[unisog] Do any of you IM?

Eric Pancer epancer at security.depaul.edu
Wed Feb 25 18:51:01 GMT 2004


Elaine N Ward wrote on Wed, 2004-02-25 at 10:54:58 -0600...

> True.  Still, there's something to be said for knowing with whom you are
> communicating on sensitive topics.  The point at which 'security by
> obscurity' begins and unnecessarily opening one's organization to
> 'footprinting' ends is not always obvious.  

Well, what makes you think you should trust anyone here? Personally,
I know who I can talk to and who I can't talk to about specific
technical information, and I *always* assume that everyone is
watching all conversations (via email, IRC, etc.). 

This is a trust issue, not an issue of what gets archived, who
lurks, etc. If you think you can trust anyone here to not
divulge your information, then feel free to send us your bank
account information, credit card numbers, etc. :-)

Out of the X number of people that talk on this list, how many would
you trust to not have compromised mail servers, not to accidentally
post thier mail archives to someplace google can spider, etc?

> I believe that most security professionals would agree that there are
> those with bad intent who continually search the internet and lurk in
> newsgroups to obtain free, sensitive information about our
> organizations. Perhaps it's a little like locking the car--it won't do a
> thing to stop a determined car thief, but it will deter most simply by
> making the vehicle a little less inviting. 

Indeed, and most of us have wondered how our posts have ended up in
the wrong hands. But being in a forum like this, where information
sharing provides more useful results than harmful results, is a
tradeoff just like anything else.

I'm a fan of having some sort of real-time discussion system,
whether it be IRC, a jabber server, or hell -- even a BBS somewhere!
But that doesn't mean I'm going to go around handing our more
information that I just anyone.

...now I'm $0.02 poorer...

-- 
Eric Pancer     Computer Security Response Team     DePaul University
http://security.depaul.edu/               epancer at security.depaul.edu 
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3
                                                                 :wq!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 447 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040225/a7574fbf/attachment-0003.bin


More information about the unisog mailing list