funsec mailing list archives
Re: CyberSec Tips: Follow the rules - and advice
From: "Blanchard, Michael (InfoSec)" <michael.blanchard () emc com>
Date: Thu, 5 Dec 2013 20:48:32 +0000
Hear, Hear! Can't agree more! <applause!!!> Michael P. Blanchard Principal Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Cyber Security Services EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah Sent: Thursday, December 05, 2013 3:18 PM To: funsec () linuxbox org; infosecbc () yahoogroups com Subject: [funsec] CyberSec Tips: Follow the rules - and advice A followup to 1-2-3-4-5 (or 00000000): A recent story (actually based on one from several years ago) has pointed out that, for years, the launch codes for nuclear missiles were all set to 00000000. (Not quite true: a safety lock was set that way.) http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si- 1473483587 Besides the thrill value of the headline, there is an important point buried in the story. Security policies, rules, and procedures are usually developed for a reason. In this case, given the importance of nuclear weapons, there is a very real risk from a disgruntled insider, or even simple error. The safety lock was added to the system in order to reduce that risk. And immediately circumvented by people who didn't think it necessary. I used to get asked, a lot, for help with malware infestations, by friends and family. I don't get asked much anymore. I've given them simple advice on how to reduce the risk. Some have taken that advice, and don;t get hit. A large number of others don't ask because they know I will ask if they've followed the advice, and they haven't. Security rules are usually developed for a reason, after a fair amount of thought. This means you don't have to know about security, you just have to follow the rules. You may not know the reason, but the rules are actually there to keep you safe. It's a good idea to follow them. (There is a second point to make here, addressed not to the general public but to the professional security crowd. Put the thought in when you make the rules. Don't make stupid rules just for the sake of rules. That encourages people to break the stupid rules. And the necessity of breaking the stupid rules encourages people to break all the rules ...) Posted at http://blogs.securiteam.com/index.php/archives/2304 ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org It doesn't matter if the cup is half full or half empty. Whatever's inside it is evaporating either way. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- CyberSec Tips: Follow the rules - and advice Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 05)
- Re: CyberSec Tips: Follow the rules - and advice Blanchard, Michael (InfoSec) (Dec 05)