• Any interest in a security-focused echo?

    From 2twisty@21:3/166 to All on Fri Apr 8 10:10:48 2022
    While additional security measures for BBSes may be minimal, is there interest in a fsxNET security echo?

    Discuss security, white-hat hacking, privacy concerns, etc?

    I think that keeping up with what's going on in the security world would be something that the average BBS user these days would be interested in.

    I know other nets have some of this, but is there reason/"market" for this in fsxNET?

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: The Ratrace Losers (21:3/166)
  • From Nightfox@21:1/137 to 2twisty on Fri Apr 8 10:29:13 2022
    Re: Any interest in a security-focused echo?
    By: 2twisty to All on Fri Apr 08 2022 10:10 am

    While additional security measures for BBSes may be minimal, is there interest in a fsxNET security echo?

    Discuss security, white-hat hacking, privacy concerns, etc?

    Maybe not limited to just BBSes, but white-hat hacking and security in general could be interesting.

    Nightfox
    --- SBBSecho 3.15-Win32
    * Origin: Digital Distortion: digdist.synchro.net (21:1/137)
  • From boraxman@21:1/101 to Nightfox on Sat Apr 9 15:32:30 2022
    While additional security measures for BBSes may be minimal, is there interest in a fsxNET security echo?

    Discuss security, white-hat hacking, privacy concerns, etc?

    Maybe not limited to just BBSes, but white-hat hacking and security in general could be interesting.


    I'm not sure if an stand alone echo is required, but it is, as those who have seen my messages in the General section, a subject that interests me and I think need attention.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Utopian Galt@21:4/108 to Boraxman on Sat Apr 9 13:54:37 2022
    BY: boraxman(21:1/101)


    I'm not sure if an stand alone echo is required, but it is, as those who have seen my messages in the General section, a subject that interests
    me and I think need attention.
    Computer security is vital when we open ports on our computers and or servers.


    --- WWIV 5.5.1.3261
    * Origin: inland utopia * california * iutopia.duckdns.org:2023 (21:4/108)
  • From poindexter FORTRAN@21:4/122 to 2twisty on Sun Apr 10 07:54:00 2022
    2twisty wrote to All <=-

    I know other nets have some of this, but is there reason/"market" for
    this in fsxNET?

    I'd like a discussion area, but PLEASE, no auto-posting of news articles. A couple of infosec echoes read like an RSS feed with a snippet of the
    article. I'd rather talk to people paid to do infosec, as well as seeing
    what other people do to secure their kit - especially since many of us are exposing our home networks to the internet to run a BBS.


    ... "The swift blade penetrates the salad."
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From Andre Robitaille@21:3/117 to poindexter FORTRAN on Mon Apr 11 08:59:14 2022
    I'd rather talk to people paid to do infosec

    What did I ever do to you that you want to make me talk to sysops about security? It’s painful enough in fsxgen. :)


    - Andre
    --- SBBSecho 3.15-Linux
    * Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)
  • From 2twisty@21:3/166 to poindexter FORTRAN on Mon Apr 11 10:32:09 2022
    I'd like a discussion area, but PLEASE, no auto-posting of news
    articles. A couple of infosec echoes read like an RSS feed with a
    snippet of the article. I'd rather talk to people paid to do infosec,
    as well as seeing what other people do to secure their kit - especially since many of us are exposing our home networks to the internet to run
    a BBS.

    I agree 100%. Discussion. I can get an RSS feed anywhere.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: The Ratrace Losers (21:3/166)
  • From 2twisty@21:3/166 to Andre Robitaille on Mon Apr 11 10:33:50 2022
    What did I ever do to you that you want to make me talk to sysops about security? It’s painful enough in fsxgen. :)

    Which is precisely why I suggested it. If you want to read/discuss security, you can go to the echo, and keep fsxGEN for general topics.

    Essentially, whenever a topic in fsxGEN comes up frequently, we should consider a dedicated echo for that topic.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: The Ratrace Losers (21:3/166)
  • From Andre Robitaille@21:3/117 to 2twisty on Mon Apr 11 12:28:48 2022
    Essentially, whenever a topic in fsxGEN comes up frequently, we should consider a dedicated echo for that topic.

    It’s only ever the same one over and over. High ports or privileged ports.
    :)


    - Andre
    --- SBBSecho 3.15-Linux
    * Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)
  • From poindexter FORTRAN@21:4/122 to Andre Robitaille on Tue Apr 12 06:40:00 2022
    Andre Robitaille wrote to poindexter FORTRAN <=-

    I'd rather talk to people paid to do infosec

    What did I ever do to you that you want to make me talk to sysops about security? It's painful enough in fsxgen. :)

    We should all be working in infosec. The demand is high and the bar low
    these days. I've spoken to people in infosec lately that didn't know enough about the lower levels of the network to be able to be effective - not understanding the difference between TCP, UDP and ICMP, for example, and not understanding the need for each.

    Maybe we start that infosec echo and create our own crowdsourced certification?





    ... ZIMA TASTES BETTER WHEN IT'S ILLEGAL
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From Andre Robitaille@21:3/117 to poindexter FORTRAN on Tue Apr 12 09:50:53 2022
    We should all be working in infosec. The demand is high and the bar low these days. I've spoken to people in infosec lately that didn't know enough about the lower levels of the network to be able to be effective - not understanding the difference between TCP, UDP and ICMP, for example, and not understanding the need for each.

    Yeah, that's all the new kids rolling in. I had to give up trying to hire people that had systems/network background or understanding. It's all kinda on the job training these days.


    - Andre
    --- SBBSecho 3.15-Linux
    * Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)
  • From Nigel Reed@nospam@nospam.com to 2twisty on Tue Apr 12 17:53:50 2022
    On Fri, 8 Apr 2022 10:10:48 -0600
    "2twisty" <2twisty@21:3/166> wrote:

    While additional security measures for BBSes may be minimal, is there interest in a fsxNET security echo?

    Discuss security, white-hat hacking, privacy concerns, etc?

    I think that keeping up with what's going on in the security world
    would be something that the average BBS user these days would be
    interested in.

    No, There's already Spooknet for that. We don't need another echo when
    there's a full network dedicated to security and the like.
    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23
  • From poindexter FORTRAN@21:4/122 to Andre Robitaille on Wed Apr 13 06:38:00 2022
    Andre Robitaille wrote to poindexter FORTRAN <=-

    Yeah, that's all the new kids rolling in. I had to give up trying to
    hire people that had systems/network background or understanding. It's
    all kinda on the job training these days.

    In all fairness, we don't all need to be multi-talented rock stars. At the
    end of the day, someone still needs to enter data into Excel...


    ... Do you ever see inconsistencies in your world?
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From 2twisty@21:3/166 to poindexter FORTRAN on Wed Apr 13 09:13:57 2022
    Yeah, that's all the new kids rolling in. I had to give up trying to hire people that had systems/network background or understanding. It' all kinda on the job training these days.

    In all fairness, we don't all need to be multi-talented rock stars. At
    the end of the day, someone still needs to enter data into Excel...

    We were all n00bs once.....

    It would be nice to be able to hire someone who could explain the difference between a router and a switch. May not need to know how to program them, but at least a working knowledge of the basic concepts.

    Those of us with more experience tend to be set in our ways to the point that it may be difficult for a business to mold us to what they need rather than us trying to change them. Sometimes that's a good thing, and sometimes its bad when we tell them "that's gonna backfire" and we are right.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: The Ratrace Losers (21:3/166)
  • From Andre Robitaille@21:3/117 to poindexter FORTRAN on Wed Apr 13 10:48:59 2022
    In all fairness, we don't all need to be multi-talented rock stars. At the end of the day, someone still needs to enter data into Excel...

    At the time I'm referencing, I only had senior people on my team. Junior and mid-level were on a different team that I farmed. So I only had ninja rockstar jedi gurus.


    - Andre
    --- SBBSecho 3.15-Linux
    * Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)
  • From 2twisty@21:3/166 to Andre Robitaille on Wed Apr 13 10:10:37 2022
    At the time I'm referencing, I only had senior people on my team. Junior and mid-level were on a different team that I farmed. So I only had
    ninja rockstar jedi gurus.

    It's nice to have Jedi, but they often despise doing stuff the padawans should be doing.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: The Ratrace Losers (21:3/166)
  • From Andre Robitaille@21:3/117 to 2twisty on Wed Apr 13 11:49:57 2022
    It's nice to have Jedi, but they often despise doing stuff the padawans should be doing.

    Generally we found that people usually liked a light 1-2 weeks bewteen tough engagements. Some people wanted to travel constantly, others hated it. It really just came down to preferences.

    But no one on my team had to do anything they didn't want to. That's what the other teams were for.


    - Andre
    --- SBBSecho 3.15-Linux
    * Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)
  • From poindexter FORTRAN@21:4/122 to 2twisty on Thu Apr 14 06:54:00 2022
    2twisty wrote to poindexter FORTRAN <=-

    It would be nice to be able to hire someone who could explain the difference between a router and a switch. May not need to know how to program them, but at least a working knowledge of the basic concepts.

    Yes, half an hour understanding the OSI model should be a prerequisite for anyone dealing with networking and go a long way to building an
    understanding of how each layer is used.

    I worked with a consultant when I was starting out who added three more
    layers to the model:

    POLITICS
    FINANCE
    RELIGION

    to make the OSI model properly match business cases.




    ... Change ambiguities to specifics
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From poindexter FORTRAN@21:4/122 to 2twisty on Thu Apr 14 08:44:00 2022
    2twisty wrote to Andre Robitaille <=-

    It's nice to have Jedi, but they often despise doing stuff the padawans should be doing.

    Keeping with the metaphor, it's important to have both padawan and jedi, but the jedi need to respect the padawan and allow for a path for the padawan to become jedi.

    I've worked (past tense, thankfully) where the level 3 people didn't respect the helpdesk and level 1/2 people, and when given an opportunity to promote from within hindered the process.

    And, as a result we lost the ambitious entry level people and were stuck
    with less driven techs - a self-fulfilling prophecy.

    Such an odd environment = union IT techs, 1970s era job descriptions that drove unneccessary complication for end users ("Oh, I'm a software
    technician II. I can't re-image your system, you'll need to open a ticket
    for a software technician I. And, I can't move your monitor to the other
    side of your desk, I'll need to open a ticket for a desktop hardware technician to do that.

    Level 1 and 2 were hourly, level 3 salaried. Executive management wanted to promote people from within, and held out a promotion to level 3 as a reward. They didn't want the pay cut.

    2 level 2 techs supporting a 24/7 operation passive-agressively blocked opportunities to cross-train anyone, it turned out they were making
    something like $3.40 an hour *every* *hour* they were on call, which worked out to quite an overtime bill. And, they didn't want to share.

    I didn't last a year there. Neither did any of my successors. I've watched with morbid interest at management's revolving door policy.






    ... THE SEVEN JOURNEYS TO ITSELFNESS
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From 2twisty@21:3/166 to poindexter FORTRAN on Fri Apr 15 12:39:28 2022
    I've worked (past tense, thankfully) where the level 3 people didn't respect the helpdesk and level 1/2 people, and when given an
    opportunity to promote from within hindered the process.

    That's horrible. As a level 2 and 3, I always would help the lower levels learn more. 1) it helps them level up and 2) I get fewer calls for stuff that lower levels could handle with a little help.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: The Ratrace Losers (21:3/166)
  • From Avon@21:1/101 to poindexter FORTRAN on Sat May 14 12:02:03 2022
    On 10 Apr 2022 at 07:54a, poindexter FORTRAN pondered and said...

    I'd like a discussion area, but PLEASE, no auto-posting of news
    articles. A couple of infosec echoes read like an RSS feed with a
    snippet of the article. I'd rather talk to people paid to do infosec,
    as well as seeing what other people do to secure their kit - especially since many of us are exposing our home networks to the internet to run
    a BBS.

    I'm open to this. Would you and Twisty (any anyone else interested) be happy to work on some thoughts that frame up the focus of the echo, an echo tag etc. and post that discussion here. I could use what is agreed as the basis to create an echo should consensus be found.

    I really need to soon revisit the other echos created to see what should stay/go too..

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to 2twisty on Sat May 14 12:04:33 2022

    On 11 Apr 2022 at 10:33a, 2twisty pondered and said...

    Which is precisely why I suggested it. If you want to read/discuss security, you can go to the echo, and keep fsxGEN for general topics.

    Essentially, whenever a topic in fsxGEN comes up frequently, we should consider a dedicated echo for that topic.

    Thanks for the suggestion, please read my reply to Poindexter and if interested further collaborate with him and others to work up the parameters of such a proposed echo. Have a look at the infopack to see examples of what I have written to explain the focus of each echo... I'm looking for help from you guys for that etc.. as infosec is not an area of expertise for me (but I do enjoy reading about it :))

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From poindexter FORTRAN@21:4/122 to Avon on Sat May 14 20:41:00 2022
    Avon wrote to poindexter FORTRAN <=-

    I'm open to this. Would you and Twisty (any anyone else interested) be happy to work on some thoughts that frame up the focus of the echo, an echo tag etc. and post that discussion here. I could use what is agreed
    as the basis to create an echo should consensus be found.

    I'm up for it, I dabble in corporate security and home security as it
    relates to homelabs.



    ... I hear he can kill people with an init string.
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)