Firewall Wizards mailing list archives
Re: concerning ~el8 / project mayhem
From: Barney Wolff <barney () tp databus com>
Date: Sun, 18 Aug 2002 19:47:11 -0400
Guys, this is taking principle (my email is not worth protecting) to ridiculous lengths. We all know how easy it is to do protected email - either openwebmail over https or imap over tunneled over ssh, or any of the other ways. Your email may not be worth protecting, but wouldn't you get tired of explaining why you didn't care that the script kiddie sent that obscene email from your account? 99% of corporate email is not worth protecting either, but the reputation of the corporation is, and the newspaper article will not mention that the intercepted email was harmless. A "recognized security expert" is going to be a target. Price of fame, and all that. Would you trust an overweight cardiologist? On Sun, Aug 18, 2002 at 03:13:19AM -0400, Paul D. Robertson wrote:
We all know that passwords in the clear can be compromised. We all know that everyone who uses a password can't make the correct risk assessment for their particular environment- that's why the leap is that you're not a "real" security person if you've made that assessment for yourself and come out on the "not worth protecting" side of the fence (How do you expect to get billable hours if you're not going to implement a VPN to check mail? Not admitting the fact that everyone who has e-mail needs a 3DES over quadruple blowfish token-authenticated mail transport is seriously going to hurt the consulting business!)
-- Barney Wolff I'm available by contract or FT: http://www.databus.com/bwresume.pdf _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: concerning ~el8 / project mayhem, (continued)
- Re: concerning ~el8 / project mayhem Anton Chuvakin (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Josh Welch (Aug 21)
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Re: concerning ~el8 / project mayhem Adam Shostack (Aug 23)
- Message not available
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 18)
- RE: concerning ~el8 / project mayhem Bill Royds (Aug 18)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 18)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)
- Re: concerning ~el8 / project mayhem Darren Reed (Aug 18)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 19)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Tina Bird (Aug 19)
- Re: concerning ~el8 / project mayhem Adam Shostack (Aug 19)
- Re: concerning ~el8 / project mayhem Nate Campi (Aug 19)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)