While additional security measures for BBSes may be minimal, is there interest in a fsxNET security echo?

Discuss security, white-hat hacking, privacy concerns, etc?

I think that keeping up with what's going on in the security world would be something that the average BBS user these days would be interested in.

I know other nets have some of this, but is there reason/"market" for this in fsxNET?

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: The Ratrace Losers (21:3/166)

Re: Any interest in a security-focused echo?
By: 2twisty to All on Fri Apr 08 2022 10:10 am

While additional security measures for BBSes may be minimal, is there interest in a fsxNET security echo?

Discuss security, white-hat hacking, privacy concerns, etc?

Maybe not limited to just BBSes, but white-hat hacking and security in general could be interesting.

Nightfox
--- SBBSecho 3.15-Win32
* Origin: Digital Distortion: digdist.synchro.net (21:1/137)

While additional security measures for BBSes may be minimal, is there interest in a fsxNET security echo?

Discuss security, white-hat hacking, privacy concerns, etc?

Maybe not limited to just BBSes, but white-hat hacking and security in general could be interesting.

I'm not sure if an stand alone echo is required, but it is, as those who have seen my messages in the General section, a subject that interests me and I think need attention.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

BY: boraxman(21:1/101)

I'm not sure if an stand alone echo is required, but it is, as those who have seen my messages in the General section, a subject that interests
me and I think need attention.

Computer security is vital when we open ports on our computers and or servers.


--- WWIV 5.5.1.3261
* Origin: inland utopia * california * iutopia.duckdns.org:2023 (21:4/108)

2twisty wrote to All <=-

I know other nets have some of this, but is there reason/"market" for
this in fsxNET?

I'd like a discussion area, but PLEASE, no auto-posting of news articles. A couple of infosec echoes read like an RSS feed with a snippet of the
article. I'd rather talk to people paid to do infosec, as well as seeing
what other people do to secure their kit - especially since many of us are exposing our home networks to the internet to run a BBS.


... "The swift blade penetrates the salad."
--- MultiMail/DOS v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

I'd rather talk to people paid to do infosec

What did I ever do to you that you want to make me talk to sysops about security? It’s painful enough in fsxgen. :)


- Andre
--- SBBSecho 3.15-Linux
* Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)

I'd like a discussion area, but PLEASE, no auto-posting of news
articles. A couple of infosec echoes read like an RSS feed with a
snippet of the article. I'd rather talk to people paid to do infosec,
as well as seeing what other people do to secure their kit - especially since many of us are exposing our home networks to the internet to run
a BBS.

I agree 100%. Discussion. I can get an RSS feed anywhere.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: The Ratrace Losers (21:3/166)

What did I ever do to you that you want to make me talk to sysops about security? It’s painful enough in fsxgen. :)

Which is precisely why I suggested it. If you want to read/discuss security, you can go to the echo, and keep fsxGEN for general topics.

Essentially, whenever a topic in fsxGEN comes up frequently, we should consider a dedicated echo for that topic.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: The Ratrace Losers (21:3/166)

Essentially, whenever a topic in fsxGEN comes up frequently, we should consider a dedicated echo for that topic.

It’s only ever the same one over and over. High ports or privileged ports.
:)


- Andre
--- SBBSecho 3.15-Linux
* Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)

Andre Robitaille wrote to poindexter FORTRAN <=-

I'd rather talk to people paid to do infosec

What did I ever do to you that you want to make me talk to sysops about security? It's painful enough in fsxgen. :)

We should all be working in infosec. The demand is high and the bar low
these days. I've spoken to people in infosec lately that didn't know enough about the lower levels of the network to be able to be effective - not understanding the difference between TCP, UDP and ICMP, for example, and not understanding the need for each.

Maybe we start that infosec echo and create our own crowdsourced certification?





... ZIMA TASTES BETTER WHEN IT'S ILLEGAL
--- MultiMail/DOS v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

We should all be working in infosec. The demand is high and the bar low these days. I've spoken to people in infosec lately that didn't know enough about the lower levels of the network to be able to be effective - not understanding the difference between TCP, UDP and ICMP, for example, and not understanding the need for each.

Yeah, that's all the new kids rolling in. I had to give up trying to hire people that had systems/network background or understanding. It's all kinda on the job training these days.


- Andre
--- SBBSecho 3.15-Linux
* Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)

On Fri, 8 Apr 2022 10:10:48 -0600
"2twisty" <2twisty@21:3/166> wrote:

While additional security measures for BBSes may be minimal, is there interest in a fsxNET security echo?

Discuss security, white-hat hacking, privacy concerns, etc?

I think that keeping up with what's going on in the security world
would be something that the average BBS user these days would be
interested in.

No, There's already Spooknet for that. We don't need another echo when
there's a full network dedicated to security and the like.
--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23
--- SBBSecho 3.15-Linux
* Origin: End Of The Line BBS - endofthelinebbs.com (21:2/101)

Andre Robitaille wrote to poindexter FORTRAN <=-

Yeah, that's all the new kids rolling in. I had to give up trying to
hire people that had systems/network background or understanding. It's
all kinda on the job training these days.

In all fairness, we don't all need to be multi-talented rock stars. At the
end of the day, someone still needs to enter data into Excel...


... Do you ever see inconsistencies in your world?
--- MultiMail/DOS v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

Yeah, that's all the new kids rolling in. I had to give up trying to hire people that had systems/network background or understanding. It' all kinda on the job training these days.

In all fairness, we don't all need to be multi-talented rock stars. At
the end of the day, someone still needs to enter data into Excel...

We were all n00bs once.....

It would be nice to be able to hire someone who could explain the difference between a router and a switch. May not need to know how to program them, but at least a working knowledge of the basic concepts.

Those of us with more experience tend to be set in our ways to the point that it may be difficult for a business to mold us to what they need rather than us trying to change them. Sometimes that's a good thing, and sometimes its bad when we tell them "that's gonna backfire" and we are right.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: The Ratrace Losers (21:3/166)

In all fairness, we don't all need to be multi-talented rock stars. At the end of the day, someone still needs to enter data into Excel...

At the time I'm referencing, I only had senior people on my team. Junior and mid-level were on a different team that I farmed. So I only had ninja rockstar jedi gurus.


- Andre
--- SBBSecho 3.15-Linux
* Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)

At the time I'm referencing, I only had senior people on my team. Junior and mid-level were on a different team that I farmed. So I only had
ninja rockstar jedi gurus.

It's nice to have Jedi, but they often despise doing stuff the padawans should be doing.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: The Ratrace Losers (21:3/166)

It's nice to have Jedi, but they often despise doing stuff the padawans should be doing.

Generally we found that people usually liked a light 1-2 weeks bewteen tough engagements. Some people wanted to travel constantly, others hated it. It really just came down to preferences.

But no one on my team had to do anything they didn't want to. That's what the other teams were for.


- Andre
--- SBBSecho 3.15-Linux
* Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)

2twisty wrote to poindexter FORTRAN <=-

It would be nice to be able to hire someone who could explain the difference between a router and a switch. May not need to know how to program them, but at least a working knowledge of the basic concepts.

Yes, half an hour understanding the OSI model should be a prerequisite for anyone dealing with networking and go a long way to building an
understanding of how each layer is used.

I worked with a consultant when I was starting out who added three more
layers to the model:

POLITICS
FINANCE
RELIGION

to make the OSI model properly match business cases.




... Change ambiguities to specifics
--- MultiMail/DOS v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

2twisty wrote to Andre Robitaille <=-

It's nice to have Jedi, but they often despise doing stuff the padawans should be doing.

Keeping with the metaphor, it's important to have both padawan and jedi, but the jedi need to respect the padawan and allow for a path for the padawan to become jedi.

I've worked (past tense, thankfully) where the level 3 people didn't respect the helpdesk and level 1/2 people, and when given an opportunity to promote from within hindered the process.

And, as a result we lost the ambitious entry level people and were stuck
with less driven techs - a self-fulfilling prophecy.

Such an odd environment = union IT techs, 1970s era job descriptions that drove unneccessary complication for end users ("Oh, I'm a software
technician II. I can't re-image your system, you'll need to open a ticket
for a software technician I. And, I can't move your monitor to the other
side of your desk, I'll need to open a ticket for a desktop hardware technician to do that.

Level 1 and 2 were hourly, level 3 salaried. Executive management wanted to promote people from within, and held out a promotion to level 3 as a reward. They didn't want the pay cut.

2 level 2 techs supporting a 24/7 operation passive-agressively blocked opportunities to cross-train anyone, it turned out they were making
something like $3.40 an hour *every* *hour* they were on call, which worked out to quite an overtime bill. And, they didn't want to share.

I didn't last a year there. Neither did any of my successors. I've watched with morbid interest at management's revolving door policy.






... THE SEVEN JOURNEYS TO ITSELFNESS
--- MultiMail/DOS v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

I've worked (past tense, thankfully) where the level 3 people didn't respect the helpdesk and level 1/2 people, and when given an
opportunity to promote from within hindered the process.

That's horrible. As a level 2 and 3, I always would help the lower levels learn more. 1) it helps them level up and 2) I get fewer calls for stuff that lower levels could handle with a little help.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: The Ratrace Losers (21:3/166)

On 10 Apr 2022 at 07:54a, poindexter FORTRAN pondered and said...

I'd like a discussion area, but PLEASE, no auto-posting of news
articles. A couple of infosec echoes read like an RSS feed with a
snippet of the article. I'd rather talk to people paid to do infosec,
as well as seeing what other people do to secure their kit - especially since many of us are exposing our home networks to the internet to run
a BBS.

I'm open to this. Would you and Twisty (any anyone else interested) be happy to work on some thoughts that frame up the focus of the echo, an echo tag etc. and post that discussion here. I could use what is agreed as the basis to create an echo should consensus be found.

I really need to soon revisit the other echos created to see what should stay/go too..

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 11 Apr 2022 at 10:33a, 2twisty pondered and said...

Which is precisely why I suggested it. If you want to read/discuss security, you can go to the echo, and keep fsxGEN for general topics.

Essentially, whenever a topic in fsxGEN comes up frequently, we should consider a dedicated echo for that topic.

Thanks for the suggestion, please read my reply to Poindexter and if interested further collaborate with him and others to work up the parameters of such a proposed echo. Have a look at the infopack to see examples of what I have written to explain the focus of each echo... I'm looking for help from you guys for that etc.. as infosec is not an area of expertise for me (but I do enjoy reading about it :))

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Avon wrote to poindexter FORTRAN <=-

I'm open to this. Would you and Twisty (any anyone else interested) be happy to work on some thoughts that frame up the focus of the echo, an echo tag etc. and post that discussion here. I could use what is agreed
as the basis to create an echo should consensus be found.

I'm up for it, I dabble in corporate security and home security as it
relates to homelabs.



... I hear he can kill people with an init string.
--- MultiMail/DOS v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)