| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3F50369F.40200@brvenik.com> From: security at brvenik.com (security@...enik.com) Subject: My life sucks - was Re: Authorities eye MSBlaster suspect I must say, you folk are over worked and I think that you harbor a slight grudge because of it. > In case anybody thinks that XX is somehow bragging, forget it. The > many roles he is expected to fulfill are typical in a university > environment. There *is* no such thing as "an intrusion detection > specialist". Everyone in edu wears many hats - most of which are > fulltime jobs in their own right. An example was given where projects were on hold for whatever reason. I believe those projects were impacted severely by a lack of productivity while the network was down too. To take it a little bit further, a lot of other projects that generate the revenue that contribute to the grants that fund the projects were impacted because of the insecurity of systems as a whole. I think we can all agree that the EDU is as damaging as the high speed home user in this respect. The issue I take is that the EDU has an opportunity to mitigate these issues in part through policy and education. The home user is a much more difficult challenge. >> And you can't weasel out by saying "Hire somebody else to do that other >> stuff" or "hire somebody else to do security" - the point is that if we >> did hire somebody else, then we'd only have 1 person of the 2 available >> for productive work. If we didn't have to keep spending resources on >> security, BOTH people would be available then. > Kudos to all administrators for taking on the task of managing and running a challenging environment. I fear that the probems you face are not easily resolved at your level and that there is a lot more work to be done to raise the awareness at all levels. You have chosen to take on this challenge by your decision to continue to work there, please quit telling us how difficult it is and why you cannot do it and spend that time doing it and explaining how you did it. I understand that it will take longer and I understand that it is frustrating and I understand that it is... Truth is you choose to continue to work there and be security aware so please contribute to the solution and not defend your problems. > That's won't stop anyone from trying though. They actually think > "security" is the stuff you *should* be doing, not helping your users > be more productive. Like it or not security is a part of the job and failure to execute is not just your problem, we all feel the impact. Don't like the work, change your life, go sell something at your local retail store and have fun every day when you are off instead of should be off. I believe that _proper_ security will help your users be more productive, not just the act of patching and patching but employing the methodologies behind proper security. What would have been the impact to productivity had this worn of the day deleted all .doc files and then filled the ramaining disk with random chars? People sit here on this list defending the problems and issues they face giving those that might be facing similar problems a reason to ignore it because XYZ is not solving it either. The reaity is that you can be by presenting how you solved problems given the limited budget and resources available and help those facing similar challenges instead of giving them reasons to ignore them and complaining all the time. Tis all I am going to sat about that.
Powered by blists - more mailing lists