Dailydave mailing list archives
That weird dream
From: dave <dave () immunityinc com>
Date: Tue, 01 Sep 2009 07:36:56 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So you know that weird dream you have where you go back to high school but you know everything you know now? (Note, it will turn out that teenage girls are even LESS impressed by guys who can do basic algebra or make small strings of A's into really long strings of A's than you'd think).[1] Anyways, this is what doing a security review of any large company's internals is like. Partially, this is Microsoft's fault, since they market things like Sharepoint to large companies which are entirely unsecurable. For a large company, the only available response to a Sharepoint security review is to put your head between your hands and chant "NAH NAH NAH!" until it stops. Maybe the next version of Sharepoint will be better? I jest of course - by then we will all be using Google Wave, because nothing says "I don't care about security" more than adopting the latest new collaboration protocol. :> It's funny how cryptographic algorithms get a robust approach: 1. Don't use algorithms you can't understand (aka, ideally write proofs against) (This implies you don't use closed algorithms) 2. Don't use algorithms that haven't stood well for five or ten years of examination (which also implies that you don't use closed algorithms) 3. Once an algorithm starts to break even a little, completely abandon it. Five or ten years is about 2 or 3 computer generations. That means that if you design an algorithm for today's computing environment, you can't possibly have it reviewed for long enough to make it secure. This is probably partially why attackers are cleaning your clock left and right. *cough* Twitter *cough*. In any case, largely a large company's security is not Sharepoint's fault. Largely it's because IT is a really hard job that is 90% customer service. So if you want to grow, you don't buy good IT people, you build them, and that means they make mistakes on your dime. So if you're good at your job, and you still have a company ten years from now, you'll have systems set up and designed by people who were JUST LEARNING ten years ago. - -dave [1] Guys however, are pretty impressed by this, so the joke didn't work when I made it less gender specific. Sorry ! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqdB1gACgkQtehAhL0ghergEACcDnytYFabiMPu5bGJaYsCgSxP p8IAnidnNCFkvkn0/2np0PfdVaviR7Nr =LZ4I -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- That weird dream dave (Sep 01)
- Re: That weird dream Florian Weimer (Sep 02)