| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <35705.1211580058@turing-police.cc.vt.edu>
Date: Fri, 23 May 2008 18:00:58 -0400
From: Valdis.Kletnieks@...edu
To: Daniel Sichel <daniels@...derosatel.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Thank you for help with management.
On Fri, 23 May 2008 14:26:07 PDT, Daniel Sichel said:
> Thank you to all who responded to my request for how to deal with a non
> secure server. Responses ranged from lol witty to incisive. I will
> definitely be asking the general manager for a key to his house and I
> will be requiring a release from liability in writing. It was very
> helpful, thank you all again.
Just keep in mind, that *sometimes* you *do* want to give people a key to
the house/office/etc - for instance, if you're going on vacation, you'll
likely want to give a key to whoever is petsitting for you.
The important question is *why* is said person getting access, what the
risks and benefits are, and if there's other ways to achieve the goal (for
instance, you may not need to have somebody stop by to feed your fish if
one of those 7-day feeder blocks will work)...
When I suggested "Ask him if he'd give people keys to the office", the
*expected* response is "But the cleaning crews have keys.." or similar - which
lets you get the *discussion* going of who has what access and why...
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists