From jericho at attrition.org Mon Mar 22 14:04:34 2004 From: jericho at attrition.org (security curmudgeon) Date: Mon Mar 22 14:04:39 2004 Subject: [attrition] Changes to this mail list and some AOL postal mail! Message-ID: First, this list is changing from a majordomo list to a mailman based list. It should be transparent to everyone on the list, but if anything odd happens don't panic (yet). If you want to leave this glorious list, you should be able to unsubscribe by visiting the mailman web page at http://www.attrition.org/mailman/listinfo/attrition or mailing attrition-unsubscribe@attrition.org with the usual "unsubscribe" babble. Now, since you were forced to endure that long message, two great AOL unsubscribe mails for the postal collection, one with a picture! You can see exactly what one of these AOL unsubbers looks like! Criscowebb@aol.com - "cancel my account" http://www.attrition.org/postal/z/028/0631.html Cammydapimpette@aol.com - "i guess ill stay.." http://www.attrition.org/postal/z/028/0635.html And yes. we convinced one to keep using the free service! We're so nice. From jericho at attrition.org Mon Mar 22 14:18:22 2004 From: jericho at attrition.org (security curmudgeon) Date: Mon Mar 22 14:18:24 2004 Subject: [attrition] Article: The Joke Known As Federal IT Security Oversight (fwd) Message-ID: The Joke Known As Federal IT Security Oversight Richard Forno www.infowarrior.org 17 March 2004 Copyright (c) 2004 by Author. Permission granted to reproduce with credit. Source w/in-line URLs: http://www.infowarrior.org/articles/2004-07.html. Over the past several years, various Washington entities, from the General Accounting Office to assorted Congressional committees, conducted surveys and issued reports on the state of the federal government's information security posture. In each case, with few exceptions, the findings range from the scathing to the downright embarrassing, and remain essentially unchanged since the mid-1990s. Like any other issue involving government oversight, this process has become an annual Washington tradition - the reports are released; there's back-and-forth blather in Congress about how we need "to do more" to secure our federal networks; agency leaders and CIOs are called to testify on the Hill; some more blather, and perhaps a piece of legislation is introduced and dies before reaching the floor; and then the issue recedes into digital memory until next year's survey results are released -- and the process begins anew, with little or nothing really changing. It's no different than our annual visit to the dentist. We know he's going to admonish us to brush more and cut out the sweets, and we know that we're going to be embarrassed or uncomfortable as he tells us this to our face and makes notes in our patient file, but we endure it year after year, because it's something we have to do for good oral hygiene. Of course, we ignore his advice because it's inconvenient and, besides, candy is a tastier snack than celery. This seems to be the approach taken by the majority of the federal government when dealing with the security of federal information systems.... < - snip - > http://www.infowarrior.org/articles/2004-07.html