The Higher Regional Court now has ruled that blocking email by content is unlawful as it is considered confidential in German law. Blocking is only allowed when, say, a viral attack is imminent. The implications of the ruling aren’t yet fully clear. Whether the Higher Regional Court has unintentionally legalised spam (which frequently is filtered by content) remains to be seen.
On Tue, 18 Jan 2005 14:31:39 EST, “Sigmon Cheri Y Civ 82 CSS/SCPD :: Software Dev” said:
Item: The “ongoing” debate among choices of open source vs. proprietary (all companies’) solutions, not just the major players in the industry.
I’m certain you’ve seen similar situations… where there are groups of people who are very opinionated one way or the other. My concern is the best solution(s) security-wise, regardless of the source. Any comments? From a broad-brush perspective?
Define “best”.
Most secure, no matter *how* hard it is to use? There’s some pretty bad-ass MLS systems available - and they’re often a royal pain to *do* anything (because you keep finding you can’t easily get around some compartmentalization feature that’s intentionally getting in your way). This one’s easy. Turn it off, encase it in a large concrete block, and dump it into the Marianas Trench. Quite secure, but not very useful. (Apply some thermite along the way if you’re *really* paranoid).
.
:
Remember that security is a process, and a balancing act. Let’s say your security budget is S, the cost of an incident is C, and the likelyhood of an incident is P. If you can make S = C*P, you have perfect security (if S is greater, you’re spending too much, and if S is lower, you could still save money by increasing S). Those of you who want to model multiple events and costs can generalize it to a summation across all C(sub n)*P(sub n).
The really mathematically astute will realize that (a) if you’re bothering with the summation, the function quite possibly has multiple local maximums and minimums, and (b) the exact location and value of said inflection points of the curve depend on coefficients that are basically non-measurable, and you’re left making educated guesses (”What’s the % chance per year of compromise of a fully patched Windows box with an idiot user, and the %chance for a box that’s missing some patches, but has a user who doesn’t click on every “ooh shiny?” and the ever-favorite “What’s the least costly (money, people time, political brownie points) way to convince a particular Very Important Butthead to buy in to a specific proposal, or should we just punt and do things some way that V. Butthead will go along with?”)
.
:
Read more at SecProg@SecurityFocus.com.
A “jump bag” is a collection of critical items you might need during crisis response when an attacker invades your network. It should contain these items:
A jump bag is not only needed when an attacker invades my network but for any critical situation — for example, when one partition in my fiance’s hard drive crashed few days ago and she has many imporant data for almost 18GB.
At that time, I have no tools in hand, so approx. I took 3 hours to recovery the data (~45 minutes spent to search the proper recovery software). After that incident, I realize how important having a jump bag and thinking to have one near future.
who links here | Get free blog up and running in minutes with Blogsome | Theme designs available here| login