On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote:
You don't want "the securest implementation". You want one that's
"secure enough" while still allowing the job to get done. You also don't
want to be *paying* for more security than you actually need. Note that
the higher price paid to the vendor is
On Tue, 7 Oct 2008, Steven M. Bellovin wrote:
On Tue, 7 Oct 2008 14:07:04 -0400 (EDT)
Sean Donelan <[EMAIL PROTECTED]> wrote:
On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote:
On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said:
What about exceeding the minimum requirements for a change.
(I think
I think I may have found a spin for the political statements: With the
USA government so focused on blaming "axis of evil" countries for all
its woes, perhaps the statement was really meant to say that should
setup some botnet attack against our systems, the USA
would retaliate by setting up a bot
We've got plenty of military toyz we could level at Redmond...
_H*
J. Oquendo wrote:
Too many companies and individuals rely far
too heavily on a false and outdated concept of the definition of
"minimum requirements" when it comes to security. They tend to
think they need to implement the minimum requirements and all will
be fine. This is evident in almost all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Oct 7, 2008 at 11:55 AM, <[EMAIL PROTECTED]> wrote:
> On Tue, 07 Oct 2008 14:13:08 EDT, "Steven M. Bellovin" said:
>
>> Right. The US government is a *huge* operation. Suppose you were the
>> CIO or the CSO for the US government (excluding
On Tue, 07 Oct 2008 13:23:20 CDT, "J. Oquendo" said:
> Contractors should be held accountable for breaches in an
> infrastructure. Before awarding a contract, I would do my best
> to have the wording changed from "minimum requirements" to
> securest implementation. Whether this securest implementa
On Tue, 07 Oct 2008 14:13:08 EDT, "Steven M. Bellovin" said:
> Right. The US government is a *huge* operation. Suppose you were the
> CIO or the CSO for the US government (excluding the classified stuff)
> -- what is the proper cybersecurity strategy?
Step 1: Figure out what I actually *have* a
On Tue, 07 Oct 2008, Sean Donelan wrote:
> On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote:
> >On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said:
> >>What about exceeding the minimum requirements for a change.
> >(I think you'll find that if somebody is actually willing to *pay* for more
> >security
On Tue, 7 Oct 2008 14:07:04 -0400 (EDT)
Sean Donelan <[EMAIL PROTECTED]> wrote:
> On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote:
> > On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said:
> >> What about exceeding the minimum requirements for a change.
> > (I think you'll find that if somebody is actu
On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote:
On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said:
What about exceeding the minimum requirements for a change.
(I think you'll find that if somebody is actually willing to *pay* for more
security, there's plenty of outfits who are more than happy t
On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said:
> What about exceeding the minimum requirements for a change.
It's like any other field - the customer wants more than the minimum, they'll
have to pay more. Almost all contractors will at least act like they're trying
to meet the local buildin
On Tue, 07 Oct 2008, Sean Donelan wrote:
> On Mon, 6 Oct 2008, Buhrmaster, Gary wrote:
> >The Federal Government (through its "Trusted Internet
> >Connection" initiative) is trying to limit the number
> >of entry points into the US Government networks.
> >(As I recall from 4000 interconnects to ar
On Mon, 6 Oct 2008, Buhrmaster, Gary wrote:
The Federal Government (through its "Trusted Internet
Connection" initiative) is trying to limit the number
of entry points into the US Government networks.
(As I recall from 4000 interconnects to around 50,
where both numbers have a high percentage of
> Which is easier to shut down, an attack coming from a relatively small
> number of /16s that belong to the government, or one coming from the
> same number of source nodes scattered *all* over Comcast and Verizon
> and BT and a few other major providers?
>
> Hint 1: Consider the number of entr
On Sun, 05 Oct 2008 18:30:11 BST, n3td3v said:
> You guys are living in cloud cuckoo land. The rogue government
> wouldn't have their bot nets in home computers that you could shut
> down easily.
Which is easier to shut down, an attack coming from a relatively small
number of /16s that belong to
Yes, they put these bizarre ideas out there to see what public opinion
is, they don't have a chance in hell of implementing it.
On Sun, Oct 5, 2008 at 6:46 PM, James Matthews <[EMAIL PROTECTED]> wrote:
> They generally don't have any clue what they want. This is only a PR stunt
>
> On Sun, Oct 5,
Bad idea,
The rogue government would use hospitals and power stations, to "cyber
human shield" against the counter attack.
You guys are living in cloud cuckoo land. The rogue government
wouldn't have their bot nets in home computers that you could shut
down easily.
Read my rant about it all with
18 matches
Mail list logo
