AO - Max security for a connected world

[dinowuff]

Nihil:

I did not over react. I knew it was a member, but for the life of me couldn't figure it out. Then Spyder closed the thread. Again we, the members, don't see spider for months and then BOOM thread closed and posts deleted. Check out the last page of my troll tread. (Remember?)

And I asked Neg to close that thread and TOLD him I would start this one. That's the difference between Neg and spyder. Neg doesn't just randomly close threads or delete posts unless he's asked.

*whisper* Neg has been known to disable accounts that should not have been closed LMFAO sorry Neg that's still funny as hell.

[MrLinus]

yes, and? Security is the act of making it difficult to hack something. I don't see why that word(or the others listed) coming up is a problem. Like I tried to explain earlier, it's all in how you present it. I also already mentioned litigation is not our only concern. I think you missed a few posts. I realize the thread is getting quite long.

Actually, I'd say it's more than that: it's about making users feel secure in their environment (whether home or work) and about protecting things that are important (data/IP).

JPnyc: I'm dense but isn't there a multiquote feature around here?

Blackice: if you're looking for work, check out VMware. We have over 1,000 positions open around the world.

Now some thoughts: I read all the posts in this thread and I do think that discussions on security have to change. Most discussions are still treating people as if they've never done it before (and for some, unfortunately, that is true). But for the majority security has been in place for at least 2 years or more. It's existed there for a while. Perhaps the change has to be how to continue making security important when the world thinks all is good.

I would love to do some virtualization and security topics (e.g., VM sprawl, VM security, console security, etc.) but I have to be careful of the tightrope I walk between work and here. While general discussions are important for community and such, the focus on security has to be pushed. The reality is that we need more than a few writers to do it. We need regular people that will continue to add to it (like the Newsletter). The reality is there is a great mentality of what needs to be done but no one has the time or inclination to do it (myself included although I've been thinking about how to use some of my recent knowledge here to benefits others).

As I said elsewhere it is baby steps we are taking but important ones. I do think this will be a gradual change but it must be a change that ALL are committed to in order for it to be truly effective.

I have to start teaching in about 30 but when I've had more time to digest, I'll see what things I can post and add to here.

[JPnyc]

No, not in this version. The next one has a multiple quote feature.

[intmon]

Sorry it's taken me so long to jump in this thread but it took forever to read through it all. Some valid points have been made, and some decent suggestions provided. Here is my take:

Yes, this site used to be known as a hacking/hacker site. Yes, Mitnick used to visit occasionally, but not post (I talked to him about it at an InfoSec conference I attended). And I will admit that sometimes it's hard to justify why we currently have so many mods on a forum that usually has less than 20 registered members online at any given time. BUT....JP is correct when he says that being a mod in a corporate community is very tough, and often, personalities are volatile. As he also said, we are not going to tolerate abuse happening to our members, especially by a mod, and if we see such abuse going on, that mod is out.

The honeypot idea sounds like fun. Also love the idea of user-submitted video tutorials. I am currently working on that for another of our sites, and if I can push it through there, I will try to do the same here.

Agreed that we need more tutorials. We will make a list of items (such as the IP Locator) that need attention, and get them taken care of. Speaking of which, we had taken the IP Locator off the site, link-wise anyway, for a long time, but got so many requests to add it back that we did, but we recognize that it needs to be updated.

I will be having a conference call later today with JP and Pedro to discuss. Thanks for all your thoughts and constructive criticisms in this thread--it's a great start!!

[phernandez]

Just a quick update to let you know that we spoke. We will continue to identify the areas that need help in coming days/weeks (it's a process, bear with us) and start to attack those. I won't echo what intmon said above, but he pretty much sums it up.

I think you can all appreciate the tricky spot we're in. That said, we still invite constructive criticism as long as it's kept civil. For my part, I'll be immediately attacking "low-hanging fruit" items like the events calendar. Remember, if you have a security-related event, PM me.

Keep sharing those ideas. More importantly, keep contributing to the site.

[|3lack|ce]

Ok JPNyc, I've got a bit more in the realm of proof for you - finding the thread that ultimately led to my leaving. This thread accomplishes two things:

It establishes that this isn't the first time Spyder's been called out on the carpet for things.

It proves that your 'plausible deniability' is false - you WERE here when it all took place, in fact you handled the last episode personally, and it was your ultimate decision at that time that caused me to taper off posting and leave.

Be advised that the thread took place in addicts because at the time I cared enough to keep such things away from the general membership. Be also advised that the supporting threads to it have mostly been deleted or have dropped off your system somehow. (Yep, I spent the past hour researching all of the last 500 tigershark posts looking for the thread where HE called Spydey down on premature closings as well, it's gone - at least by the search method I used.)

You may find this thread here:
http://antionline.com/showthread.php?t=270625

Be also advised that I will do no further research into this nor provide any further proof. If you choose to call me 'flimsy' or 'don knotts' esque, that is your perrogative. I've pointed out a problem and a change that needs to take place, which is what this thread's original intent is. It's up to YOU to investigate and provide proof either way.

[JPnyc]

I see it, and I have spoken to him already about closing threads prematurely. You want him removed for this and I have already told you it will not happen. If it continues to occur from here out, then it will happen.

This is a personal vendetta for you, whether you are aware of it or not, or willing to admit it, or not. I can't respond to personal vendettas. You yourself even used the word "gunning".

[|3lack|ce]

Yep, I used the word 'gunning' - a nice colloquialism from lower podunk meaning precisely the way you took it. However, let us define vendetta:

From dictionary.com:
1. a private feud in which the members of the family of a murdered person seek to avenge the murder by killing the slayer or one of the slayer's relatives, esp. such vengeance as once practiced in Corsica and parts of Italy.
2. any prolonged and bitter feud, rivalry, contention, or the like: a political vendetta.

Yep, Spyder slew several threads that he shouldn't have. I stood up for my fellow members and pointed out his errors, even back then. JupMedia (AKA You - since you're the "Official" representative on the scene) chose to do nothing. Once again you're choosing to do nothing. Uncanny how every bit of this equates to zero eh?

Back to the original point here:

Some of your Moderators are driving away your members. Some of your moderators have driven away your core group. Your Forums have a MAJOR problem. You asked our advice on how to correct it.

Here, JPnyc, is ONE OF THE PROBLEMS. You got my advice. If you choose to do nothing, I'll just fade back into the woodwork until someone does, or go contribute elsewhere as I've been doing. Sticking your head into the sand or defending that which is broken is NOT a viable option here.

YOU asked for ideas for change. That was one of mine.

Nuff said, I'm done. Call me in another two years. Maybe Jup'll wake up by then.

[JPnyc]

And your idea was listen to, considered, and a decision was made regarding it. Just because we asked for suggestions and listened doesn't mean we're going to take every suggestion offered.

[Nokia]

I know I said I wasn't going to post here anymore but I want to point something out:

The thread that Ice linked to: http://antionline.com/showpost.php?p=882896
came about for the exact same reason this one came about, and concerning the same person...

JP, if you read that entire thread and look at the names you will see that the people who where posting in it are all the Core membership I mentioned at the beginning of this thread, at the time they were the folks keeping AO alive and the folks writing the tutorials.

This post in particualr sums it all up very well:
http://antionline.com/showpost.php?p...6&postcount=29

Shortly after that thread was closed and everyones' complaint was ignored (a unanimous complaint by all senior members I may add) everyone deserted AO almost immediately and went to the TAZ Zone, which IMHO started the demise of AO...but they all went due to the issues discussed in that thread and the fact that nothing was done about it.

My point is not about Spyder being the worst mod in the history of the Internet, Ethernet, IP, TCP and DNS and maybe even UDP; you've chosen to overlook what he done and let him stay, as the boss that's up to you. However most of the folks that posted in that thread have posted in this one and some are evidently willing to come back to AO, if the moderation of this place is sorted out (and it would be unfair to squarely blame Spyder for all of the current mod issues) but again their complaints are being ignored by you, so again they will go elsewhere...

If you have time, take a read of the entire thread that's been linked to, and with hindsight, see if it could have been handled better? The similarities are quite uncanny, the only difference is there are no senior members left to desert AO anymore, only ones who may come back.