Re: [ISN] Re: UNSUBSCRIBE isn "Jay D. Dyson" <jdysonat_private>

From: InfoSec News (isnat_private)
Date: Wed May 22 2002 - 01:40:16 PDT

  • Next message: InfoSec News: "[ISN] Hundreds of law enforcement, media outlets receive computer virus from forged State Department e-mail address"

    Forwarded from: Richard Forno <rfornoat_private>
    Cc: Jay Dyson <jdysonat_private>
    I've got to agree with Jay here. This is one reason why I got out of
    the 'hands-on" product-oriented (or 'operational' side of the)
    security business -- I found it to be a stressful, frustrating and
    ultimately unrewarding area....we'd go in, effect changes, draft
    policy, etc, etc, etc. and the client would still do whatever they
    wanted. Further, as a former CISO, trying to get security implemented
    at the executive levels was like pulling teeth from a rabid
    The industry and government talks about the need for increased
    computer security measures and spending, yet nearly everything
    implemented is for future threats and long-term projects (eg, college
    training in security), instead of spending on actions that will deal
    with the known exploits/problems of the HERE and NOW. When they DO
    discuss industry-wide security strategies (such as the just-announced,
    high-priced membership in the Secure Software Engineering initiative
    at CMU, or the equally-priced Internet Security Alliance) it's only
    done with the best interests of large companies in mind - those with
    deep financial resources - despite what is said to the public. Little
    security firms, the open source community, and those who actually have
    a clue about security are often left in the dust. The goal, is to
    consolidate the knowledge of security issues in the hands of the
    controlling minority, and enact a culture of 'security through
    obscurity' -- indeed, operating under the Orwellian premise "your
    ignorance is our power."
    Nobody wants to talk about implementing REAL information systems
    security, since doing so would mean someone has to accept
    responsibility for the current state of affairs, plus it means rocking
    the status quo boat to implement needed change. In Washington - in
    America, for that matter - neither of these actions are held in high seems that (unlike in Truman's days) passing the buck
    and following the collective groupthink (despite the negative
    consequences) is the American Way. The People don't rule, the Sheeple
    DMCA, SSSCA, CBDTPA, and other looney laws (real and proposed) further
    demonstrate that only those with campaign dollars have any influence
    in designing effective technology law. In the case of CBDTPA,
    Hollywood (averaging about $15B/year or so) wants to rewrite the $500
    billion/year technology business just to save their failing and
    outdated industrial-age business models. The result is a legal
    clusterfsck, which makes the lawyers happy, and alienates the majority
    of law-abiding net users, treating us all as potential criminals (soon
    to be indentured corporate servants) instead of valuable customers.
    Until folks of the "Net Generation" - my contemporaries of GenX and
    later who are comfortable with technology and the Information Age -
    move into national corporate and elected leadership positions,
    enacting technology policy balanced for all sides will continue to be
    biased heavily toward the profiteering interests of special interest
    groups and Industrial Age cartels.
    Until this collossal demonstration of national and social cognative
    dissonance is remedied, Jay's comments are correct - we're in a
    "Matrix"-esque world where FUD, illusion, deception, and consolidated
    entities (government and commercial) have most of the power in the
    technology world. Unfortunately, few in any position of national
    influence want to take the "Red Pill" and see exactly how fscked-up
    things really are in the technology society, being content to swallow
    the vendor-provided "Blue Pills" showing a narrow (but
    corporate-centric) view of the technology society and its associated
    Anyone who's read my column @ Securityfocus or will
    see I've been saying this for years.
    Thus, I fear we'll continue seeing increased frustration by the
    security and IT communities, more goofy laws and lobbying, and an
    endless series of worms, virii, trojans, exploits, buffer overflows,
    snake-oil security solutions, FUD, and more, particularly since nobody
    cares about holding vendors financially, criminally, or civilly
    accountable for their products and their many recurring 'features'
    that plague the wired world.
    In the meantime, to kick-off your hiatus, hoist a triple-shot latte
    for me, Jay - and have fun!!!!
    > Hash: SHA1
    > On Mon, 20 May 2002, William Knowles wrote:
    >> I see that you signed off the ISN list, and I am VERY curious why?
    > Look over the last four years.  In all that time on this and every
    > other security list, what difference has been made in railing against the
    > FUD, waste and general idiocy of the commercial and government sector with
    > respect to computer and network [in]security?  The answer: none.
    > DMCA passed, SSSCA is coming, and it's just going to get worse
    > from there.  You think the government or the industry gives a rat's @ss
    > about what a bunch of open-source advocates think?  Guess again.  We've
    > been marginaziled for decades, criminalized for years, and all the days
    > that have been used fighting against it have been a waste.  A pure,
    > f*cking, unadulterated waste.
    > Given enough time and discouragment, anyone can see when it's time
    > to stop fighting the tide and get the f*ck off the beach.  I've
    > reached just that time.
    > And you can quote me on that.
    > - -Jay
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.0.7 (TreacherOS)
    > Comment: See for current keys.
    > iD8DBQE86a6vGI2IHblM+8ERAlXFAJ4vRyyn6Z+MKsiQZhtksYox3hd2FACfbQmo
    > wZGQIuTf3FAUHBrVaeUsXgo=
    > =cqBf
    > -----END PGP SIGNATURE-----
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed May 22 2002 - 04:13:51 PDT