nanog mailing list archives
Re: How to get better security people
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Tue, 26 Mar 2002 22:00:05 +0000 (GMT)
Date: Tue, 26 Mar 2002 12:56:39 -0500 (EST) From: batz <batsy () vapour net>
(snip)
Nimda and CodeRed were excellent indicators of how a good security policy can be a competetive edge during (increasingly common) global incidents. Hopefully we will see more security folks pressing this message, and more decision makes hearing it.
Sun Tzu and Lao Tze in the 3967/3561 thread... ...anyone else read Demming or other TQM proponents? Visible numbers only syndrome is the problem with many people's attitudes toward security... I could name a local (Wichita) company that for the longest time was running IIS4 + SP5, vulnerable to the iishack buffer overrun. They stored their websites and company files on said machine. The goons^H^H^H^H^Hconsultants who set it up gave a big "it's secure because it's NT -- look, it asks for passwords" spiel that management bought. Even after one of their employees _demonstrated_ how an arbitrary person could break in. Response? "We're not that big... nobody would be that interested in us." Warnings about random scans fell on deaf ears. Service patches were never applied. When some suspicious happenings left said server inoperable, they just installed Win2000 and went on, not caring what had happened or why. No, I was not the employee. A friend of mine worked there before getting fed up and quitting. "If it works, it must be right," versus, "It doesn't truly work unless it's right." I find it amusing how the same people keep who keep things under tight physical lock and key are so lax and apathetic about electronic security. As Demming said, "People who buy on price alone deserve to get rooked." Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist () brics com> To: blacklist () brics com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist () brics com>, or you are likely to be blocked.
Current thread:
- Re: PacBell Security/Abuse contact, (continued)
- Re: PacBell Security/Abuse contact Jeremy T. Bouse (Mar 25)
- Message not available
- Re: PacBell Security/Abuse contact Daniel M. Spielman (Mar 25)
- Re: PacBell Security/Abuse contact Todd Suiter (Mar 25)
- Re: PacBell Security/Abuse contact Walter Prue (Mar 25)
- RE: PacBell Security/Abuse contact Cheung, Rick (Mar 25)
- Re: PacBell Security/Abuse contact Jon Mansey (Mar 25)
- Re: PacBell Security/Abuse contact Patrick (Mar 25)
- RE: PacBell Security/Abuse contact Eric Whitehill (Mar 25)
- How to get better security people Sean Donelan (Mar 25)
- Re: How to get better security people batz (Mar 26)
- Re: How to get better security people E.B. Dreger (Mar 26)
- Re: PacBell Security/Abuse contact Jon Mansey (Mar 25)
- Re: PacBell Security/Abuse Contact Eric Brandwine (Mar 25)
- Re: PacBell Security/Abuse Contact Sean Donelan (Mar 25)
- RE: PacBell Security/Abuse contact Todd Suiter (Mar 25)