[unisog] Do any of you IM?

Elaine N Ward eward at austin.utexas.edu
Wed Feb 25 16:54:58 GMT 2004

True.  Still, there's something to be said for knowing with whom you are
communicating on sensitive topics.  The point at which 'security by
obscurity' begins and unnecessarily opening one's organization to
'footprinting' ends is not always obvious.  

I believe that most security professionals would agree that there are
those with bad intent who continually search the internet and lurk in
newsgroups to obtain free, sensitive information about our
organizations. Perhaps it's a little like locking the car--it won't do a
thing to stop a determined car thief, but it will deter most simply by
making the vehicle a little less inviting. 

Bruce Schneier addressed the complexities well, I thought, in the May
15, 2002, edition of the Crypto-Gram. 


Elaine N. Ward
Information Technology Policy Officer
ITS Information Security Office
The University of Texas at Austin
(512) 475-9482

pgp keyID:  0xDE40B956

-----Original Message-----
From: STeve Andre' [mailto:andres at msu.edu] 
Sent: Tuesday, February 24, 2004 12:35 PM
To: unisog at sans.org
Cc: Mary M. Chaddock
Subject: Re: [unisog] Do any of you IM?

Attempts to "keep things private" always backfire.  Always.

The bad people know all the tricks and spread them around.
Whenever I hear of people in the security world talk of making
things private, I think of the open source projects that believe
in "full disclosure" of problems and how secure they are.

Those publically archived items relating to security help countless
people down the line as they trawl for snippits of information
about problems they're dealing with.  Stopping the ability of
people do to that will increase security problems, and do little
to deter the bad people from handing things around.

If I'm IM'able, I can also read email.  If I have an email I can respond
to something quickly if need be, or look at later in the day.  Not so
with a lot of IM systems.

Please don't try to hide the spread of information.  That is never
a good thing.

--STeve Andre'
MSU dept. of Political Science

On Tuesday 24 February 2004 09:16 pm, Mary M. Chaddock wrote:
> Here is just a quick brain-storm idea...
> Would it be helpfull/nice/convenient if Unisog'ers were able to IM
> other?
> I'm really just thinking that it might be helpful to me if I had a
> list of unisog'ers that I could contact without worry of my questions
> being publically archived and forever available on the internet.
> Anyone have any thoughts on the subject?
> -Mary.

More information about the unisog mailing list