[Esa-l] Anyone have a comprehensive webmail URI list?
Egan
egan at sevenkings.net
Sun Aug 26 04:58:25 PDT 2001
>...and any lock can be picked, or cut apart, or blown open, or simply
>bypassed. None of this is intended to make it impossible, or to stop
>someone who is determined and technically capable. It is meant to make
>casual use of webmail services difficult and thus discourage casual
>(or ignorant) disregard of stated security policy.
Very true.
It's technically possible to break into a bank vault at 3am on a
weekend if you have the right skills and equipment. But how many
people will try?
>Question: would you set up your ssh tunnel if your company's security
>policy stated you'd be fired if it was discovered?
>Most likely I'd not set up a tunnel if my job hung in the balance.
>I, however, set the security policy at my company, so I can do as I
>please. Scary isn't it? :)
In my experience, very few organizations have security policy
determined by technical staff who have a mentality that "anything
goes, as long as *I* like it."
In other environments, which represent the vast majority, technical
deterrents will make company policy more effective, not less.
Egan
More information about the esd-l
mailing list