LISTSERV - HP3000-L Archives

HP3000-L Archives

September 2004, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 2004, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: HP3000 Hackers
From:	John Lee <[log in to unmask]>
Reply To:	John Lee <[log in to unmask]>
Date:	Wed, 1 Sep 2004 11:48:07 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

Interesting you bring this up, as I just had a meeting this morning with a
large company about their IT security and some software that I represent.
The head of IT said that his biggest fear is the inside job, and more so,
people carrying data out on floppy, digital pen, etc, that he has little if
any control over or knowledge of.  He said his sister works for the
National Security Agency and that is one of their primary concerns, also.
We both surmised that certain government employees probably get physically
searched upon leaving work everyday.  Is anyone aware of physical searches
in the private sector?

John Lee
Vaske Computer Solutions



The At 09:23 AM 9/1/04 -0700, Dave Oksner wrote:
>On Wed, Sep 01, 2004 at 08:52:40AM -0700, Emerson, Tom wrote:
>> > -----Original Message-----
>> > Behalf Of Art Bahrs
>> >
>> >     Second, the biggest threat to any computer system
>> > (regardless of OS or hardware) is a brute force attack...
>>
>> Did you mean that as your second point, or the second biggest threat? :)
I've heard that the "biggest" threat is "the inside job", i.e., someone who
already HAS a legitimate logon going outside their abilities [and usually
for nefarious purposes -- if they go beyond their limits, but for the
reason "to fix problem x...", the event gets swept under the rug and nobody
thinks of it as "a breach"]
>
> I've always heard that the biggest threat is "Social Engineering" (also
>sometimes described as "rubber hose cryptanalysis).
>
>There's almost always someone you can get ahold of who will not only give
>you their password, but not understand why it was the wrong thing to do.
>There are so many people who will trust you if you say you're from "IT" (or
>whatever sounds appropriate) and you sound confident.  Kind of the phone call
>equivalent of "always carry a clipboard."
>
>Dave
>
>--
>+---------------David Oksner-----http://www.case.net/----------------+
>|In the force if Yoda's so strong, construct a sentence with words in|
>|the proper order then why can't he?                                 |
>[log in to unmask]
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU