Printable View
The link to this has been posted on another thread, but I thought that it was provocative enough to merit discussion on its own. It is about 18 months old.
The article is here:
http://www.ranum.com/security/comput...itorials/dumb/
And the ideas are:
1. The Default Permit
2. Enumerating Badness
3. Penetrate & Patch
4. Hacking is Cool
5. Educating Users
6. Action is Better Than Inaction
Views? :D
Honestly, I've had that philosophy since I began working in the enterprise. I used to seriously wonder how some people would have any other view than that and because of that I was repeatedly blackballed.
I'll give one example:
I was the senior network dude at the recently purchased xyz corp. I was told that there was a mandate from the new CEO to put the newest, bestest version of software on all of our corporate switches. The reasoning behind this was that if we didn't run that release of code, how could we expect our customers to use it? right? I mean the medical research always shows his faith in the that new shiny pill by taking it himself, right? pfftt!!!
I explained to the powers that be in a rather blunt way (read that "I hadn't learned the corporate talk and I was honest about it") that the software was not ready for primetime and, in fact, would cause serious problems in our environment and that loading that software was in diametric opposition of my job description.
End of story: I was cordially invited not to return to any meetings involving the CFO or customer support department. (read that:"They were serving up my ass at some future date.") Strangely enough the code was not loaded on the network and was returned for more testing.
I've since learned how to approach those situations in a much different manner.
The only thing I'm more sick of than CIO,CEO, COO reading magazines and thinking they know it all is techs who are reading those same articles.
Default to deny. That's a religion for me.
cheers and a very good read.