The Six Dumbest Ideas in Computer Security
Frater 219 writes "The IT industry spends a huge amount of money on security -- and yet worms, spyware, and other relatively mindless attacks are still able to create massive havoc. Why? Marcus Ranum suggests that we've all been spending far too much time and effort on provably ineffective security measures. It may come as a surprise that anti-virus software, penetration testing, and user education are three of "The Six Dumbest Ideas in Computer Security"."
Why, would you rather I leave the door open to get some light in the basement?
Be relentless!
Unless they ban the movie Hackers and eradicate all copies of it everywhere, they're not gonna make hacking uncool...
[o]_O
Yeah, I'm taking all my anti-virus software off the computers right now. I don't know why I ever though it was useful anyway. It's more efficient to deal with the infections as they come in then it is to try to prevent it.
I'm gonna stop using condoms too while I'm at it.
Sometimes my arms bend back.
# chmod +x naked_sluts.exe ./naked_sluts.exe /home/iclod/porn... /home/iclod/work... /home/iclod/Mail... /home/iclod... /home... /home: permission denied.
#
Removing
Removing
Removing
Removing
Removing
Error: cannot remove
* Entering phase 2
Scanning ports for viral spreading:
No suitable ports available.
* Entering phase 3
Accessing sendmail...
Mailing...
Mailing...
Mailing...
Error: mail blocked: too many recipients. Wait ten minutes and try again.
In short, users aren't a major problem because they should only be able to hurt themselves. The problem is that they often can and do hurt others. This is the result of poor design.
Password must be 10+ characters in length, contain upper and lower case letters, 3 numbers and 2 special characters.
Result:
Users keep their passwords on post-it notes stuck to their monitors.
2) Constant password expiration
Passwords expire every 3 months. New passwords can not resemble old passwords.
Result:
Users keep their passwords on post-it notes stuck to their monitors.
My current password is "ilovepigs" and all i have to do to find it is look through my slashdot post history on another PC.
I don't understand why people bother with postit notes
"In a time of universal deceit - telling the truth is a revolutionary act." - George Orwell
Maybe he's a friend of ESR's or RMS's. Trying for his own elevation to 3 char alias fame...
I worked for a firm earlier where we had to change our passwords every week where the password had to 1) be exactly 14 characters and 2) be ~60% different to the previous four passwords.
Man, you had it easy. My current place uses iris scans for authentication. We have to swap out our eyeballs every 30 days, and our new eyes can't be the same colour as the last pair.
There is at least one other way to improve security...
e s/dilbert2813960050912.gif
http://www.comics.com/comics/dilbert/archive/imag