[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sick of stupid analogies

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Sick of stupid analogies
From: Byron Copeland <nodialtone@xxxxxxxxxxx>
Date: 20 Sep 2004 18:22:47 -0400

And... I'll give this one a + -10

-b

On Mon, 2004-09-20 at 17:44, Stryc9 _ wrote:
> What is with the current state of debate in the Information Technology
> sector? Why does every post seem to follow the very illogical and
> seemingly uneducated format of:
> 
> 1.) point
> 2.) bad, stupid analogy
> 3.) ???
> 4.) I am right!!
> 
> Stop using farking analogies!! You aren't talking to your IT director
> or Project Manager here... we all understand the issues and the
> technology surrounding them.
> 
> All further communications containing analogies will be moderated -5 Retarted.
> 
> On Mon, 20 Sep 2004 14:57:13 -0400, glenn_everhart@xxxxxxxxxxx
> <glenn_everhart@xxxxxxxxxxx> wrote:
> > Think of this not so much as criminal vs. noncriminal but in warfare
> > terms. Security defenders have to design fortifications to keep out
> > attackers.
> > 
> > If I am trying to build field fortifications and my forces have captured
> > one of the enemy's designers of attacks, I might very reasonably want to
> > pick his brain to help me get better defensive designs.
> > 
> > That doesn't mean I will (or should) believe he has come over to my side
> > of the conflict, nor does it mean I would have him design any part of my
> > defenses, lest he build in weaknesses. Yet if I tell him of various defenses
> > and he tells me of attacks on them which I had not considered, I may find
> > value in his advice. What I have to validate for myself, even though I
> > distrust its source, still has some usefulness.
> > 
> > The thing is, if I am fighting a war I can probably find people to guard 
> > this
> > guy and make sure he doesn't see anything but what I show him, and keep him
> > from escaping back to rejoin or inform his old friends.
> > 
> > A company wanting to do this had better be more confident than most in its
> > ability to build internal barriers to information, and in its ability to
> > watch what of its sensitive information gets into the enemy or ex-enemy
> > hands, and what leaves them for where.
> > 
> > They should remember: if the captured enemy designer should retain his old
> > loyalty and report their secrets to other enemies, the value of that 
> > company's
> > secrets will be lost.
> > 
> > So how good is the internal security being practiced by the hiring firm?
> > Does this indicate, perhaps, some overconfidence?
> > 
> > Glenn Everhart
> > 
> > 
> > 
> > -----Original Message-----
> > From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> > [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of Harlan
> > Carvey
> > Sent: Monday, September 20, 2004 1:20 PM
> > To: full-disclosure@xxxxxxxxxxxxxxxx
> > Subject: RE: [Full-Disclosure] Scandal: IT Security firm hires...
> > 
> > > > Does it not strike anyone that there is a
> > > disturbing trend in
> > > > malicious hackers (yes, yes, I know, they are not
> > > hackers if
> > > > they are malicious, so call em whatever you want)
> > > getting
> > > > hired to security firms,
> > 
> > Regardless of the reason for hiring these individuals,
> > this fact should be noted by any organization subject
> > to legal or regulatory compliance with regards to
> > computer/information security.  While the laws in the
> > US do not specifically stipulate that reputable firms
> > must be used when seeking compliance with vuln/risk
> > assessments, etc., one would hope that the
> > professional reputation of the assessing firm would be
> > considered, as well.
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > 
> > 
> > **********************************************************************
> > This transmission may contain information that is privileged, confidential 
> > and/or exempt from disclosure under applicable law. If you are not the 
> > intended recipient, you are hereby notified that any disclosure, copying, 
> > distribution, or use of the information contained herein (including any 
> > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission 
> > in error, please immediately contact the sender and destroy the material in 
> > its entirety, whether in electronic or hard copy format. Thank you
> > **********************************************************************
> > 
> > 
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-- 

-- Unix is sexy. "find", "talk", "unzip", "strip", "touch", "finger", 
"mount", "split", "unmount", "sleep".

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Scandal: IT Security firm hires...
  - From: Glenn_Everhart
- Re: [Full-Disclosure] Sick of stupid analogies
  - From: Stryc9 _

Prev by Date: Re: [Full-Disclosure] JPG worm!
Next by Date: [Full-Disclosure] [ GLSA 200409-25 ] CUPS: Denial of service vulnerability
Previous by thread: Re: [Full-Disclosure] Sick of stupid analogies
Next by thread: Re: [Full-Disclosure] Sick of stupid analogies
Index(es):
- Date
- Thread