PaulDotCom mailing list archives
Have a laugh on me...
From: iamnowonmai at gmail.com (iamnowonmai)
Date: Mon, 12 Oct 2009 22:10:38 -0400
I'm sure it won't take long for "Bob" to turn it into a warez site if you set back long enough.... ;) On Mon, Oct 12, 2009 at 4:44 PM, Jason Wood <tadaka at gmail.com> wrote:
I asked a lot of folks who's opinion I highly respect about this issue. Their opinion was largely the same as Vincent's. You can and should suggest, recommend, and take every chance you get to move people towards protecting their data. However, you still need to document what you feel needs to be done and CYA. In the end, if/when the system gets hacked the security guy is a likely scapegoat. Protect your backside and be the person with the plan to deal with it. For a differently worded opinion on it... http://taosecurity.blogspot.com/2008/09/is-experience-only-teacher-in-security.html Jason On Mon, Oct 12, 2009 at 2:19 PM, Kennith Asher <herrasher at gmail.com>wrote:I have to disagree with your approach Vincent. The point is to protect people from themselves, not point a finger after they've failed. Security is a tough biz since it gets in the way of most people just doing their job. It's up to us to convince them that the risk of breach is much worse than the inconvenience caused by good security policy. Us versus them is simply not the way to a more secure environment. As much as I enjoy a good laugh at the expense of an uninformed person's Epic Fail, documented conversation + CYA response - customer data = FAIL on both of you IMO. Ken On Mon, Oct 12, 2009 at 12:42 PM, Vincent Lape <vlape at me.com> wrote:document your conversation with "top buy" create a report stating the issue and remediation recommendations and just wait till it gets pwned. Once customer data is out there in the wild im sure they will have a different outlook on the issue. Just make sure you CYA so "top guy" doe snot come back and say hey that dude was responsible to fixing that problem. On Oct 12, 2009, at 10:24 AM, Soft Reset wrote:Without spilling details, I told the IT team to remove an exposed web portal from the internet as it was not SSL protected and the password was easy enough to be found in my kid's "My First Dictionary". This is the response I got back from our "top guy": "Many people need access to the web portal. Remember that one of the objectives is to develop a strategy for the customer. Easier access, not harder, should be the goal." I laughed. How about you? --SR6 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- irc: Tadaka Twitter: Jason_Wood jwnetworkconsulting.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091012/30e31d6d/attachment.htm
Current thread:
- Have a laugh on me..., (continued)
- Have a laugh on me... Robert Portvliet (Oct 12)
- Have a laugh on me... Jason Wood (Oct 12)
- Have a laugh on me... Jim Halfpenny (Oct 12)
- Have a laugh on me... Vincent Lape (Oct 12)
- Have a laugh on me... Kennith Asher (Oct 12)
- Have a laugh on me... Vincent Lape (Oct 12)
- Have a laugh on me... Kennith Asher (Oct 12)
- Have a laugh on me... Dan McGinn-Combs (Oct 13)
- Have a laugh on me... infolookup at gmail.com (Oct 13)
- Have a laugh on me... Kennith Asher (Oct 12)
- Have a laugh on me... Jason Wood (Oct 12)
- Have a laugh on me... iamnowonmai (Oct 12)