6 Dumbest Ideas in Comp Sec
Results 1 to 2 of 2

Thread: 6 Dumbest Ideas in Comp Sec

  1. #1
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    6 Dumbest Ideas in Comp Sec

    The link to this has been posted on another thread, but I thought that it was provocative enough to merit discussion on its own. It is about 18 months old.

    The article is here:

    http://www.ranum.com/security/comput...itorials/dumb/

    And the ideas are:

    1. The Default Permit
    2. Enumerating Badness
    3. Penetrate & Patch
    4. Hacking is Cool
    5. Educating Users
    6. Action is Better Than Inaction

    Views?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Honestly, I've had that philosophy since I began working in the enterprise. I used to seriously wonder how some people would have any other view than that and because of that I was repeatedly blackballed.
    I'll give one example:
    I was the senior network dude at the recently purchased xyz corp. I was told that there was a mandate from the new CEO to put the newest, bestest version of software on all of our corporate switches. The reasoning behind this was that if we didn't run that release of code, how could we expect our customers to use it? right? I mean the medical research always shows his faith in the that new shiny pill by taking it himself, right? pfftt!!!

    I explained to the powers that be in a rather blunt way (read that "I hadn't learned the corporate talk and I was honest about it") that the software was not ready for primetime and, in fact, would cause serious problems in our environment and that loading that software was in diametric opposition of my job description.
    End of story: I was cordially invited not to return to any meetings involving the CFO or customer support department. (read that:"They were serving up my ass at some future date.") Strangely enough the code was not loaded on the network and was returned for more testing.

    I've since learned how to approach those situations in a much different manner.

    The only thing I'm more sick of than CIO,CEO, COO reading magazines and thinking they know it all is techs who are reading those same articles.

    Default to deny. That's a religion for me.

    cheers and a very good read.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

Similar Threads

  1. wireless security ideas
    By The_Captain in forum Wireless Security
    Replies: 9
    Last Post: November 17th, 2005, 06:47 AM
  2. Six Dumb Ideas In Computer Security
    By hesperus in forum Miscellaneous Security Discussions
    Replies: 6
    Last Post: September 13th, 2005, 03:58 PM
  3. Google Sponsors NMAP in Coding Project
    By thehorse13 in forum Miscellaneous Security Discussions
    Replies: 11
    Last Post: June 8th, 2005, 04:19 AM
  4. comp. part of network and logoff user
    By coolcamel in forum Newbie Security Questions
    Replies: 17
    Last Post: April 11th, 2004, 02:21 AM
  5. Hacking into a local comp.
    By korndogma in forum Security Archives
    Replies: 6
    Last Post: January 26th, 2002, 03:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •