Six Dumbest Computer Security Ideas
Actually, to anyone in the business, these should be pretty obvious.
Of course, I about read this article on Slashdot, but the Six Dumbest Computer Security Ideas is still worth checking out. I say “still” because getting computer security advice from Slashdot is like getting advice about home alarm systems in the waiting room at a prison. The “real” crooks are somewhere else, but everyone claims they “know someone” and, therefore, have insight. Still, the article is pretty good.
I’m not sure that I agree with point five “Educating Users”. I still that that’s a good idea, but I sure wouldn’t rely on it, mainly because so many users don’t want to be educated about computer security. And, I have to admit feeling a little conflicted about some of the issues raised in point four “Hacking is cool”. Sure, I don’t think we should glamorize hacking so much, but how else am I going to know that my security works if I don’t do penetration testing on it? It’s like a backup, as far as I’m concerned. Until I’ve restored data (ie. test my backup scheme), I don’t know that it’s working. Same thing for my security scheme. Of course, spending a lot of time perfecting those penetration skills probably isn’t the best idea, either.
Anyway, it’s a good article and worth the read if you do any of this at all in your job. Pay close attention to the “Minor Dumbs” at the end, too.
Advice from your Uncle Jim:
"If we only wanted to be happy, it would be easy; but we want to be happier than other people, which is almost always difficult, since we think them happier than they are."
--Montesquieu