Re: Re-write with security in mind all ops.

[Valdis.Kletnieks () vt edu]

On Mon, 23 Aug 2004 14:22:42 PDT, "Gregory A. Gilliss" said:

> People, believe it or not, before there was Dubya, before there were mad
> rag heads disgracing one of the world's most civilized religions, before 
> Sir Tim Berners-Lee <Gack> 'invented' the Web, there was a network of people
> who shared information pretty freely and who, occasionally, would shell
> out of an app and gain root somewhere. All in all, it wasn't bad at all.

Yes.. I was around in that day and age.  However, I'll also note that by and
large, the people who would occasionally shell out weren't the sort of people
who were actively trying to blow me up.

Also, calling them "mad rag heads" is a bad idea - considered as a purely
military matter, they managed to pull off an operation that caused 3,000+
casualties on our side and only 19 on theirs.  Militarily, we got our butts
kicked.  And 3 years later, after invading 2 countries, we still don't even
know where their leader is. They're tech-savvy, using crypto to good effect,
and ditched their use of cell phones when they learned we knew how to track
them.  Consider that a very large chunk of our info was only obtained when
we accidentally busted our own mole in the organization - what does that
tell you about relative skill levels?

ObSecurity:  Demeaning the enemy with labels may be good training for Marines,
where dehumanizing the enemy to make it easier to kill them in combat may be a
good idea. It's a bad idea when trying to out-guess a clever opponent's next
move, when you know beforehand they're at least as clever as you.

> Now we have "no unencrypted links" which is a nice way of saying "I bet
> I can keep you off my swings". Funny how someone with a citigroup.com
> email is making such bold security claims. Two words - Vladimir Levin.

On the other hand, note that Citigroup is a bank and financial services
organization.

Would *YOU* trust a bank that *didnt* say "I bet I can keep you off my
swings/vaults/account info"?  Would you trust a bank that didn't do all
reasonable steps to secure themselves (and in this day and age, there's little
to no excuse for an unencrypted link for critical data)?

Personally, if I found my bank *wasnt* making such "bold security claims",
I'd find a new bank quickly....

> In case you haven't figured it out yet from the caustic replies you've
> received, around here the only credibility is clue. Abbreviations and 
> boasting count for diddly.

One of the more ironic things I've seen on this list to date....

Attachment: _bin
Description: