February 8th, 2008, 04:41 PM
6 Dumbest Ideas in Comp Sec
The link to this has been posted on another thread, but I thought that it was provocative enough to merit discussion on its own. It is about 18 months old.
The article is here:
And the ideas are:
1. The Default Permit
2. Enumerating Badness
3. Penetrate & Patch
4. Hacking is Cool
5. Educating Users
6. Action is Better Than Inaction
February 8th, 2008, 05:22 PM
Honestly, I've had that philosophy since I began working in the enterprise. I used to seriously wonder how some people would have any other view than that and because of that I was repeatedly blackballed.
I'll give one example:
I was the senior network dude at the recently purchased xyz corp. I was told that there was a mandate from the new CEO to put the newest, bestest version of software on all of our corporate switches. The reasoning behind this was that if we didn't run that release of code, how could we expect our customers to use it? right? I mean the medical research always shows his faith in the that new shiny pill by taking it himself, right? pfftt!!!
I explained to the powers that be in a rather blunt way (read that "I hadn't learned the corporate talk and I was honest about it") that the software was not ready for primetime and, in fact, would cause serious problems in our environment and that loading that software was in diametric opposition of my job description.
End of story: I was cordially invited not to return to any meetings involving the CFO or customer support department. (read that:"They were serving up my ass at some future date.") Strangely enough the code was not loaded on the network and was returned for more testing.
I've since learned how to approach those situations in a much different manner.
The only thing I'm more sick of than CIO,CEO, COO reading magazines and thinking they know it all is techs who are reading those same articles.
Default to deny. That's a religion for me.
cheers and a very good read.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
By The_Captain in forum Wireless Security
Last Post: November 17th, 2005, 06:47 AM
By hesperus in forum Miscellaneous Security Discussions
Last Post: September 13th, 2005, 03:58 PM
By thehorse13 in forum Miscellaneous Security Discussions
Last Post: June 8th, 2005, 04:19 AM
By coolcamel in forum Newbie Security Questions
Last Post: April 11th, 2004, 02:21 AM
By korndogma in forum Security Archives
Last Post: January 26th, 2002, 03:32 PM