lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu Feb 16 23:36:08 2006
From: bpasdar at igxglobal.com (Babak Pasdar)
Subject: Your neighbor's security is critical to your
	security


Steve,

My point with this write up was to offer a different perspective on a
problem most of us are aware of.  

No I am not a fan of the Patriot Act, I consider it useless and an
infringement on our rights.  And getting a politician involved will only
make the situation worse and I am certain a new tax will come out of it.

However I do believe that there are LOTS of compromised, hijacked and
infected systems out there at some level.  Moreover I do believe there
are lots of sympathetic people out there who are willing to lend their
resources without understanding the mechanism or ramifications.

I believe I did provide facts for the following points:

1. What everybody already know.  Good practices on the part of vendors
and users.  This is a given and I am sure you can agree with this.

2. Be a good neighbor.  This is a HUGE point.   America (and this
includes SBC) is a target rich environment and it will take a community
effort of behavior, process, and practices to just protect our systems
from internal threats, not to mention external ones.  The example I
provided actually happened so no game of Dungeons and Dragons there.  As
was the case with the Palestinians, any one who is sympathetic to a
cause could globally collaborate to hit us right in the pocket.

As far as what the answer is, I'll admit, I don't know. That is why I
posted to get the engagement and involvement of the smart folks on this
group.  Maybe a solution already exists that I am not aware of.  I would
love to be enlightened.  

Thank you for your response and feedback.  Thank you for your passion!

Sincerely,

Babak Pasdar
Founder / Chief Technology & Information Security Officer

Support the Daily Security Briefing Web Site and Register Here:
http://dsb.igxglobal.com

For this week's DSB/Week-in-Review Audio/Video Security Report:
http://dsb.igxglobal.com/news.php?item.50.4

To register for a Daily Security Intelligence e-mail:
http://www.igxglobal.com/dsb/register.html

Get your security news via Podcast:
http://dsb.igxglobal.com/page.php?11





On Thu, 2006-02-16 at 14:45 -0800, Steve Kudlak wrote:
> Trying to be gentle here, what are your proposed fixes other than a 
> homey proverb and a few
> examples.  I certainly don't want a certrally controlled internet with 
> someone looking over it.
> You could try to convince  people to people they should be careful on 
> what they click. There are
> lots of things on the net that say  "if you are irritated about say for 
> example, the Patriot Act, click
> here and we will send a post card to your representative or senator. Now 
> the effect this had was
> that most senators began to ignore their email. So this has happened in 
> the lowly world of a paper
> mail being sent. This by the way is my grumble about "grassroots 
> movements" fail because they often
> to convince their representatives that the ideas they hold have sense 
> rather than being a large amount
> of worked up people. Of course my counter argument has the other side 
> does the same thing of working
> people up and trying to get them to accept a bunch of politicies that 
> are not based on reality.
> 
> That is why I pretty much expect people to present a reasonable and 
> concrete plan against what
> they are worried about, and that they establish what they are worried 
> about is a reasonable thing
> to be worried about. I dount you can convince 2% of the Internet to 
> click something to bother
> someone iof they realize it could be done to them too.The question is 
> what you hope are the proper
> steps to defend against a credible set of threats.
> 
> I really think there are threats out there but that much of the whole 
> "White Hat", "Black Hat" and if you
> wiill "Yellow Hat" or "Red Hat" Community is about as real as Dungeons 
> and Dragons games that
> spawned the terms. This whole idea of the millions and millions of 
> compromised machines maybe a
> bit exaggerrated. I am sure somc set of bored bright teens could have a 
> bit of fun trying to take down sbcglobal for fun by
> pinging it  or something elese to prove their mispelling of "hacker" 
> prowess. to yours truly but as far as I am concerned
> vague fears are vague fears until someone actually nails it down. 
> Elsewise it gets to be like all these "Sleeper
> Cells" we are supposed to be worried about so we will sell all our 
> rights down the river.
> 
> I am sure encouraging people to be a little more cautious and all that 
> is a good thing. PLease however
> try to provide some real facts to back up your points.
> 
> Have Fun,
> Sends Steve
> 
> 
> 
> 
> Babak Pasdar wrote:
> 
> >Here is a recent blog entry on why your neighbor's security is important
> >to your organization's security.
> >
> >
> >When I was a child, my mother would share with me a proverb about a
> >woman who lived in a large village. This woman was, using today's terms,
> >a clean freak. She would clean her house day and night, inside and out,
> >but it still would not be clean. So she went to the village elder and
> >asked what she could do so that her house would finally be clean.
> >
> >The elder responded, if you want your house to be clean, you should talk
> >to your neighbors and make sure their homes are clean. This was
> >surprising to the woman who asked why her neighbor's cleanliness would
> >affect her?
> >
> >The elder shared that if the area around her house is clean then there
> >will be less dirt that can find it's way into her house.
> >
> >The same holds true with technology security. So many organizations are
> >extremely engaged in making their security the best it can be. Despite
> >any efforts, what would happen if only 2% of the Internet decided to
> >Ping your site or systems at the same time. Regardless of the capacity
> >you boast and the big boxes in your environment, you would go down for
> >that moment. 
> >
> >Read the rest here...
> >http://dsb.igxglobal.com/plugins/content/content.php?content.39
> >
> >
> >Babak Pasdar
> >Founder / Chief Technology & Information Security Officer
> >
> >Support the Daily Security Briefing Web Site and Register Here:
> >http://dsb.igxglobal.com
> >
> >For this week's DSB/Week-in-Review Audio/Video Security Report:
> >http://dsb.igxglobal.com/news.php?item.50.4
> >
> >To register for a Daily Security Intelligence e-mail:
> >http://www.igxglobal.com/dsb/register.html
> >
> >Get your security news via Podcast:
> >http://dsb.igxglobal.com/page.php?11
> >
> >  
> >
> >------------------------------------------------------------------------
> >
> >
> >
> >_________________________________
> >igxglobal utilizes state of the art technology from PGP to ensure the safeguard of all electronic correspondences.  This message could have been secured by PGP Universal. To secure future messages from this sender, please click this link and contact your representative at igxglobal for further information:
> >
> >https://keys.igxglobal.com/b/b.e?r=full-disclosure%40lists.grok.org.uk&n=4Njq7juzEf1Yn9MHjRn9Ow%3D%3D
> >
> >
> >
> >
> >  
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> >
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060216/46cc5781/attachment.bin
-------------- next part --------------


_________________________________
igxglobal utilizes state of the art technology from PGP to ensure the safeguard of all electronic correspondences.  This message could have been secured by PGP Universal. To secure future messages from this sender, please click this link and contact your representative at igxglobal for further information:

https://keys.igxglobal.com/b/b.e?r=full-disclosure%40lists.grok.org.uk&n=4Njq7juzEf1Yn9MHjRn9Ow%3D%3D

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ