PaulDotCom mailing list archives
Have a laugh on me...
From: lonervamp at gmail.com (Michael Dickey)
Date: Mon, 12 Oct 2009 18:14:04 -0500
Ahh, the big balancing act between usability and security. This same argument can be used for just about every single security measure you can think of. And it is. Sadly, very often. This can be a valid argument, but "top guy" should have gone into more detail on why security can be lax in this case. At least you gave a couple reasons that any audit would ding the organization about as well. Or at least escalate so someone who can make a risk decision can do so. The next step might be to illustrate to "top guy" what could be disclosed should someone guess the password and poke around. Could it open up the app to more attacks once you get into the meat of the functionality? Could the app expose the server and then others? Or the database underneath that might be shared with other apps? Etc. On Mon, Oct 12, 2009 at 12:24 PM, Soft Reset <softreset64738 at gmail.com>wrote:
Without spilling details, I told the IT team to remove an exposed web portal from the internet as it was not SSL protected and the password was easy enough to be found in my kid's "My First Dictionary". This is the response I got back from our "top guy": "Many people need access to the web portal. Remember that one of the objectives is to develop a strategy for the customer. Easier access, not harder, should be the goal." I laughed. How about you? --SR6 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091012/2dbc49ff/attachment.htm
Current thread:
- Have a laugh on me..., (continued)
- Have a laugh on me... Vincent Lape (Oct 12)
- Have a laugh on me... Kennith Asher (Oct 12)
- Have a laugh on me... Vincent Lape (Oct 12)
- Have a laugh on me... Kennith Asher (Oct 12)
- Have a laugh on me... Dan McGinn-Combs (Oct 13)
- Have a laugh on me... infolookup at gmail.com (Oct 13)
- Have a laugh on me... Kennith Asher (Oct 12)
- Have a laugh on me... Vincent Lape (Oct 12)
- Have a laugh on me... Jason Wood (Oct 12)
- Have a laugh on me... iamnowonmai (Oct 12)