Apparently my attempt at humor was poorly timed. (again) My apologies. Carry on with your regular duties.
- WJR On Tue, Aug 6, 2013 at 1:31 PM, William Robbins <dangerw...@gmail.com>wrote: > Hey Lora, > > I have a side bet going that you can help me with if you please. Are you > really -sc? > > > - WJR > > > On Tue, Aug 6, 2013 at 11:10 AM, Lora Cates <lora.ca...@rocketmail.com>wrote: > >> I find it interesting that there are several folks, myself included, that >> fail to see your point, yet when pressed for details on specific points you >> reply with the deeply insightful "Whatev." and now declare the conversation >> ended so you are taking your ball and going home. >> >> Are you just unwilling to explain yourself, or unable? >> >> -lc >> >> >> >> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.** >> myitforum.com <listsad...@lists.myitforum.com>] >> > On Behalf Of Micheal Espinola Jr >> > Sent: Monday, August 5, 2013 8:35 PM >> > >> > >> > To: ntsysadm@lists.myitforum.com >> > Subject: Re: [NTSysADM] man-in-the-middle attack >> > >> > >> > >> > I guess you either see my specific point or you don't. I stated it, >> and I'm >> > not one to engage in arguments were I just repeat myself because people >> are >> > choosing to ignore, overlook, or simply disregard my point. If you >> don't >> > agree, don't, and move on. If you dont know what my "specifics" were, >> then >> > I dont know what to tell you - other than, I guess reread the emails. >> > >> > >> > >> > In any event, I'm no longer interested in this topic of conversation, >> since >> > it stopped actually being one many replies back. >> > >> > >> > -- >> > Espi >> > >> > >> > >> > >> > >> > On Mon, Aug 5, 2013 at 5:16 PM, Ken Schaefer <k...@kj.net.au> wrote: >> > >> > What are the characteristics of the “specifics” you’re referring to that >> > make a general analysis not applicable? >> > >> > >> > >> > I think this is the crux of the issue taken with your original post. >> > >> > >> > >> > Cheers >> > >> > Ken >> > >> > >> > >> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.** >> myitforum.com <listsad...@lists.myitforum.com>] >> > On Behalf Of Micheal Espinola Jr >> > Sent: Saturday, 3 August 2013 5:00 AM >> > >> > >> > To: ntsysadm@lists.myitforum.com >> > Subject: Re: [NTSysADM] man-in-the-middle attack >> > >> > >> > >> > You're continuing to generalize, ignoring the specifics I was referring >> to. >> > >> > >> > -- >> > Espi >> > >> > >> > >> > >> > >> > On Fri, Aug 2, 2013 at 11:23 AM, Steven M. Caesare < >> scaes...@caesare.com> >> > wrote: >> > >> > Substitute any risk you what in any circumstance you want. >> > >> > >> > >> > As long as the odds are > 0 then you have to consider mitigating that >> risk… >> >> > it then becomes a matter of cost to do so, the value proposition of >> which >> > depends on the potential damage from the event occuring. >> > >> > >> > >> > How unlikely does an event have to be in order to spend $X on it? >> > >> > >> > >> > -sc >> > >> > >> > >> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.** >> myitforum.com <listsad...@lists.myitforum.com>] >> > On Behalf Of Micheal Espinola Jr >> > Sent: Friday, August 2, 2013 11:40 AM >> > >> > >> > To: ntsysadm@lists.myitforum.com >> > Subject: Re: [NTSysADM] man-in-the-middle attack >> > >> > >> > >> > Again, apples/oranges. I'm speaking of specific circumstance, and I'm >> not >> > about to include natural disasters in the debate. You can either >> choose to >> > see what I'm saying for what I'm saying, or don't. I'm not >> generalizing. >> > I'm speaking of data loss to remote access intrusion. >> > >> > >> > -- >> > Espi >> > >> > >> > >> > >> > >> > On Fri, Aug 2, 2013 at 6:53 AM, Steven M. Caesare <scaes...@caesare.com >> > >> > wrote: >> > >> >> The odds dont matter if the risk will result in catastrophic loss to >> the >> >> business. >> > >> > >> > >> > Sure they do. >> > >> > >> > >> > A meteor that wipes out your facility in North America can be mitigated >> by >> > having a completely redundant $50bil factory in Europe. >> > >> > >> > >> > Are you recommending that? >> > >> > >> > >> > -sc >> > >> > >> > >> > >> > >> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.** >> myitforum.com <listsad...@lists.myitforum.com>] >> > On Behalf Of Micheal Espinola Jr >> > Sent: Wednesday, July 31, 2013 7:55 PM >> > >> > >> > To: ntsysadm@lists.myitforum.com >> > Subject: Re: [NTSysADM] man-in-the-middle attack >> > >> > >> > >> > IMO, its a matter of recreational gambling vs. professional (done for a >> > living) gambling[1]. You know the odds, or you don't - doesn't matter. >> > What matters is if you can continue to profit from the risk. Will the >> risk >> > hurt the continuity of business operations in terms of revenue loss. >> The >> > extreme example of this is Russian roulette. >> > >> > >> > >> > The resulting exposed data in a MitM scenario is unique and has >> substantial >> > potential. What is important to monetize here is the loss resulting >> from a >> > MitM attack at all levels of remote access for the organization. >> > >> > >> > >> > The odds dont matter if the risk will result in catastrophic loss to the >> > business. As someone that has discovered corporate espionage >> intrusions, >> > and systematically prevented the loss of future business deals worth >> > millions of dollars (whose loss would have otherwise collapsed the >> business) >> > - I have a specific view of this issue. The only additional info on >> this >> > that I will provide is that the intrusion allowed a bidding competitor >> > access to corporate communications as well as business plans and bidding >> > documents. My discoveries led to the prevention of a competitor from >> > staying one step ahead of us in business planning and bidding, and >> eventual >> > Federal prosecution of the intruder. >> > >> > >> > >> > >> > >> > 1. I'm not a gambler, but I have known professional gamblers. >> > >> > >> > -- >> > Espi >> > >> > >> > >> > >> > >> > On Wed, Jul 31, 2013 at 4:05 PM, Ken Schaefer <k...@kj.net.au> wrote: >> > >> >> In any event, the odds are irrelevant - the issue is the business risk >> of >> >> intrusion/loss. >> > >> > >> > >> > How can you say that “odds are irrelevant” if the issue is business >> risk? >> > >> > >> > >> > Risk is “potential for loss”, and potential includes a weighting for >> > likelihood (i.e. “the odds”)? >> > >> > >> > >> > Can you clarify what you mean? >> > >> > >> > >> > Cheers >> > >> > Ken >> > >> > >> > >> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.** >> myitforum.com <listsad...@lists.myitforum.com>] >> > On Behalf Of Micheal Espinola Jr >> > Sent: Thursday, 1 August 2013 1:43 AM >> > >> > >> > To: ntsysadm@lists.myitforum.com >> > Subject: Re: [NTSysADM] man-in-the-middle attack >> > >> > >> > >> > Odds would be very difficult to extrapolate with any legitimate >> accuracy, as >> > you need to know and control the possible environments and habits of >> your >> > remote employees. In any event, the odds are irrelevant - the issue is >> the >> > business risk of intrusion/loss. >> > >> > >> > -- >> > Espi >> > >> > >> > >> > >> > >> > On Wed, Jul 31, 2013 at 8:07 AM, David Lum <david....@nwea.org> wrote: >> > >> > I need to present management with the odds of this actually getting >> > exploited, as I’d want to force TLS 1.2 for ADFS but that takes Chrome >> and >> > more importantly Safari (iOS devices) out of the mix, so I suspect >> > management might say “we want compatibility instead of protection from >> some >> > obscure attack that is unlikely to happen. >> > >> > >> > >> > In short, what are the odds of a MITM attack actually happening between >> my >> > remote employee and our ADFS server? >> > >> > David Lum >> > Sr. Systems Engineer // NWEATM >> > Office 503.548.5229 // Cell (voice/text) 503.267.9764 >> > >