[Esa-l] Anyone have a comprehensive webmail URI list?

Egan egan at sevenkings.net
Sun Aug 26 04:58:25 PDT 2001


>...and any lock can be picked, or cut apart, or blown open, or simply
>bypassed. None of this is intended to make it impossible, or to stop
>someone who is determined and technically capable. It is meant to make
>casual use of webmail services difficult and thus discourage casual
>(or ignorant) disregard of stated security policy.

Very true.

It's technically possible to break into a bank vault at 3am on a
weekend if you have the right skills and equipment.  But how many
people will try?


>Question: would you set up your ssh tunnel if your company's security
>policy stated you'd be fired if it was discovered?

>Most likely I'd not set up a tunnel if my job hung in the balance.
>I, however, set the security policy at my company, so I can do as I
>please.  Scary isn't it? :)


In my experience, very few organizations have security policy
determined by technical staff who have a mentality that "anything
goes, as long as *I* like it."

In other environments, which represent the vast majority, technical
deterrents will make company policy more effective, not less.


Egan



More information about the esd-l mailing list