RE: A reminder that security is not inherently solvable with tech nology

From: Ranjeet Shetye (ranjeet.shetye2_at_zultys.com)
Date: 10/29/03

  • Next message: Philip Wagenaar: "Betr.: Re: MS Patches Management software: SUS vs 3rd party" 
    To: security-basics@securityfocus.com
Date: Tue, 28 Oct 2003 15:25:01 -0800

    On Tue, 2003-10-28 at 03:01, Jack Solomon wrote:
    > On Fri, 2003-10-24 at 19:02, Hagen, Eric wrote:
    > >The fact is that in the US, an individual would likely be arrested for even
    > >threatening to release this information. The problem with the countries
    > >overseas is that US laws, especially the privacy laws, are virtually
    > >unenforcable. While the activity of releasing that information it illegal
    > >in the US, it is not usually illegal in another country, therefore, even if
    > >the individual released that information while residing in his native
    > >country, his actions would be entirely lawfull, and even under extradition
    > >treaties, the US would have little or no recourse in sequestering that
    > >information, which is a huge problem.
    > >
    > >Just my 2c.
    > >
    > >Eric
    >
    > My 2 pennies...
    >
    > I find it interesting that you consider unenforceability of US laws across
    > the rest of the world a problem. Whether North America grasps it or not, it
    > is part of a larger community. Over here in the UK we have a very good
    > legal system. We've got legislation too, including the Data Protection Act
    > and the Computer Misuse Act. It is illegal to disclose private information
    > in the UK and this is regularly enforced, both through civil actions and
    > criminal prosecutions.
    >
    > Believe it or not, the world outside of the US is not comprised of backward
    > third-world countries. Of course, it is not a good idea to outsource your
    > banking operation to fraud-centres like India, but don't loose sight of the
    > fact that when the US does business with the rest of the world, its citizens
    > and their businesses are protected by something invented in Europe about a
    > thousand years ago, International Law.

    Couldn't let this idle chatter just pass by.

    Why do you think it is NOT a good idea to outsource fraud-centres to
    India ?? Any concrete evidence ?

    In fact w.r.t fraud/corruption, let me see...

    http://www.expressindia.com/ie/daily/20001011/ina11004.html

    Former Indian Prime Minister is sentenced to jail (under Prevention of
    Corruption Act) for bribery and fraud. (and this was NOT a political
    vendetta - before you come up with excuses like that). On the other
    hand, Nixon was given a pardon. Why ?

    Please show me Clinton doing jail time for perjury, or Cheney doing jail
    time for the on-going Haliburton-Iraq multi-billion dollar charade. Or
    Reagan in the slammer for Iran-Contra.

    What about someone from the White House going to jail for unveiling the
    CIA operative ? Or Bush's daughters doing time for repetitively using
    false IDs to obtain alcohol illegally ?
    (http://www.sptimes.com/News/060501/Floridian/One_press_secretary__.shtml to see how the White House stonewalled all queries)

    Heck forget all this. Just put Henry Kissinger on trial for his various
    genocidal schemes (The Trial of Henry Kissinger by Christopher Hitchins)
    and I'll consider that fraud/corruption at the high echelons gets
    tackled in the West. Or extradite Union Carbide ex-CEO Warren Anderson
    for his criminal behaviour in the Bhopal gas tragedy - the world's
    largest industrial disaster.

    Or consider the case of top management in Enron and SCO profitting on
    their worthless stock. Or what about Martha Stewart or O.J. Simpson
    actually serving time ?

    You've got your own prejudices about western governments/corporations
    being less corrupt and less stupid. That's quite true at the lower
    government/corporate levels but not necessarily at the higher levels.

    Coming back to fraud from the technical perspective:

    If you mention an unstable electricity infrastructure as a reason to
    avoid outsourcing, that's very valid. But you haven't given any reason
    to back your claim that fraud centres should not be based out of India.

    In fact, if you really want to quantify technical excellence, 44 of the
    world's 60 SEI level 5 centres are in India. To the point where Huawei
    (a Chinese router company) has its only SEI level 5 centre based in
    India.

    So in terms of pure merit, skills, and capability, I dont see why one
    should not base a technology centre in India. And if fraud-analysis /
    cyber-forensics is one of those technologies, so be it.

    $0.02,

    >
    >
    > Regards
    >
    > Jack
    >
    > _________________________________________________________________
    > It's fast, it's easy and it's free. Get MSN Messenger today!
    > http://www.msn.co.uk/messenger
    >
    >
    > ---------------------------------------------------------------------------
    > Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    > The Presidio integrates PGP data encryption and XML Web Services security to
    > simplify the management and deployment of PGP and reduce overall PGP costs
    > by up to 80%.
    > FREE WHITEPAPER & 30 Day Trial -
    > http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    > ---------------------------------------------------------------------------- 

    -- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.
---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------
  • Next message: Philip Wagenaar: "Betr.: Re: MS Patches Management software: SUS vs 3rd party"