Re: concerning ~el8 / project mayhem

[Barney Wolff <barney () tp databus com>]

Guys, this is taking principle (my email is not worth protecting)
to ridiculous lengths.  We all know how easy it is to do protected
email - either openwebmail over https or imap over tunneled over
ssh, or any of the other ways.  Your email may not be worth protecting,
but wouldn't you get tired of explaining why you didn't care that the
script kiddie sent that obscene email from your account?

99% of corporate email is not worth protecting either, but the
reputation of the corporation is, and the newspaper article will not
mention that the intercepted email was harmless.

A "recognized security expert" is going to be a target.  Price of fame,
and all that.  Would you trust an overweight cardiologist?

On Sun, Aug 18, 2002 at 03:13:19AM -0400, Paul D. Robertson wrote:
> We all know that passwords in the clear can be compromised.  We all know 
> that everyone who uses a password can't make the correct risk assessment 
> for their particular environment- that's why the leap is that you're not a 
> "real" security person if you've made that assessment for yourself and 
> come out on the "not worth protecting" side of the fence (How do you expect to 
> get billable hours if you're not going to implement a VPN to check mail? 
>  Not admitting the fact that everyone who has e-mail needs a 3DES over 
> quadruple blowfish token-authenticated mail transport is seriously going 
> to hurt the consulting business!)

-- 
Barney Wolff
I'm available by contract or FT:  http://www.databus.com/bwresume.pdf
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards