From afife at untangle.com Fri Aug 1 14:20:04 2008 From: afife at untangle.com (Andrew Fife) Date: Fri, 1 Aug 2008 14:20:04 -0700 (PDT) Subject: Installfest for Schools (Next Week) Message-ID: <012f01c8f41c$5d84e030$188ea090$@com> Hi Folks: This is a quick reminder that the Installfest for Schools in taking place on the expo floor at LinuxWorld next week (Tuesday, Wednesday & Thursday). We've got an ambitious goal of refurbishing 1,000 older/discarded computers with GNU/Linux for schools and we need all the help we can get. Here's how you can lend a hand: 1)Help install GNU/Linux (Ubuntu, Xubuntu, Edubuntu or gNewSense) 2)Help breakdown bad computers to identify reusable parts 3)Donate your old computer[1] -- ACCRC will have a collection booth and can provide tax deductable receipts 4)Know a school that needs computers and is willing to try GNU/Linux desktops? Please tell us here: http://www.untangle.com/index.php?option=com_collect&task=installfestNomin ate&Itemid=1426 Also, I'm pleased to announce a little help from our friends... Mozilla and Canonical/Ubuntu are donating schwag for installfest volunteers. Creative commons has packaged CC licensed and Ogg formatted multi-media content that will be placed on each system. And No Starch Press has made another extremely cool donation of a PDF copy of "Ubuntu for non-Geeks" for EVERY computer... What a great resource for newbies! Why the installfest is cool: 1)Digital Divide: Helps get computers to children/schools in need 2)F/OSS Outreach: Helps expose new users to Free & Open Source Software 3)Environment: Helps divert thousands of pounds of toxic electronic waste from the landfill 4)Community: Is a great cause to bring the community together around Lastly, don't forget to register for the LinuxWorld Expo. The passes are free if you register in advance, but $50 onsite. Register here: https://register.rcsreg.com/regos-1.0/lnsf2008/ga/index2.html Learn more about the installfest here: http://www.untangle.com/installfest Thanks so much for your help! -Andrew References & Notes: [1]PIII and newer systems will be refurbished with Ubuntu for schools. Older systems will be recycled properly by the ACCRC. Here is a writeup of the first event: http://lwn.net/Articles/273770/ and here are some pictures: http://www.untangle.com/index.php?option=com_content&task=view&id=355&Item id=139 -- Andrew Fife Untangle - The Open Source Network Gateway www.untangle.com/download 650.425.3327 desk 415.806.6028 cell -------------- next part -------------- An HTML attachment was scrubbed... URL: From rick at linuxmafia.com Fri Aug 1 17:37:50 2008 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 1 Aug 2008 17:37:50 -0700 Subject: BIND recursive resolver exploit? In-Reply-To: <20080729075134.GO10437@linuxmafia.com> References: <20080722204535.GG13924@bunrab.catwhisker.org> <1216767365.6608.29.camel@largo.maxsp.local> <20080729075134.GO10437@linuxmafia.com> Message-ID: <20080802003750.GA31442@linuxmafia.com> I wrote: > The obvious way to protect resolver libraries against even that much of > a threat is to have /etc/resolv.conf point to a _local_ > recursive-resolver nameserver via 127.0.0.1, and ensure that the > nameserver software package is one that randomises _its_ source ports > for recursive-resolver queries: BIND9's July 8th "P1" patches, djb's > dnscache, PowerDNS Recursor, MaraDNS, or Unbound. After re-researching this matter for the impending August issue of _Linux Gazette_, I still ended up with that same list, and detailed them briefly in a sidebar as follows: o BIND9: The only one yr. humble servant has used extensively. Maddeningly slow, bloated, overfeatured monolithic binary (optionally doing all other conceivable types of nameservice, as well). Cryptic and brittle (but "standard", for better or worse) configuration and zonefile formats. o Unbound: By design, excellent in all areas where BIND9 is lackluster. The only obvious problem is that it's brand-new -- which, in security-sensitive code, is a point of concern. o PowerDNS Recursor: Dedicated recursor component (newly made available separately) of the respected do-it-all PowerDNS package. Probably requires a SQL database for back-end storage. Fast. PowerDNS as a whole -- but I'm not sure how much of this applies to the separately packaged recursor -- is somewhat bloated, has an over-large tree of required libraries and other dependencies), and has a fair (but not stellar) reputation for security. o dnscache: Dan Bernstein's caching recursive-resolver, part of the djbdns suite, and the first to randomise source ports as a security precaution. Eccentric style of coding and operation. (Let me just leave it at that.) Unsurpassed security history. Said to be a bit of a challenge to set up, and at present you must immediately patch it to compensate for Dan not having maintained it since 2001. Has problems resolving some domains (such as Akamai), and in general is by design a bit underfeatured, which accounts in part for both its superb security history and its problem areas. o MaraDNS: Lightweight, fast, and well-maintained. Like BIND9, does all conceivable DNS roles, but without the bloat. Excellent security. From guy at extragalactic.net Tue Aug 5 00:50:59 2008 From: guy at extragalactic.net (Guy B. Purcell) Date: Tue, 5 Aug 2008 00:50:59 -0700 Subject: Good DSL routers Message-ID: Hi All, My DSL router (a seven year old Zoom ADSL X5) has been getting flakier & flakier for the past few weeks, culminating in losing link on all its built-in switch ports this afternoon. Although it's back to "normal" now, I think it's troubles are heat related & expect it to go nuts again every time the temperature goes over the mid-70s or so here--so I need a new router. What do y'all recommend (or recommend I stay away from)? I have a routed IP over ATM circuit. Thanks, -Guy From pozar at lns.com Tue Aug 5 07:51:09 2008 From: pozar at lns.com (Tim Pozar) Date: Tue, 05 Aug 2008 07:51:09 -0700 Subject: Good DSL routers In-Reply-To: References: Message-ID: <489868DD.20300@lns.com> A cisco 1720 with a aDSL WIC can be had for less than $100 on eBay. You can do things like QoS, NAT, etc. All the things you would want and learn cisco IOS. :-) Tim Guy B. Purcell wrote: > Hi All, > > My DSL router (a seven year old Zoom ADSL X5) has been getting flakier & > flakier for the past few weeks, culminating in losing link on all its > built-in switch ports this afternoon. Although it's back to "normal" > now, I think it's troubles are heat related & expect it to go nuts again > every time the temperature goes over the mid-70s or so here--so I need a > new router. What do y'all recommend (or recommend I stay away from)? I > have a routed IP over ATM circuit. > > Thanks, > > -Guy -- 1978 45th Ave / San Francisco CA 94116 / USA // POTS: +1 415 665 3790 GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 "Oh, dad, we're all devo!" - Booji Boy -------------- next part -------------- A non-text attachment was scrubbed... Name: pozar.vcf Type: text/x-vcard Size: 318 bytes Desc: not available URL: From rob.markovic at gmail.com Tue Aug 5 16:37:17 2008 From: rob.markovic at gmail.com (Robi) Date: Tue, 5 Aug 2008 16:37:17 -0700 Subject: Good DSL routers In-Reply-To: References: Message-ID: <97a9d8c80808051637l53d378fey4c441041ffe7003b@mail.gmail.com> One thing to try is to clean it well. After years of sitting around I'm sure it has a bunch of dust caked up inside. If it has any heat radiating surfaces, those would be the ones to clean. Also having it in a different orientation so that heat escapes away from the unit instead of building up inside, can help. Then again with age, some chips get unhappy and give up the magic smoke. If any ol' DSL modem will do I'm sure we have a bunch just laying around. I'll check my stash. -- Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From pmui at groundworkopensource.com Tue Aug 5 16:41:01 2008 From: pmui at groundworkopensource.com (Peter Mui) Date: Tue, 5 Aug 2008 16:41:01 -0700 Subject: Reminder: Monitoring SIG BoF and Banquet -- Tomorrow! Message-ID: Hi: Just a friendly reminder of tomorrow's (Wednesday 8/6's) BayLISA Monitoring SIG BoF and Banquet. You might still be able to register for a free exhibits pass on site by using GroundWork Open Source's Priority Code VPL712. You don't need a pass to come to the banquet but please do RSVP to me. 1) Wednesday, Aug 6, 6PM IT Monitoring BoF (BoF 17) 2) Wednesday, Aug 6, 7:30PM Meet-n-Greet Reception and Dinner at Henry's Hunan, 110 Natoma 1) IT Monitoring BoF Wednesday, 6PM (BOF17) BOF17: Common Mistakes when Installing or Configuring OSS Monitoring Tools Wednesday, Aug 6 2007, 6:00 PM - 7:00 PM (Notes: 1) You only need a free exhibits pass to attend this BoF 2) This BoF is immediately followed by (2) below) ================================================================== 2) What: BayLISA Monitoring SIG XVI: LinuxWorld Meet-n-Greet Reception featuring 1) Special Guests Cacti Development Team and 2) Ganglia Project v 3.1 Release Celebration Who: Anyone interested in IT monitoring issues and tools (newbies particularly welcome!) When: Wednesday, August 6, 7:30 PM Where: Henry's Hunan Chinese Restaurant, 110 Natoma St. (Between 2nd and New Montgomery -- Near Moscone) (415) 546-4999 How: Attend the BoF from 6-7, and then come to the reception. Cost: Free, but RSVP mandatory (see below) RSVP: Email Peter Mui, pmui at groundworkopensource.com ================================================================== Let me know if you have questions, hope to see you tomorrow! -Peter Peter Mui, Community Director GROUNDWORK Open Source, Inc. 139 Townsend Street, Suite 100 San Francisco, CA 94107-1946 +1 415 992 4573 pmui at groundworkopensource.com www.groundworkopensource.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From pmui at groundworkopensource.com Tue Aug 5 16:41:01 2008 From: pmui at groundworkopensource.com (Peter Mui) Date: Tue, 5 Aug 2008 16:41:01 -0700 Subject: Reminder: Monitoring SIG BoF and Banquet -- Tomorrow! Message-ID: Hi: Just a friendly reminder of tomorrow's (Wednesday 8/6's) BayLISA Monitoring SIG BoF and Banquet. You might still be able to register for a free exhibits pass on site by using GroundWork Open Source's Priority Code VPL712. You don't need a pass to come to the banquet but please do RSVP to me. 1) Wednesday, Aug 6, 6PM IT Monitoring BoF (BoF 17) 2) Wednesday, Aug 6, 7:30PM Meet-n-Greet Reception and Dinner at Henry's Hunan, 110 Natoma 1) IT Monitoring BoF Wednesday, 6PM (BOF17) BOF17: Common Mistakes when Installing or Configuring OSS Monitoring Tools Wednesday, Aug 6 2007, 6:00 PM - 7:00 PM (Notes: 1) You only need a free exhibits pass to attend this BoF 2) This BoF is immediately followed by (2) below) ================================================================== 2) What: BayLISA Monitoring SIG XVI: LinuxWorld Meet-n-Greet Reception featuring 1) Special Guests Cacti Development Team and 2) Ganglia Project v 3.1 Release Celebration Who: Anyone interested in IT monitoring issues and tools (newbies particularly welcome!) When: Wednesday, August 6, 7:30 PM Where: Henry's Hunan Chinese Restaurant, 110 Natoma St. (Between 2nd and New Montgomery -- Near Moscone) (415) 546-4999 How: Attend the BoF from 6-7, and then come to the reception. Cost: Free, but RSVP mandatory (see below) RSVP: Email Peter Mui, pmui at groundworkopensource.com ================================================================== Let me know if you have questions, hope to see you tomorrow! -Peter Peter Mui, Community Director GROUNDWORK Open Source, Inc. 139 Townsend Street, Suite 100 San Francisco, CA 94107-1946 +1 415 992 4573 pmui at groundworkopensource.com www.groundworkopensource.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From afife at untangle.com Mon Aug 18 11:48:04 2008 From: afife at untangle.com (Andrew Fife) Date: Mon, 18 Aug 2008 11:48:04 -0700 (PDT) Subject: BALUG Tomorrow =3D Chris Dibona Message-ID: <017f01c90162$f2432800$d6c97800$@com> A non-text attachment was scrubbed... Name: not available Type: multipart/alternative Size: 4981 bytes Desc: not available URL: From sigje at sigje.org Wed Aug 20 11:14:03 2008 From: sigje at sigje.org (Jennifer Davis) Date: Wed, 20 Aug 2008 11:14:03 -0700 (PDT) Subject: BayLISA August Monthly Meeting - Security Message-ID: <20080820110627.M44373@slick.sigje.org> Topic: Security - Monitoring and Forensics How do we effectively monitor unauthorized access to systems and malicious authorized access? What tools are available to allow us to analyze a system post break-in? Please join us at the August monthly BayLISA meeting to discuss these topics. Location: Yahoo! Inc, Building E, Classroom 9-10 Time: 7pm-10pm Directions: http://yhoo.client.shareholder.com/press/address.cfm If driving, please park in front of Building E. Follow the directions up to the left on First Avenue. After making the left on First Avenue, turn left into the parking lot in front of Building E. Pizza and Beverages available at 7pm, meeting starts at 7:30pm. If you have any suggestions for topics for future meetings, please let us know. -- Jennifer Davis http://www.baylisa.org - BayLISA events From ahorn at deorth.org Thu Aug 21 13:59:01 2008 From: ahorn at deorth.org (Alan Horn) Date: Thu, 21 Aug 2008 13:59:01 -0700 (PDT) Subject: [IMPORTANT] Tonight's BayLISA meeting is CANCELLED Message-ID: <20080821135621.Q45892@slick.sigje.org> Hi All, Sorry for the rather short notice, but because none of the Yahoo sponsors (people who arrange to be around during the meeting) are available this evening, we're going to have to cancel tonights meeting and move it to next month instead. Websites will be updated shortly, and we'll leave a note on the door of the building to help those who miss this email and actually turn up. Cheers, Al From star at starshine.org Thu Aug 21 16:22:15 2008 From: star at starshine.org (Heather Stern) Date: Thu, 21 Aug 2008 16:22:15 -0700 Subject: [IMPORTANT] Tonight's BayLISA meeting is CANCELLED In-Reply-To: <20080821135621.Q45892@slick.sigje.org> References: <20080821135621.Q45892@slick.sigje.org> Message-ID: <20080821232215.GA3255@starshine.org> On Thu, Aug 21, 2008 at 01:59:01PM -0700, Alan Horn wrote: > > Hi All, > > Sorry for the rather short notice, but because none of the Yahoo sponsors > (people who arrange to be around during the meeting) are available this > evening, we're going to have to cancel tonights meeting and move it to > next month instead. > > Websites will be updated shortly, and we'll leave a note on the door of > the building to help those who miss this email and actually turn up. > > Cheers, > > Al > Some people I know who saw the topic and thought it juicy also thought it might be cool if people went to a nearby dinner place instead of evaporating entirely. If Indian food sounds tasty there's a Grand Indian Buffet on Lawrence @ Central which ought to be in easy reach. . | . Heather Stern | (408) 374-7623 land --->*<--- star at starshine.org - * - (408) 761-4912 cell ' | ` KG6ZYC | From lgj at usenix.org Mon Aug 25 13:59:50 2008 From: lgj at usenix.org (Lionel Garth Jones) Date: Mon, 25 Aug 2008 13:59:50 -0700 Subject: LISA '08 Registration Now Available Message-ID: <48B31D46.9000101@usenix.org> LISA '08: 22nd Large Installation System Administration Conference November 9?14, 2008, San Diego, CA LISA '08 offers in-depth training by experts such as Mark Burgess on Cfengine and David N. Blank-Edelman on Over the Edge System Administration. NEW! LISA includes training tracks on Solaris and Virtualization taught by industry leaders such as James Mauro and Richard McDougall. The comprehensive 3-day technical program includes a keynote address by Sean Dennehy of the CIA on Intellipedia; 18 refereed papers; and invited talks including plenaries by Bruce Schneier and David Wagner. Don't miss out on opportunities for in-person discussion on topics that mean the most to you. Registration is now open and the full program is available. http://www.usenix.org/lisa08 Register online by October 17 and save! From iennae at gmail.com Fri Aug 29 14:07:06 2008 From: iennae at gmail.com (Jennifer Davis) Date: Fri, 29 Aug 2008 14:07:06 -0700 Subject: Ethics and passwords Message-ID: I just saw this on Slashdot: "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords' survey, a whopping 88% of IT administrators would steal CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords if they were suddenly laid off. The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails." I can not believe the 88% number. Seriously, there are ethics about having access to information. The people I know in the field are pretty strongly willed ethically. What are people's personal ethics with regards to stealing passwords? If you have access to the information do you do this kind of thing? (maybe it's best to ask this anonymously). -- Jennifer Davis From satch at cisco.com Fri Aug 29 14:27:03 2008 From: satch at cisco.com (Steve Acheson) Date: Fri, 29 Aug 2008 14:27:03 -0700 Subject: Ethics and passwords In-Reply-To: References: Message-ID: <48B869A7.6020309@cisco.com> Well, I can answer for myself, at least, but I'm probably biased since I've been doing Infosec for the last 15 years and have always been a bit paranoid about both mine and others access... I also find that 88% number hard to swallow. Perhaps that's 88% of the people that they offered $10 for their password to that were then interviewed... It's gotta either be a typo or some bizarre demographic that they interviewed. I wouldn't bother with stealing corporate info just because I was laid off... I won't say I never would, because if someone pointed a gun at my girlfriend or had my thumbs in a screwvice I'd happily give them whatever they wanted. But, for my own ethics, I wouldn't. Whenever I leave a company, I make sure all of my accounts are deactivated and locked or deleted. I want no chance that someone could later say that I still had access and did something. My paranoia speaking again, but I've seen it happen to friends in the past, and I like to learn from other people's lessons not just my own... Plus, after spending years enabling SSH, moving to SSO, encrypting databases, PKI+SMIME, etc, I guess it would just be wrong to subvert all that work... satch Jennifer Davis wrote: > I just saw this on Slashdot: > "According to identity management firm Cyber-Ark's annual 'Trust, > Security & Passwords' survey, a whopping 88% of IT administrators > would steal CEO passwords, customer database, research and development > plans, financial reports, M&A plans and the company's list of > privileged passwords if they were suddenly laid off. The survey also > found that one third of IT staff admitted to snooping around the > network, looking at highly confidential information, such as salary > details and people's personal emails." > > I can not believe the 88% number. Seriously, there are ethics about > having access to information. The people I know in the field are > pretty strongly willed ethically. What are people's personal ethics > with regards to stealing passwords? If you have access to the > information do you do this kind of thing? (maybe it's best to ask this > anonymously). > > From iennae at gmail.com Fri Aug 29 14:50:26 2008 From: iennae at gmail.com (Jennifer Davis) Date: Fri, 29 Aug 2008 14:50:26 -0700 Subject: Ethics and passwords In-Reply-To: References: Message-ID: I think we should call out this company for an accounting of what their survey really consisted of statistically: http://www.cyber-ark.com/news-events/pr_20080827.asp They note that "Note: This survey was conducted at Infosecurity 2008- Europe's largest IT security event". Looking at the events information (http://www.infosec.co.uk/page.cfm/link=13/GoSection=4): * 12,176 visitors in 2008 * UK Visitors - 11,124 * Overseas Visitors - 1,052 * Cross over Visitors* - 1,713 * Press - 283 * 1212 visitors returned on Day 2 from Day 1, and 976 returned on Day 3 from Day 2 (total visitors really is 10463) 16% Director Level and Above (1674) 18% IS/IT Management (1883) 11% General Management (1150) 18% Technical Specialists (1883) 2% Industry Analysts/Press (209) 13% Consultant (1360) 4% Other (418) 18% Service Desk and IT Support Show Audience/Unspecified (1883) (my numbers in () and just a guesstimate from above numbers and percentages) It seriously puts down the profession as _being_ professional and makes us sound like we are mostly criminals. It isn't surprising that the company is associated with "managing" highly sensitive information. I wonder what product they are trying to sell to help companies deal with this. Friends have told me in the past, "Companies lie, don't get worked up about it. It's all part of their strategy." I think it's crap. I don't want to do business with companies that lie. This kind of lie is against the _profession_ and the people who practice that profession. Maybe USENIX/SAGE or LOPSA could put together a statistically significant survey on this subject. -- Jennifer Davis From rsr at inorganic.org Sat Aug 30 12:54:47 2008 From: rsr at inorganic.org (Roy S. Rapoport) Date: Sat, 30 Aug 2008 12:54:47 -0700 Subject: Ethics and passwords In-Reply-To: References: Message-ID: <20080830195447.GA5149@rsrfc.inorganic.org> On Fri, Aug 29, 2008 at 02:07:06PM -0700, Jennifer Davis wrote: > I can not believe the 88% number. Seriously, there are ethics about > having access to information. The people I know in the field are > pretty strongly willed ethically. What are people's personal ethics > with regards to stealing passwords? If you have access to the > information do you do this kind of thing? (maybe it's best to ask this > anonymously). Oh, I think it's OK to ask this question non-anonymously. It's answering it that calls for anonymity :) I don't know that we'll get a whole bunch of people saying they love to steal passwords ("I love to steal passwords! BTW, I was recently laid off and need a job, anyone want to hire me?"), so absent that, I suspect we'll get some responses along the lines of "I'm a highly ethical sysadmin and would never steal a password." Personally, I've never stolen passwords or other information of the type upon leaving companies, though I will admit I've not always been highly thorough in deleting company data from personal systems. And then, it's also worth being sure we know what we're talking about -- My Enterprise Information Security folks and I have had conversations on the topic, and they're believe that if I take my outlook.pst with me, I'm taking company-confidential information. Personally, while I don't care about the email, I know that when I leave this company, I'll be walking away with my Outlook contacts, or at least a viable copy of my contacts. I consider this justified, at least partially because given that my company allows reasonable personal use of company resources, and my company-provided Blackberry syncs with Exchange, A) Lots of these contacts are personal, not company-related, and B) most of them actually came from before I was at this company. We've basically mingled information, and we're both going to walk away from this job with a complete copy of this information (the difference being that nobody at my work actually will care about my contacts). -roy From lgharda at linmin.com Fri Aug 29 15:55:33 2008 From: lgharda at linmin.com (Laurent Gharda) Date: Fri, 29 Aug 2008 15:55:33 -0700 Subject: Ethics and passwords In-Reply-To: Message-ID: <025301c90a2a$58f64ad0$0a00a8c0@lgharda2> Hi all, I'm no sysadmin, but in my years as CEO of software companies, among the persons I trusted most in my companies, were my sysadmins. I'm shocked at this number and don't believe it. They're blowing smoke to get attention... I've had to make tough decisions, including letting people go, and the sysadmins and HR worked hand in glove to coordinate giving the bad news to the individuals, and revoking their credentials. On rare occasions, I've had to let a sysadmin go (once) for performance reasons (changing and not testing the changes, repeatedly, causing disruption to my business; not validating backups, etc.), and even then, there were no issues (all formal and "institutional" knowledge was communicated), and there were no hard feelings. I've always thought of sysadmins as attorneys (I mean this in a positive way!), and feel an implicit "attorney-client" privilege. They are granted the keys to the kingdom because they can be trusted. Sysadmins I've known have the highest code of ethics. LKG Laurent Gharda CEO, www.LinMin.com -----Original Message----- From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On Behalf Of Jennifer Davis Sent: Friday, August 29, 2008 2:50 PM To: baylisa at baylisa.org Subject: Re: Ethics and passwords I think we should call out this company for an accounting of what their survey really consisted of statistically: http://www.cyber-ark.com/news-events/pr_20080827.asp They note that "Note: This survey was conducted at Infosecurity 2008- Europe's largest IT security event". Looking at the events information (http://www.infosec.co.uk/page.cfm/link=13/GoSection=4): * 12,176 visitors in 2008 * UK Visitors - 11,124 * Overseas Visitors - 1,052 * Cross over Visitors* - 1,713 * Press - 283 * 1212 visitors returned on Day 2 from Day 1, and 976 returned on Day 3 from Day 2 (total visitors really is 10463) 16% Director Level and Above (1674) 18% IS/IT Management (1883) 11% General Management (1150) 18% Technical Specialists (1883) 2% Industry Analysts/Press (209) 13% Consultant (1360) 4% Other (418) 18% Service Desk and IT Support Show Audience/Unspecified (1883) (my numbers in () and just a guesstimate from above numbers and percentages) It seriously puts down the profession as _being_ professional and makes us sound like we are mostly criminals. It isn't surprising that the company is associated with "managing" highly sensitive information. I wonder what product they are trying to sell to help companies deal with this. Friends have told me in the past, "Companies lie, don't get worked up about it. It's all part of their strategy." I think it's crap. I don't want to do business with companies that lie. This kind of lie is against the _profession_ and the people who practice that profession. Maybe USENIX/SAGE or LOPSA could put together a statistically significant survey on this subject. -- Jennifer Davis