Re: [ga] user security

[Jeffrey Williams <jwkckid2@xxxxxxxxx>]

Matt and all,

  Thank you for reading and responding.  I'll answer your questions
intersersed below

On Mon, Apr 23, 2012 at 2:53 AM, Matthew Pemble <matthew@xxxxxxxxxx> wrote:

> On 21 April 2012 13:15, Jeffrey Williams <jwkckid2@xxxxxxxxx> wrote:
>
>
>> Recent in depth review an research conducted by my organization and two
>> others has yet again
>> revealed
>>
>
> Is this published research? Or are we expected to take your word for it?
>

  There are a number of recently published research and E-evidence
discovery documents that outline
this other than the ones I participated in that can easily be found doing
simple searches.  If you need them
specifically I will be happy to provide same.  Sans did one for instance.

>
>
>> that many frequently accessed websites/domains remain entirely or
>> significantly insecure
>>
>
> What do you mean by that? "Insecure" is a rather broad sweep across a wide
> range of technical and procedural areas.
>
Insecure in my intended context means that there are significant exposures
that are dangerous to common
every day accesses by users.

>
> And, then, "entirely insecure" is a very strong statement from you,
> without any justification presented.
>
Good point, I should have provided some better definition.  These are sites
that have no DNS security
what so ever and/or sites that have no IPSEC security, and/or to not have
HTTPS or packet security
of any kind.

>
>
>> and therefore unsafe as unsuspecting users are unsuspectingly exposed to
>> potential and various
>> sorts of harm.
>>
>
> And the conclusion is weak because the assumptions, findings, whatever are
> not only unjustified but actually undocumented.
>
They are not undocumented,  The documentation is readily available but not
well known or under emphasized.

>
>
>>  This study and subsequent report has been requested by various and
>> numerous
>> private sector and public sector parties for reference ect. purposes.
>>
>
> That would be nice.
>
ICE and the Secret Service amongst other nations equivelents public
sector's or government sectors relevent
agencies have published some of these reports or have renditions of same
avaliable for public consumption.
However like many other public sector entities getting the word out
regarding same is not well done IMPO.  FWIW,
I also took note that ICANN's DSSA working group still hasn't been very
forthcoming or is significantly
unaware in this subject/issue area as well.  That is more than a bit
troubling.

>
> M.
>
>
> --
> Matthew Pemble
> Technical Director, Idrach Ltd
>
> Mobile: +44 (0) 7595 652175
> Office: + 44 (0) 1324 820690
>

respectful regards,
Jeffrey A. Williams
"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 4/18/12
CISO
Phone: 214-245-2647