Re: [fw-wiz] Highlighting Security Issues

From: Victor Williams (vbwilliams_at_neb.rr.com)
Date: 08/01/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Highlighting Security Issues"
    Date: Sun, 01 Aug 2004 16:20:40 -0500
    
    

    As an addendum to my emotional response to this guy's claim he did
    nothing wrong...

    This is typical gov't know-nothing behavior. If we don't know what it
    is, it must be bad, and we must have been hacked.

    I met the chief security officer for the US Dept of Agriculture back in
    2000 (don't know if it's still the same guy), and during discussions
    with him, he was just convinced that dual-homed machines of any sort
    were more able to get hacked than single-homed. After questioning him
    repeatedly on it, I finally asked the question "Aren't most firewalls
    'dual-homed' machines? Most all of them have at least 2 NICS--it's a
    requirement..right? And if so, doesn't the work of the administrator of
    the dual-homed machine ultimately determine it's hackability?" No
    answer. He ignored me from that point forward.

    It is never assumed that the lower ranks might know what they're doing.
      It's just assumed that because they get paid less, they don't know
    anything. In my experience, that's not always the case...but usually.
    I don't doubt that the person here probably knew more technically enough
    to not compromise any machines for *hackers*...whatever that means. I
    question his motives for doing so...and in questioning those motives, I
    guess I don't see his documenting having any technically sound
    proof...which is why I contended that he wasn't that technically savvy
    to be trying to find any *proof* of anything on anyone, and that upper
    management also seems to be pretty clueless. It's a vicious circle in
    my opinion. Clueless people beating up clueless people. It will never
    end...not as long as the lowest bidder always wins--which is what gov't
    is built around.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "Re: [fw-wiz] Highlighting Security Issues"