[dns-operations] DNS Issue
vjs at rhyolite.com
Fri Apr 26 16:09:31 UTC 2013
> From: Jared Mauch <jared at puck.nether.net>
> Because someone told them the wrong thing and they don't know any
> difference. Just because they're an auditor doesn't mean they are
> clued. Simple thing would be to show them a dns query that requires
> tcp, such as:
Would you show anything to a doctor prescribing bloodletting to cure
what ails you or would you quietly leave? (except for lab work)
Someone who let a financial auditor with equivalent ignorance about
the fundamentals of bookkeeping near the company's books (not to
mention hiring) would fear being fired or indicted as an accessory.
If your boss or boss' boss' boss etc. hired an equivalent to audit
the company books, you'd infer the worst and start looking for a
new job while the banks are still cashing your paychecks.
The same should apply to network security quacks. Bogus security
audits or auditors might not signal as much about your paychecks as
bogus financial audits, but they do signal coming security disasters
that probably won't help your career.
Vernon Schryver vjs at rhyolite.com
More information about the dns-operations