Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Shame on you NIST for DoS

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Oct 2013 08:11:58 +0000 (UTC)
Forwarded from: Dean Bushmiller <dean.bushmiller (at) expandingsecurity.com>
The Painpill- because no one takes vitamins regularly. This is a weekly security discussion and sometimes rant with a commercial at the end for training. 


Government shutdown, fiscal cliff...
Everyone is talking about the government shutdown. It is important. I don’t want to play the blame-game, but I do want to talk about what I feel is an unnecessary Denial of Service attack by NIST on all of us. 

Let’s frame the conversation with a few questions?
If you go on vacation or a break, Do you turn off your web server or website?
If you cannot afford your power bill, do you light a neon sign that says "We're Closed" ?
If you set up your website and find you cannot do updates, Do you tear the whole site down?
Everyone reading this would likely say NO to all the above. NIST said YES due to the government shutdown. 


Why are SP800 documents important?
We all use the collective guidance of Special Publications to direct security decisions. For Expanding Security, we use Special Publications as part of classes. I share their importance and always tell students to get a copy. These documents were created and paid for with U.S. tax dollars. Done. Access to the documents should be… accessible no matter what current political problem is occurring.
Here's the thing, it costs nothing to let a website run. Well OK it costs server time and electricity. So if you ran out of money, you would turn off the server. But NIST tore down the main page and put up a big fat FINGER to all of us. What do I mean?
The server doesn’t need to have a person feeding it data; there is no person on the other side of the server waiting to hand me my SP800-37.pdf. The documents and pages once built do not need any support. 


The correct way?
I would have total respect for NIST if they turned off the server because they ran out of funding. But to leave it running and DoS people who need pages is just wrong. It goes against everything that information technology is about.
Hey NIST if it's really about running out of money, turn off your server instead of flipping everybody off. 


--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: