Return-Path: <sentto-279987-4221-1010395395-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 07 Jan 2002 01:25:07 -0800 (PST) Received: (qmail 4263 invoked by uid 510); 7 Jan 2002 09:23:39 -0000 Received: from n15.groups.yahoo.com (216.115.96.65) by all.net with SMTP; 7 Jan 2002 09:23:39 -0000 X-eGroups-Return: sentto-279987-4221-1010395395-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.189] by n15.groups.yahoo.com with NNFMP; 07 Jan 2002 09:22:47 -0000 X-Sender: toby.kohlenberg@intel.com X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 7 Jan 2002 09:23:15 -0000 Received: (qmail 4081 invoked from network); 7 Jan 2002 09:23:14 -0000 Received: from unknown (216.115.97.167) by m3.grp.snv.yahoo.com with QMQP; 7 Jan 2002 09:23:14 -0000 Received: from unknown (HELO hermes.fm.intel.com) (192.55.52.18) by mta1.grp.snv.yahoo.com with SMTP; 7 Jan 2002 09:23:14 -0000 Received: from petasus.fm.intel.com (petasus.fm.intel.com [10.1.192.37]) by hermes.fm.intel.com (8.11.6/8.11.6/d: outer.mc,v 1.28 2002/01/02 21:40:45 root Exp $) with ESMTP id g079MqV02848 for <iwar@onelist.com>; Mon, 7 Jan 2002 09:22:53 GMT Received: from fmsmsxvs040.fm.intel.com (fmsmsxv040-1.fm.intel.com [132.233.48.108]) by petasus.fm.intel.com (8.11.6/8.11.6/d: inner.mc,v 1.11 2001/11/09 23:28:01 root Exp $) with SMTP id g079MuS27897 for <iwar@onelist.com>; Mon, 7 Jan 2002 09:22:56 GMT Received: from FMSMSX017.fm.intel.com ([132.233.42.196]) by fmsmsxvs040.fm.intel.com (NAVGW 2.5.1.16) with SMTP id M2002010701223914760 ; Mon, 07 Jan 2002 01:22:39 -0800 Received: by fmsmsx017.fm.intel.com with Internet Mail Service (5.5.2653.19) id <CHYFYWG2>; Mon, 7 Jan 2002 01:23:08 -0800 Message-ID: <B6E52B5EDFAFD411BA42009027AE9D5816258643@FMSMSX39> To: secedu@yahoogroups.com, iwar@yahoogroups.com X-Mailer: Internet Mail Service (5.5.2653.19) From: "Kohlenberg, Toby" <toby.kohlenberg@intel.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 7 Jan 2002 01:23:07 -0800 Subject: RE: [iwar] Solicitation for stupid things you have heard. Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit All opinions are my own and in no way reflect the views of my employer. None of the statements below come from my current place of employment. Channeled from a previous life: "There's nothing on our servers that would be valuable to anyone but us" "There's no reason to lock the systems at night, our offices are secure enough" "Why waste money on intrusion detection? We've never had (seen) a compromise or even an attack" "I think we're not really a target, we stay below the radar" (even though they do most of their business online and have multiple T1s and dial-in lines) "This is the way we've always done it! We've never been hurt by it before." "There are other problems in the environment that are just as bad, why fix this one?" "This is just a temporary solution, it won't be permanent, it's okay that it isn't secure" (Toby's rule; There are no "temporary" solutions. The first thing deployed is frequently the _only_ thing deployed) "There's no need to monitor the system! I did my job right when I installed the box!" Toby > -----Original Message----- > From: Fred Cohen [mailto:fc@all.net] > Sent: Sunday, January 06, 2002 8:29 AM > To: secedu@yahoogroups.com; iwar@onelist.com > Subject: [iwar] Solicitation for stupid things you have heard. > > > I want to solicit the list members of these forums to help me with an > article I am writing for Managing Network Security. I > extract here from > the current draft beginning of the article in the hopes that those of > you who are interested will provide the raw material I need... > > ------------- > I have heard many decision makers and executives say things that went > unchallenged even though they were dead wrong. the reason they went > unchallenged varried with the situation, but I think there are three > basic areas of rational. (1) The person they were talking to > perceived > themselves as less powerful and did not wish to offend, (2) the person > they were talking to did not know the facts and simply bought into the > misimpression of the more senior person without questioning it, or (3) > the person they were talking to was afraid of offending the executive > because they wanted something from the executive and figured you go > along to get along. > > Well, I don't perceive myself as less powerful than anyone, I > know some > of the facts, and the chances of my getting any money from anyone like > that are so poor that I have nothing to lose. So I am going > os a brief > crusade this month fighting the stupid things I have heard high-level > people say about security issues, particularly those who were believed > by others and whose expressions found their way into > widespread belief. > > Of course to really do this well, I need a list of the ten most stupid > things people have said so I can trash them. Of course to really do > this well, I need a list of the ten most stupid things people > have said > so I can trash them. Rather than come up with my own list, I have > decided to ask others to list the ones they have heard, and I will > sprinkle in one or two of my favorites along the way. > ------------- > > Please feel free to respond directly to me (fc@all.net) or to the list > (if you want the list members angry at you). > > FC > --This communication is confidential to the parties it is > intended to serve-- > Fred Cohen Fred Cohen & > Associates.........tel/fax:925-454-0171 > fc@all.net The University of New > Haven.....http://www.unhca.com/ > http://all.net/ Sandia National > Laboratories....tel:925-294-2087 > > > ------------------------ Yahoo! Groups Sponsor > ---------------------~--> > Sponsored by VeriSign - The Value of Trust > Pinpoint the right security solution for your company - FREE > Guide from industry leader VeriSign gives you all the facts. > http://us.click.yahoo.com/pCuuSA/WdiDAA/yigFAA/kgFolB/TM > -------------------------------------------------------------- > -------~-> > > ------------------ > http://all.net/ > > Your use of Yahoo! Groups is subject to > http://docs.yahoo.com/info/terms/ > > ------------------------ Yahoo! Groups Sponsor ---------------------~--> Tiny Wireless Camera under $80! Order Now! FREE VCR Commander! Click Here - Only 1 Day Left! http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:02 PST