[unisog] Do any of you IM?

STeve Andre' andres at msu.edu
Wed Feb 25 17:21:43 GMT 2004


If the prevailing thought becomes "talk to only whom you know"
then the computer security world will become very small and
fragmented.  Part of the fantastic nature of the net is precisely
the people I don't know--people who I have met electronically
who have helped me, given me ideas to ponder and in some cases
have become really good friends.

Of course you don't know who is out there.  One never knows
what might lurk in the shadows of cyberspace, or in real life.  But
I for one have little interest in changing my attitudes in communicating
simply because the bad people are "out there".  Bad to evil has always
been a presence.  It is part of the human condition.

Given the incredible speed at which things like port scanning can
be done, I believe it false to be worried about exposing ones
organizational weak spots.  Several times in the last year I have
had conversations with people in corporations who were always
behind what the vandals were doing to them.  They the vandals know
what to look for, and many keep records of past exploits to remind
themselves that past events often lead to future juicy possibilities.

Now, having said this, if I found a new RPC type of bug in
Windows that had no defense, I wouldn't immediately put it
out on the net.  But normal discussion of the typical problems
I'm not concerned about, because the bad folks are already
there.  Everything that can be searched for can help someone
else who is coming up to speed on issues.  I will focus on the
positive.

--STeve Andre'

On Wednesday 25 February 2004 11:54 am, Elaine N Ward wrote:
> True.  Still, there's something to be said for knowing with whom you are
> communicating on sensitive topics.  The point at which 'security by
> obscurity' begins and unnecessarily opening one's organization to
> 'footprinting' ends is not always obvious.
>
>
> I believe that most security professionals would agree that there are
> those with bad intent who continually search the internet and lurk in
> newsgroups to obtain free, sensitive information about our
> organizations. Perhaps it's a little like locking the car--it won't do a
> thing to stop a determined car thief, but it will deter most simply by
> making the vehicle a little less inviting.
>
>
> Bruce Schneier addressed the complexities well, I thought, in the May
> 15, 2002, edition of the Crypto-Gram.
> http://www.schneier.com/crypto-gram-0205.html
>
>
>
> Elaine
>
>
> Elaine N. Ward
> Information Technology Policy Officer
> ITS Information Security Office
> The University of Texas at Austin
> (512) 475-9482
>
> pgp keyID:  0xDE40B956
>
> -----Original Message-----
> From: STeve Andre' [mailto:andres at msu.edu]
> Sent: Tuesday, February 24, 2004 12:35 PM
> To: unisog at sans.org
> Cc: Mary M. Chaddock
> Subject: Re: [unisog] Do any of you IM?
>
> Attempts to "keep things private" always backfire.  Always.
>
> The bad people know all the tricks and spread them around.
> Whenever I hear of people in the security world talk of making
> things private, I think of the open source projects that believe
> in "full disclosure" of problems and how secure they are.
>
> Those publically archived items relating to security help countless
> people down the line as they trawl for snippits of information
> about problems they're dealing with.  Stopping the ability of
> people do to that will increase security problems, and do little
> to deter the bad people from handing things around.
>
> If I'm IM'able, I can also read email.  If I have an email I can respond
> to something quickly if need be, or look at later in the day.  Not so
> with a lot of IM systems.
>
> Please don't try to hide the spread of information.  That is never
> a good thing.
>
> --STeve Andre'
> MSU dept. of Political Science
>
> On Tuesday 24 February 2004 09:16 pm, Mary M. Chaddock wrote:
> > Here is just a quick brain-storm idea...
> > Would it be helpfull/nice/convenient if Unisog'ers were able to IM
>
> each
>
> > other?
> >
> > I'm really just thinking that it might be helpful to me if I had a
>
> buddy
>
> > list of unisog'ers that I could contact without worry of my questions
> > being publically archived and forever available on the internet.
> >
> > Anyone have any thoughts on the subject?
> > -Mary.



More information about the unisog mailing list