included, that > fail to see your point, yet when pressed for details on specific points you > reply with the deeply insightful "Whatev." and now declare the conversation > ended so you are taking your ball and going home.**** > > ** ** > > Are you just unwilling to explain yourself, or unable?**** > > **** > > -lc > > > > From: [email protected] [mailto: > [email protected]] > > On Behalf Of Micheal Espinola Jr > > Sent: Monday, August 5, 2013 8:35 PM > > > > > > To: [email protected] > > Subject: Re: [NTSysADM] man-in-the-middle attack > > > > > > > > I guess you either see my specific point or you don't. I stated it, and > I'm > > not one to engage in arguments were I just repeat myself because people > are > > choosing to ignore, overlook, or simply disregard my point. If you don't > > agree, don't, and move on. If you dont know what my "specifics" were, > then > > I dont know what to tell you - other than, I guess reread the emails. > > > > > > > > In any event, I'm no longer interested in this topic of conversation, > since > > it stopped actually being one many replies back. > > > > > > -- > > Espi > > > > > > > > > > > > On Mon, Aug 5, 2013 at 5:16 PM, Ken Schaefer <[email protected]> wrote: > > > > What are the characteristics of the “specifics” you’re referring to that > > make a general analysis not applicable? > > > > > > > > I think this is the crux of the issue taken with your original post. > > > > > > > > Cheers > > > > Ken > > > > > > > > From: [email protected] [mailto: > [email protected]] > > On Behalf Of Micheal Espinola Jr > > Sent: Saturday, 3 August 2013 5:00 AM > > > > > > To: [email protected] > > Subject: Re: [NTSysADM] man-in-the-middle attack > > > > > > > > You're continuing to generalize, ignoring the specifics I was referring > to. > > > > > > -- > > Espi > > > > > > > > > > > > On Fri, Aug 2, 2013 at 11:23 AM, Steven M. Caesare <[email protected] > > > > wrote: > > > > Substitute any risk you what in any circumstance you want. > > > > > > > > As long as the odds are > 0 then you have to consider mitigating that > risk… > > it then becomes a matter of cost to do so, the value proposition of which > > depends on the potential damage from the event occuring. > > > > > > > > How unlikely does an event have to be in order to spend $X on it? > > > > > > > > -sc > > > > > > > > From: [email protected] [mailto: > [email protected]] > > On Behalf Of Micheal Espinola Jr > > Sent: Friday, August 2, 2013 11:40 AM > > > > > > To: [email protected] > > Subject: Re: [NTSysADM] man-in-the-middle attack > > > > > > > > Again, apples/oranges. I'm speaking of specific circumstance, and I'm > not > > about to include natural disasters in the debate. You can either choose > to > > see what I'm saying for what I'm saying, or don't. I'm not generalizing. > > I'm speaking of data loss to remote access intrusion. > > > > > > -- > > Espi > > > > > > > > > > > > On Fri, Aug 2, 2013 at 6:53 AM, Steven M. Caesare <[email protected]> > > wrote: > > > >> The odds dont matter if the risk will result in catastrophic loss to the > >> business. > > > > > > > > Sure they do. > > > > > > > > A meteor that wipes out your facility in North America can be mitigated > by > > having a completely redundant $50bil factory in Europe. > > > > > > > > Are you recommending that? > > > > > > > > -sc > > > > > > > > > > > > From: [email protected] [mailto: > [email protected]] > > On Behalf Of Micheal Espinola Jr > > Sent: Wednesday, July 31, 2013 7:55 PM > > > > > > To: [email protected] > > Subject: Re: [NTSysADM] man-in-the-middle attack > > > > > > > > IMO, its a matter of recreational gambling vs. professional (done for a > > living) gambling[1]. You know the odds, or you don't - doesn't matter. > > What matters is if you can continue to profit from the risk. Will the > risk > > hurt the continuity of business operations in terms of revenue loss. The > > extreme example of this is Russian roulette. > > > > > > > > The resulting exposed data in a MitM scenario is unique and has > substantial > > potential. What is important to monetize here is the loss resulting > from a > > MitM attack at all levels of remote access for the organization. > > > > > > > > The odds dont matter if the risk will result in catastrophic loss to the > > business. As someone that has discovered corporate espionage intrusions, > > and systematically prevented the loss of future business deals worth > > millions of dollars (whose loss would have otherwise collapsed the > business) > > - I have a specific view of this issue. The only additional info on this > > that I will provide is that the intrusion allowed a bidding competitor > > access to corporate communications as well as business plans and bidding > > documents. My discoveries led to the prevention of a competitor from > > staying one step ahead of us in business planning and bidding, and > eventual > > Federal prosecution of the intruder. > > > > > > > > > > > > 1. I'm not a gambler, but I have known professional gamblers. > > > > > > -- > > Espi > > > > > > > > > > > > On Wed, Jul 31, 2013 at 4:05 PM, Ken Schaefer <[email protected]> wrote: > > > >> In any event, the odds are irrelevant - the issue is the business risk > of > >> intrusion/loss. > > > > > > > > How can you say that “odds are irrelevant” if the issue is business risk? > > > > > > > > Risk is “potential for loss”, and potential includes a weighting for > > likelihood (i.e. “the odds”)? > > > > > > > > Can you clarify what you mean? > > > > > > > > Cheers > > > > Ken > > > > > > > > From: [email protected] [mailto: > [email protected]] > > On Behalf Of Micheal Espinola Jr > > Sent: Thursday, 1 August 2013 1:43 AM > > > > > > To: [email protected] > > Subject: Re: [NTSysADM] man-in-the-middle attack > > > > > > > > Odds would be very difficult to extrapolate with any legitimate > accuracy, as > > you need to know and control the possible environments and habits of your > > remote employees. In any event, the odds are irrelevant - the issue is > the > > business risk of intrusion/loss. > > > > > > -- > > Espi > > > > > > > > > > > > On Wed, Jul 31, 2013 at 8:07 AM, David Lum <[email protected]> wrote: > > > > I need to present management with the odds of this actually getting > > exploited, as I’d want to force TLS 1.2 for ADFS but that takes Chrome > and > > more importantly Safari (iOS devices) out of the mix, so I suspect > > management might say “we want compatibility instead of protection from > some > > obscure attack that is unlikely to happen. > > > > > > > > In short, what are the odds of a MITM attack actually happening between > my > > remote employee and our ADFS server? > > > > David Lum > > Sr. Systems Engineer // NWEATM > > Office 503.548.5229 // Cell (voice/text) 503.267.9764**** > > ** ** >
