Real Cases
Welcome to the Real Cases Mailing List Oct 19 2005 11:30AM
Topi Ylinen (topi ylinen hushmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Welcome to the Real Cases mailing list!

In order to plan your security controls, it is necessary to know
what you are protecting your assets from. Some threats are little
more than theoretical, and some threats are happening every day.
Some threats could be theoretical today but might be very real and
common tomorrow or the day after that. It is worth noting that a
'threat', in this context, does not always imply malicious intent:
a threat can be just as easily caused by human error, poor design,
an accident or a natural disaster.

The aim of this mailing list is to offer a forum where you can
discuss real infosec incidents and learn what really is going out
there, in order to help you better protect your organization and
assist you in executive decision making. Or maybe you have
experienced an incident and wish to share your thoughts or ask
questions -- this mailing list is the right place.

The main difference to the Incidents list is that whereas the
Incidents list concentrates on the technical issues, the Real Cases
list has a wider, more management-oriented perspective.

Here is the list charter:

Real Cases Mailing List - Charter V1.0
Objective
This charter sets out the lists operating rules for both posting
and moderating.
Information about subscribing, unsubscribing and the archives can
be found at the end of this charter.

Background
This list is moderated by Topi Ylinen (topi.ylinen (at) hushmail (dot) com [email concealed]),
who is the CISO at a European localization service. This mailing
list is intended for infosec professionals and others who need
information on and/or want to discuss real infosec incidents. The
difference to the existing Incidents mailing list (which is for
technical issues) is that the Real Cases mailing list has a wider,
more management-oriented perspective.

What is appropriate content?
The Real Cases mailing list is a forum for the discussion of
infosec violations, incidents and court cases from the infosec
management perspective. Here are some examples of what would
constitute appropriate content:

- - Infosec crime: News headlines on real cases. How do infosec
criminals and blackhats operate today?
- - Legislation and court cases: What are the applicable laws? When
and how to report an incident to the authorities? How did things
turn out in the court?
- - International issues: The differences in legislation and IT
cultures. What if the perpetrator is operating from a different
country?
- - Trends and statistics: What are the current trends in infosec
crime? What kind of incidents cause the greatest corporate losses?
- - When discussing a case, it is acceptable to cover the technical
aspects, but purely technical topics should be taken to other
lists, such as the Incidents mailing list.

Whitepapers that deal with the relevant content may be posted.
Papers that require a user to register before downloading or
receiving the paper must NOT be posted and will be rejected.

Guidelines for Posting

- - All postings should be polite, non-personal and contain no
defamatory or derogatory comments or foul language
- - All posting must be commercial / marketing free (discrete
footnotes and email signatures are acceptable)
- - All postings must be in English
- - Everyone has an equal voice and all posts will be approved as
long as they post within the bounds of this charter.
- - Only posts in text will be approved. No HTML!
- - Please keep in mind that the list will be universally accessible.
When discussing a real crime case, it may be wise not to divulge
any actual names, IP addresses or other uniquely identifying
information.

Guidelines for Moderating
The moderator has sole and full discretion over what is appropriate
content and what is not. We reserve the right to reject any message
however in general all posts will be approved as long as they post
within the bounds of this charter.

Conflict Resolution
From time to time people may feel that a post was either approved
that shouldn't have been or a post was not approved that should
have been. The appropriate way to deal with all moderation and list
management issues is to:

1. Refer to this charter.
2. If you still feel a mistake has been made then you should mail
the moderator (topi.ylinen (at) hushmail (dot) com [email concealed]) offline, explain your
concerns and discuss the issue.
3. If you still feel a mistake has been made you should send the
offline email discussion thread with the moderator along with your
reasons why you feel this is not appropriate to Dave Ahmad
(da (at) securityfocus (dot) com [email concealed]) and copy the moderator.

If you are ever unsure if you should post or feel there is a
justified reason why you are posting outside of the charters scope,
you can mail the moderator for advice prior to posting.

List Management

How do I subscribe?
Send an e-mail message to realcases-subscribe (at) securityfocus (dot) com. [email concealed]
The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to
answer.

How do I unsubscribe?
Send an e-mail message to realcases-unsubscribe (at) securityfocus (dot) com [email concealed]
from the subscribed address. The contents of the subject or message
body do not matter. You will receive a confirmation request message
to which you will have to answer.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed]
and ask to be manually removed.

How do I disable mail delivery temporarily?
Unsubscribe from the list and resubscribe to start receiving
mailing list traffic again.

Is the list available in a digest format?
Yes.

How do I subscribe to the digest?
Send an e-mail message to realcases-digest-
subscribe (at) securityfocus (dot) com. [email concealed] The contents of the subject or message
body do not matter. You will receive a confirmation request message
to which you will have to answer.

How do I unsubscribe from the digest?
Send an e-mail message to realcases-digest-
unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to
answer.

I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to the list from. Either send an
email from the appropriate address or email
listadmin (at) securityfocus (dot) com [email concealed] to be unsubscribed manually.

Can you add a tag like "[realcases]" to the subject line of each
message? Not at this time. How can I tell whether I am subscribed
to the list?
Send an e-mail message to realcases-query (at) securityfocus (dot) com. [email concealed] If you
want to test whether you are subscribed to the digest send an e-
mail message to realcases-digest-query (at) securityfocus (dot) com. [email concealed]

- --
Topi Ylinen
Moderator, Securityfocus Real Cases Mailing List
realcases (at) securityfocus (dot) com [email concealed]
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNWLkEACgkQiokir2ZPLvUWFgCfYj6Oa9Cwtq7jtcT3af/5IYTJX/QA
oJWsjalY6LZKwPJHOdQcx2IMGzqz
=vB72
-----END PGP SIGNATURE-----

Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus