-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Subject: Re: On the subject of security...
> I think it has everything to do with the comic, or at least my understanding
> of the comic. What I'm
> reading from it is that he's using poor web brows
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Subject: Re: On the subject of security...
>> Everything is about /management/ of risk, not 99.99% avoidance of risk.
>
> You manage risk by taking countermeasures, I believe, not by ignoring them.
Where do
On Wed, Apr 17, 2013 at 7:52 PM, Ken Schaefer wrote:
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Subject: Re: On the subject of security...
>
>>>> No running executables from untrusted sources, turn off scripting in
>>>> my br
Sorry for the delay - many balls in the air...
On Thu, Apr 18, 2013 at 5:11 AM, Ben Scott wrote:
> On Thu, Apr 18, 2013 at 12:53 AM, Kurt Buff wrote:
Not that they're equivalent in power, but that each kind of account
can do and has access is different and equally valuable.
>>>
>>> F
On Thu, Apr 18, 2013 at 11:16 AM, Andrew S. Baker wrote:
> Protecting root access in a system does have some value when it comes to
> persistence of malware. Malware that is confined to userland is easier to
> detect and uproot than malware that makes it to a deeper level.
There is certainly so
y, 18 April 2013 6:08 AM
> To: NT System Admin Issues
> Subject: Re: On the subject of security...
>
> > If that's the case, then he didn't make his point at all clear.
> ...
> > True again - and again unremarkable. My point is that you have to use
> the sam
Generally, I agree with your point. Risk management is a holistic
endeavor, and when we forget that, we get hung up on technicalities that
don't help us achieve the end goal.
Protecting root access in a system does have some value when it comes to
persistence of malware. Malware that is confined
On Thu, Apr 18, 2013 at 12:53 AM, Kurt Buff wrote:
>>> Not that they're equivalent in power, but that each kind of account
>>> can do and has access is different and equally valuable.
>>
>> For the typical home user, which is what that comic is focused
>> on[1], not so much.
>>
>>> Root/Administ
On Wed, Apr 17, 2013 at 7:08 PM, Ben Scott wrote:
> On Wed, Apr 17, 2013 at 4:07 PM, Kurt Buff wrote:
>> My point is that you have to use
>> the same methods to protect unprivileged accounts as you do
>> root/administrator.
>
> "True and unremarkable."
>
> There, I did it, too. See how that
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Subject: Re: On the subject of security...
>>> No running executables from untrusted sources, turn off scripting in
>>> my browsers, view all email as plain text, no remembering/caching of
>>> p
On Wed, Apr 17, 2013 at 4:07 PM, Kurt Buff wrote:
> My point is that you have to use
> the same methods to protect unprivileged accounts as you do
> root/administrator.
"True and unremarkable."
There, I did it, too. See how that fails to contribute to the discussion?
> Not that they're equ
On Wed, Apr 17, 2013 at 4:29 PM, Ken Schaefer wrote:
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, 18 April 2013 6:08 AM
> To: NT System Admin Issues
> Subject: Re: On the subject of security...
>
>> If that's the case,
I would enforce most of it if policy allowed, but in the absence of
any written policy (which is my current situation), I can't. Were it
in my power to actually set policy, things would be much different.
At the very least, I'd love to be able to implement the top 4 controls
- patch the OS, patch
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Thursday, 18 April 2013 6:08 AM
To: NT System Admin Issues
Subject: Re: On the subject of security...
> If that's the case, then he didn't make his point at all clear.
...
> True again - and again
You do that. Do you enforce that down to your users? All of that?
What is an untrusted source?
On Wed, Apr 17, 2013 at 4:42 PM, Kurt Buff wrote:
> On Wed, Apr 17, 2013 at 1:19 PM, Jonathan Link
> wrote:
> > On Wed, Apr 17, 2013 at 4:07 PM, Kurt Buff wrote:
> >>
> >> On Wed, Apr 17, 2013 at
y the sender by replying to the message. Then,
delete the message from your computer. Thank you.
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, April 17, 2013 2:43 PM
To: NT System Admin Issues
Subject: Re: On the subject of security...
On Wed, Apr 17, 2013
On Wed, Apr 17, 2013 at 1:19 PM, Jonathan Link wrote:
> On Wed, Apr 17, 2013 at 4:07 PM, Kurt Buff wrote:
>>
>> On Wed, Apr 17, 2013 at 12:27 PM, Ben Scott wrote:
>> > On Wed, Apr 17, 2013 at 2:43 PM, Michael B. Smith
>> > wrote:
>> >> IOW: Security is for the MANAGEMENT of risk and MITIGATION
On Wed, Apr 17, 2013 at 4:07 PM, Kurt Buff wrote:
> On Wed, Apr 17, 2013 at 12:27 PM, Ben Scott wrote:
> > On Wed, Apr 17, 2013 at 2:43 PM, Michael B. Smith
> wrote:
> >> IOW: Security is for the MANAGEMENT of risk and MITIGATION of same. For
> real
> >> world systems, and usage of them, there
On Wed, Apr 17, 2013 at 12:27 PM, Ben Scott wrote:
> On Wed, Apr 17, 2013 at 2:43 PM, Michael B. Smith
> wrote:
>> IOW: Security is for the MANAGEMENT of risk and MITIGATION of same. For real
>> world systems, and usage of them, there is no such thing as perfect security.
>
> That's true, too,
On Wed, Apr 17, 2013 at 12:06 PM, Ben Scott wrote:
> On Wed, Apr 17, 2013 at 2:42 PM, Kurt Buff wrote:
> http://xkcd.com/1200/
So, yeah, that's true if you don't use full disk encryption, or a
>>> You're missing the point.
>> No, I'm not missing the point.
>
> Well, then, you're appa
On Wed, Apr 17, 2013 at 2:43 PM, Michael B. Smith wrote:
> IOW: Security is for the MANAGEMENT of risk and MITIGATION of same. For real
> world systems, and usage of them, there is no such thing as perfect security.
That's true, too, but the point Munroe is trying to make is that a
lot of peopl
On Wed, Apr 17, 2013 at 2:42 PM, Kurt Buff wrote:
http://xkcd.com/1200/
>>> So, yeah, that's true if you don't use full disk encryption, or a
>> You're missing the point.
> No, I'm not missing the point.
Well, then, you're apparently choosing not to discuss it, then. For
an email conver
Subject: Re: On the subject of security...
On Wed, Apr 17, 2013 at 2:29 PM, Kurt Buff wrote:
> On Wed, Apr 17, 2013 at 1:59 AM, James Rankin wrote:
>> ...today's XKCD sums it up nicely
>>
>> http://xkcd.com/1200/
>
> So, yeah, that's true if you don't use
On Wed, Apr 17, 2013 at 11:36 AM, Ben Scott wrote:
> On Wed, Apr 17, 2013 at 2:29 PM, Kurt Buff wrote:
>> On Wed, Apr 17, 2013 at 1:59 AM, James Rankin wrote:
>>> ...today's XKCD sums it up nicely
>>>
>>> http://xkcd.com/1200/
>>
>> So, yeah, that's true if you don't use full disk encryption, or
On Wed, Apr 17, 2013 at 2:29 PM, Kurt Buff wrote:
> On Wed, Apr 17, 2013 at 1:59 AM, James Rankin wrote:
>> ...today's XKCD sums it up nicely
>>
>> http://xkcd.com/1200/
>
> So, yeah, that's true if you don't use full disk encryption, or a
> password on your computer/domain account ...
You're
On Wed, Apr 17, 2013 at 1:59 AM, James Rankin wrote:
> ...today's XKCD sums it up nicely
>
> http://xkcd.com/1200/
So, yeah, that's true if you don't use full disk encryption, or a
password on your computer/domain account and a locked screensaver with
a reasonable timeout, and if you have your br
26 matches
Mail list logo
