My life sucks - was Re: [Full-Disclosure] Authorities eye MSBlaster suspect

security_at_brvenik.com
Date: 08/30/03

  • Next message: technoboy: "HIS life sucks Re: [Full-Disclosure] Authorities eye MSBlaster suspect" 
    To: full-disclosure@lists.netsys.com
Date: Sat, 30 Aug 2003 01:31:11 -0400

    I must say, you folk are over worked and I think that you harbor a
    slight grudge because of it.

    > In case anybody thinks that XX is somehow bragging, forget it. The
    > many roles he is expected to fulfill are typical in a university
    > environment. There *is* no such thing as "an intrusion detection
    > specialist". Everyone in edu wears many hats - most of which are
    > fulltime jobs in their own right.

    An example was given where projects were on hold for whatever reason. I
    believe those projects were impacted severely by a lack of productivity
    while the network was down too. To take it a little bit further, a lot
    of other projects that generate the revenue that contribute to the
    grants that fund the projects were impacted because of the insecurity of
    systems as a whole. I think we can all agree that the EDU is as damaging
    as the high speed home user in this respect. The issue I take is that
    the EDU has an opportunity to mitigate these issues in part through
    policy and education. The home user is a much more difficult challenge.

    >> And you can't weasel out by saying "Hire somebody else to do that other
    >> stuff" or "hire somebody else to do security" - the point is that if we
    >> did hire somebody else, then we'd only have 1 person of the 2 available
    >> for productive work. If we didn't have to keep spending resources on
    >> security, BOTH people would be available then.
    >

    Kudos to all administrators for taking on the task of managing and
    running a challenging environment. I fear that the probems you face are
    not easily resolved at your level and that there is a lot more work to
    be done to raise the awareness at all levels. You have chosen to take on
    this challenge by your decision to continue to work there, please quit
    telling us how difficult it is and why you cannot do it and spend that
    time doing it and explaining how you did it. I understand that it will
    take longer and I understand that it is frustrating and I understand
    that it is... Truth is you choose to continue to work there and be
    security aware so please contribute to the solution and not defend your
    problems.

    > That's won't stop anyone from trying though. They actually think
    > "security" is the stuff you *should* be doing, not helping your users
    > be more productive.

    Like it or not security is a part of the job and failure to execute is
    not just your problem, we all feel the impact. Don't like the work,
    change your life, go sell something at your local retail store and have
    fun every day when you are off instead of should be off.

    I believe that _proper_ security will help your users be more
    productive, not just the act of patching and patching but employing the
    methodologies behind proper security. What would have been the impact to
    productivity had this worn of the day deleted all .doc files and then
    filled the ramaining disk with random chars?

    People sit here on this list defending the problems and issues they face
    giving those that might be facing similar problems a reason to ignore it
    because XYZ is not solving it either. The reaity is that you can be by
    presenting how you solved problems given the limited budget and
    resources available and help those facing similar challenges instead of
    giving them reasons to ignore them and complaining all the time.

    Tis all I am going to sat about that.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: technoboy: "HIS life sucks Re: [Full-Disclosure] Authorities eye MSBlaster suspect"

    Relevant Pages

    • RE: SQL Slammer doing the rounds again?
      ... "I used to hate writing assignments, ... this - Is there a valid business reason to expose UDP ... > Security Business Unit ... > at the largest, most highly-anticipated industry ...
      (Incidents)
    • Re: Why do I need SELinux?
      ... >>I think I am probably a typical home user, ... >>who I assume are not running web servers accessible by the world. ... >There's so many different ways you can have your security break - to ... >thing as logging in as root and that is one of the protections of ...
      (Fedora)
    • Re: Finally, a secure computer
      ... I just installed all security patches from the download site. ... > [especially a home user] to stay secure just with a firewall without ... It is very common for hackers ... > prevent major pain even for home computer users. ...
      (microsoft.public.inetserver.iis.security)
    • Re: [SLE] setting multiple user id to 0 (zero) is bad ! Why?
      ... On 6/30/05, Chadley Wilson wrote: ... > again!!), uucp. ... > This reason however has been flawed as we have other sites that work properly ... that it was due to sloppy and lazy security practices. ...
      (SuSE)
    • Re: non-disclosure of infrastructure problem a management issue?
      ... It doesn't seem likely that that was the reason. ... to say that it was about security. ... I did trust the Fedora project. ... and I have the sense not to speculate without the full facts. ...
      (Fedora)