The Six Dumbest Ideas in Computer Security

Full article:
http://www.ranum.com/security/computer_security/editorials/dumb/

Regards,

Pieter

 

Pieter_Arntz

I would like to thank you for bringing this, and his website to my attention. Some good stuff on there !

early adopter

A very informative and good read, presented in a humourous but at the same time serious fashion. I think the "early adopter" approach is food for thought. Not just for Apps etc, as i myself don't rush to install MS updates, but prefer to wait till the dust has settled. This has proved to pay dividends on several occasions, when errors have been found in the patches, And/Or they have broken something on the process.

To get credit for not doing anything?

Also his suggestions "To get credit for not doing anything?" makes perfect sense. It's a pity a lot of management types prefer to see (Results) for your paycheck, as some would just not totally appreciate or understand your (inactivity) in their eyes !

. . .

Goodbye and Good Luck

"I've tried to keep this light-hearted, but my message is serious. Computer security is a field that has fallen far too deeply in love with the whizzbang-of-the-week and has forsaken common sense. Your job, as a security practitioner, is to question - if not outright challenge - the conventional wisdom and the status quo. After all, if the conventional wisdom was working, the rate of systems being compromised would be going down, wouldn't it?"

My book "The myth of homeland security" has not sold very well!! Why don't you buy a copy?

http://www.ranum.com/

. . .



StevieO

 

Decent article with a lot of good points. However perhaps a few discrepancies in the arguements...

I understand the concept of why P&P is a bad idea, but on the one hand he's saying that if they designed programs properly they wouldn't need to P&P; and on the other hand he seems to be saying that OS's are too complex to design entirely securely.