Dailydave mailing list archives
Re: Semi-anonymized moderation.
From: "Stephen John Smoogen" <smooge () gmail com>
Date: Mon, 28 Jan 2008 16:13:35 -0700
On Jan 28, 2008 1:30 PM, Mark Loveless <mloveless () autonomic-networks com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1On Mon, Jan 28, 2008 at 09:39:17AM -0500, Someone other than Dave Aitel wrote:Every time I hear the argument that some level of security,even lamesecurity, is better than NO security, I think about my Zappa paraphrasing. In my opinion, lame security is WORSE than nosecurity,simply because most of the people involved (think CxO/pointy-haired boss types) live with a sense that they are being protected,when in factthey are not. The ones with no protection are not living alie -- theyare at least AWARE they really have no security.Really? I know this has been said before. Horse, baseball bat, applying. Your house still has doors with locks, yet your windows are still trivial to break, bypassing the locks. Go ahead, remove the locks on the doors because obviously, you are better off without it. Oh, no windows? Got siding & drywall house, like most of America? I can cut a new enterance in most houses in minutes, thanks to my trusty sawzall. I know, lets live in brick hosues and hire armed guards to not allow enterance and exit of those that someone deams should not be allwowed in or out. Have fun living in a jail. Me, I'll live with my minor increases in security, as I improve where I can, what I can.I actually agree with you 100% on houses. However I was referring to computers... ;-) Here is the main reason the house argument doesn't work. I cannot postal mail you a letter or a package that creates a hidden backdoor into your house that only I have the key to. Sure maybe if I mailed you a bomb, I could create a crude opening in your house, but it would hardly be secret or hidden.
Actually I would use this analogy as extension. You know that the housekeeper has a vulnerability and you mail her a set of photos of her with the Labrador to get yourself into the house. In this case, the owner could be backdoored by his help, but because this possibility exists does not mean you remove the locks on your door. You just have to make a risk analysis of how much background checking you need to do on the people who have access to the house. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Semi-anonymized moderation. Dave Aitel (Jan 28)
- Re: Semi-anonymized moderation. Kowsik (Jan 28)
- Re: Semi-anonymized moderation. Chris Rohlf (Jan 28)
- Re: Semi-anonymized moderation. Jon Oberheide (Jan 28)
- Re: Semi-anonymized moderation. Chris Rohlf (Jan 28)
- Re: Semi-anonymized moderation. Brian (Jan 28)
- Re: Semi-anonymized moderation. Mark Loveless (Jan 28)
- Re: Semi-anonymized moderation. Brian (Jan 28)
- Re: Semi-anonymized moderation. Lance M. Havok (Jan 28)
- Re: Semi-anonymized moderation. Olef Anderson (Jan 28)
- Re: Semi-anonymized moderation. Stephen John Smoogen (Jan 28)
- Re: Semi-anonymized moderation. Mark Loveless (Jan 28)
- Re: Semi-anonymized moderation. Kowsik (Jan 28)
- Re: Semi-anonymized moderation. Sec urity (Jan 28)