Security Basics mailing list archives
Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."
From: Jason Muskat <Jason () TechDude Ca>
Date: Sat, 20 May 2006 17:33:38 -0400
Hello, Herein lays the issue. If ones security systems is only 95% effective... One has 1,000,000 customers then it is expected that 50,000 of these customers will have there data exposed. As a customer this is NOT acceptable. I prefer to deal with only companies that protect, and have a good record with consumer data. If your local Telco can offer 99.995% uptime why shouldn't security. Regards, -- Jason Muskat | GCUX - de VE3TSJ ____________________________ TechDude e. Jason () TechDude Ca m. 416 .414 .9934 http://TechDude.Ca/
From: Stephen John Smoogen <smooge () gmail com> Date: Wed, 17 May 2006 17:07:18 -0600 Cc: <security-basics () securityfocus com> Subject: Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." On 5/16/06, Jason Muskat <Jason () techdude ca> wrote:Hello, Security has to be correct 100% of the time. One omission can lead to an exposure. Count yourself lucky that your vulnerabilities haven't been exposed (that you know of -- Think Ohio State's exposure <http://www.ohio.edu/datatheft/alumni/index.cfm>). Many organizations cover up (do not report to governmental authorizes) every exposure that occurs. This is the norm.The only 100% correct all the time system is the one that has been turned off and buried in a Nickel lined concrete bunker 100 feet from anything. You are going to be lucky if you see 95% of the time over say a year that you are not going to see some sort of breach somewhere on any large system. That doesnt mean you do not try to protect to your best ability, but you also need to make sure that you are prepared for what happens when the breach occurs. And that means beyond "Cover our butt and point our fingers at xyz user, contractor, etc as the source of the problem" -- Stephen J Smoogen. CSIRT/Linux System Administrator
Current thread:
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Bob Radvanovsky (May 12)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 17)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Stephen John Smoogen (May 20)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 23)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Angela and Donald (May 24)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 24)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- <Possible follow-ups>
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Bob Radvanovsky (May 23)