firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: 2nd Life (Paul D. Robertson)
2. Re: FYI: DDOS services for sale... (Dave Piscitello)
3. Re: 2nd Life (Jim Seymour)
4. Re: 2nd Life (Paul D. Robertson)
----------------------------------------------------------------------
Message: 1
Date: Sat, 10 Nov 2007 02:36:32 -0500 (EST)
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: Re: [fw-wiz] 2nd Life
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <Pine.LNX.4.44.0711100232200.13100-100000@bat.clueby4.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 9 Nov 2007, Steven Osman wrote:
> Well, that's all true, and not to offend anyone on the list or anything,
> but there's a reason that folks who are hired to do PR and marketting are
> not the same folks who are hired to secure networks.
Yes, but from a security perspective you've always got to sort of balance
business growth with what's essentially a fiduciary responsibility to
protect the organization- lots of times from itself.
> We're "reasonably" good at what we do, let's trust that other folks are
> "reasonably" good at what they do, whether we understand it entirely or
> not.
That doesn't mean we let them make strategic network decisions by blindly
allowing their choices.
> It's always easier to just say no to everything, but then nothing gets
> done.
Not much gets compromised either.
A good security practicioner should be able to bring a business case along
with the security case. Not saying "no" might make you popular
internally, but security isn't about popularity, and like it or not for
almost all cases the less you let in, the less risk you assume- so letting
more and newer things in _should_ be an uphill battle.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
------------------------------
Message: 2
Date: Sat, 10 Nov 2007 09:09:20 -0500
From: Dave Piscitello <dave@corecom.com>
Subject: Re: [fw-wiz] FYI: DDOS services for sale...
To: darrenr@reed.wattle.id.au, Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4735BB90.80304@corecom.com>
Content-Type: text/plain; charset="iso-8859-1"
I imagine this kind of soliciting is more common on irc where bot
herders and fast flux operators make their "services" available.
Perhaps some of these bad actors are so confident they are bulletproof
they are expanding advertising into "open" channels. Not a happy thought.
Darren Reed wrote:
> I can't comment on how common this kind of advertising is,
> only that this is the first time I've seen it...
>
> Darren
>
> "DDOS servise
> Elimination of sites of your competitors quickly and qualitatively!!!
> icq 4XXXXXXXX"
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
Url : https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20071110/2b837daa/attachment.vcf
------------------------------
Message: 3
Date: Sat, 10 Nov 2007 07:54:57 -0500 (EST)
From: jseymour@linxnet.com (Jim Seymour)
Subject: Re: [fw-wiz] 2nd Life
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <20071110125457.C487CE15A@jimsun.linxnet.com>
"Tim Shea" <tim@tshea.net> wrote:
>
> Its our job to
> figure out ways to deliver without giving up the store.
Sometimes the request would be equivalent to asking how to swim without
getting wet. This would appear to be one of them.
>
> What did you do? You insulted him and his company based
> on little or no information in a public forum.
I'm not sure what he wrote. My mail client is kind of old and lame,
and what with lack of proper quoting or attribution, well...
Geeks tend to tell it as they see it, with little thought to social
niceties. It's why we don't make good PR people--even for ourselves.
It's the nature of the beast. If you want nice, I would suggest
hanging-out with a den of geeks is not the place for you.
> This industry is screwed
> up enough without insulting colleagues who are trying to do the right
> thing.
I hardly think a bit of back-and-forth, no matter how blunt, is going
to contribute significantly to the IT industrie's screwed-up-ness.
In fact: A bit more straight talk, and a few more IT professionals that
aren't willing to sell their souls for a dollar, might just result in a
less screwed-up industry.
>
> That's the last I'll say about this.
Fine. All your outrage aside: It doesn't change the fact that poking
holes though a firewall until it looks like Swiss cheese, to support
Ghod-knows-what traffic going between something out on the 'net and
(presumably) exploit-prone clients on your allegedly secure LAN is
unwise--not to put too fine a point on it. To do so to support some
variant of what boils down to social networking and business gaming is
down-right irresponsible, IMO.
I, for one, hope the insurance company in question is not one with
which I'm insured, not the one in which I hold stock, and not one in
which my 401k is invested. If I found it was any of those, it would
quickly become *not* one of those.
Regards,
Jim
------------------------------
Message: 4
Date: Sat, 10 Nov 2007 08:56:48 -0500 (EST)
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: Re: [fw-wiz] 2nd Life
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <Pine.LNX.4.44.0711100853580.13100-100000@bat.clueby4.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sat, 10 Nov 2007, Jim Seymour wrote:
> I, for one, hope the insurance company in question is not one with
> which I'm insured, not the one in which I hold stock, and not one in
> which my 401k is invested. If I found it was any of those, it would
> quickly become *not* one of those.
I'll take the opposite tack- I'd rather my insurance companies *did* ask
here (and were looking at at least limiting it to some sort of terminal
service) rather than just opening things up to the world without asking
anyone. Who knows what the ones who don't know/care about the risks are
doing?
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 19, Issue 6
***********************************************
No comments:
Post a Comment