RE: [ISN] Infosec means NOTHING to Joe SixPack

From: InfoSec News (isnat_private)
Date: Thu Aug 15 2002 - 23:16:55 PDT

  • Next message: InfoSec News: "Fwd: Re: [ISN] Security flaw found in Microsoft Web browser"

    Forwarded from: Jabberwocky <jabberwockyat_private>
    I'm not sure if this is the correct way to respond to this, but...
    It's not about computer security. It's about information security.
    Computers are not what we are protecting. It's the information.
    "Computer Security" is a term given by people who don't understand.
    The public has never, ever, valued information. Because they are
    uninformed. How can they value something that they've never held, or
    dealt with? Information is probably one of the most key things to
    modern life, and hell, its been important since the beginning of time.
    Even the Greeks used cryptography. Hiding information, hiding troop
    movements, hiding your intentions, has been a part of diplomacy and
    relations sine the invention of language.
    It is an abstract field of work. The things we deal with are not
    really that easily understood by someone who doesn't think like we do.
    "Computer security" is just a subset of information security. Will
    information security win or lose wars on its own? Never. Will it ever
    swing the tide one way or the other? Possibly.
    The whole cyber-terrorism thing is an overused cliché being thrown
    around by "computer security" experts looking for work. We don't have
    to worry (much) about mass DDoS attacks against root DNS servers,
    defacements, things like that.
    What we have to worry about is a repeat of Cuckoos Egg like incidents.
    Its not war, and its not hacking. Its espionage. Spies have never had
    great importance to the general public, and they most likely never
    will. When information security people realize that they'll never have
    their moment in the spotlight and just go back to making sure the
    enemy isn't reading "secure" transmissions from the CONUS to overseas
    military bases, people can forget about us and we can go back to work.
    Andrew Ruef
    -----Original Message-----
    From: owner-isnat_private [mailto:owner-isnat_private] On Behalf
    Of InfoSec News
    Sent: Wednesday, August 14, 2002 5:37 AM
    To: isnat_private
    Subject: [ISN] Infosec means NOTHING to Joe SixPack 
    Forwarded from: Rob Rosenberger <junkmailat_private>
    I uploaded the audio from my opening keynote last week at CERT
    2002.  Two MP3 files, 55:25 total time:
       Part 1: "You mean NOTHING to Joe SixPack"
       Part 2: "Security experts need to lighten up"
               followed by a Q&A session
    I've wanted to do a keynote like this for a looooong time.  I've
    wanted to put computer security experts in their place by telling them
    just how little they mean to Joe SixPack.  You'll notice I start out
    with comedy & laughter ... but the giggles slowly dissolve as I
    venture toward Joe SixPack's preoccupation with physical terrorism
    after 9/11.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 02:28:01 PDT