Security Basics mailing list archives

RE: A reminder that security is not inherently solvable with tech nology

From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Fri, 24 Oct 2003 12:02:15 -0600

The fact is that in the US, an individual would likely be arrested for even
threatening to release this information.  The problem with the countries
overseas is that US laws, especially the privacy laws, are virtually
unenforcable.  While the activity of releasing that information it illegal
in the US, it is not usually illegal in another country, therefore, even if
the individual released that information while residing in his native
country, his actions would be entirely lawfull, and even under extradition
treaties, the US would have little or no recourse in sequestering that
information, which is a huge problem.

Just my 2c.

Eric 

-----Original Message-----
From: Tsai Li Ming [mailto:mailinglist () ltsai com]
Sent: Friday, October 24, 2003 2:26 AM
To: security-basics () securityfocus com
Subject: RE: A reminder that security is not inherently solvable with
technology


I would like to point out another side of the story. I would agree that
privilege information shouldn't be outsourced. It shouldn't even be
outsourced to another company, whether local or overseas. On the other hand,
we should bear in mind that off shoring a job does not necessary mean that
it is less secure. A disgruntled local employee could do the same thing.
What makes a local employee more trustworthy than an offshore worker?

You can have the best security in place but it can be compromised by a
single employee. Can we ever replace trust with technology?

Liming



-----Original Message-----
From: jm [mailto:jm () mindless com] 
Sent: 24 October 2003 6:26 AM
To: JGrimshaw () ASAP com
Cc: security-basics () securityfocus com
Subject: RE: A reminder that security is not inherently solvable with
technology


Very valid points, particularly in the UK as one of the biggest banks,
"The world's local bank" has decided to lay off 4500 UK workers to
offshore staff to offshore centers in asia.

I am based in the Isle of Man, and recently had an conversation with the
local Data Protection officer.  

The new Data Protection Act 2002, implies that countries outside the EU,
US, and Australia are considered to not have appropriate protection
mechanisms in place, and therefore confidential (personal) information
should not be transmitted to anywhere outside these countries.

I would be interested in learning if anyone reading the list, has any
comments about how the UK/EU/Any legislation permits for the accessing
of personal indetifiable information outside these areas in an
offshoring type operation? Which would to an extent protect against the
incident mentioned on the below URL....

Thanks

JM

-----Original Message-----
From: JGrimshaw () ASAP com [mailto:JGrimshaw () ASAP com] 
Sent: 23 October 2003 14:50
Cc: security-basics () securityfocus com
Subject: A reminder that security is not inherently solvable with
technology

http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/10/22/MNGCO2FN8
G1.DTL

This article was posted on Slashdot today; I believe it speaks volumes. 
You can defend your network against all known aggressors, and yet this 
simple common denominator reduces the security threshold to zero. 

------------------------------------------------------------------------
---
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes?
Download ClearSight Network's Analyzer and see a new network analysis
tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_
031021
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download
ClearSight Network's Analyzer and see a new network analysis tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310
21
----------------------------------------------------------------------------





---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download
ClearSight Network's Analyzer and see a new network analysis tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310
21
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new 
network analysis tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
----------------------------------------------------------------------------

Current thread:

RE: A reminder that security is not inherently solvable with tech nology Randy Golly (Oct 24)
- Re: A reminder that security is not inherently solvable with technology Steve (Oct 24)
- <Possible follow-ups>
- RE: A reminder that security is not inherently solvable with tech nology Gene LeDuc (Oct 24)
- RE: A reminder that security is not inherently solvable with tech nology Hagen, Eric (Oct 24)
  - RE: A reminder that security is not inherently solvable with tech nology Paul O'Malley (Oct 27)
    - Re: A reminder that security is not inherently solvable with technology Meritt James (Oct 27)