Re: Actual Security Cases

From: squid (squidvt@yahoo.com)
Date: 01/30/03

  • Next message: Clark, Steve: "RE: VNC" 
    Date: Wed, 29 Jan 2003 20:08:35 -0800 (PST)
From: squid <squidvt@yahoo.com>
To: security-basics@securityfocus.com

    You might want to look at "Secrets and Lies : Digital
    Security in a Networked World" By Bruce Schneier.

    Even though it does not specificaly cover the risks of
    forwarding email from a corporate account to a
    personal account such as AOL or Yahoo, it does cover
    how a lot of the need to mantain security for
    communications. It sounds like you are facing a
    classic problem I have seen with many managers,
    ignorance to security and how it can affect there
    ability to keep there jobs.

    > Does anybody know a good internet source of actual
    > security related real
    > life cases? I know that it's a risk to forward
    > corporate mail to
    > internet e-mail account like AOL or gmx. But I need
    > a case like "in
    > january 2001 the aol accounts of xyz got cracked and
    > a lot of
    > confidential data was published by some hackers on
    > the internet" to
    > convince a manager who thinks the risk is just
    > theoretical and nothing
    > ever happened. I would like to have such stories for
    > different threats
    > (no remote access via modem, no weak passwords, no
    > unenecrypted data on
    > laptops,...). In my opinion the stories in the book
    > "Tangled Web" are
    > just a starting point (some of them are not easy
    > enough for managers).
    >
    > --
    > <- ullmic6 ->
    >

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    http://mailplus.yahoo.com

    Relevant Pages

    • Risks Digest 25.73
      ... German electronic health card system failure ... Risks of the Cloud: Liquid Motors ... Oakland 2010, IEEE Symposium on Security and Privacy, CFP ... A friend's facebook account was hacked recently (a neat little short-term ...
      (comp.risks)
    • Re: Is it possible to "disable" Internet Explorer in this case?
      ... and access the NTFS security settings of the file. ... There you can set a Deny of all for the account ... > Is it possible to "disable" Internet Explorer in this case? ... I have an employee who simply cannot stay off the ...
      (microsoft.public.security)
    • Re: MBSA, Office Update, Versions, Failures
      ... I apologize for posting this to three groups (MBSA, Windows Update, ... with Domain User account. ... Microsoft Baseline Security Advisor (? ... Office 2000 Security Patches - Red X's, ...
      (microsoft.public.officeupdate)
    • Re: write with cURL
      ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ...
      (alt.php)
    • Re: Security Zone Buttons are disabled
      ... By default w2k8 enabled Internet Explorer Enhanced Security IE ESC for all users and Administrators to help protect your server from internet threats etc. ... In another account it is working but not in the account I created for me. ...
      (microsoft.public.windows.server.general)