The Sky Isn't Falling in IT Security, as Some Might Suggest

Discussion in 'other security issues & news' started by ronjor, Sep 5, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Like I already said, it's not the tools that are the problem, it's the people using them.
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Like, for instance, the programmers who don't bother checking that their buffers are correctly sized, or that their pointers actually point to existing objects?

    I'm only half joking here, FWIW. If a software engineer considers most people to be fools, then (s)he had darn well better write foolproof software.
     
    Last edited: Sep 9, 2015
  4. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Naw, that's not true... people write the tools also. So, I don't believe its fair to just simply imply its a 'stupid user' problem. The real problem with IT security is that it is extremely asymmetric warfare. The defenders have to be 'right' 100% of the time, and the attacker has to be 'right' just once. So, yeah, it's kind of a depressing battle in many ways. Sure it gets a little better over time. But, on the other hand, with enough determination and motivation I bet almost every system is vulnerable.

    I'm not too impressed by the WhiteHat Security offer of a guarantee either (as mentioned at the end of the article). I'm sure they add value and do a good job, but the sentiment sort of sounds like a 'or your money back' type of sales pitch. A calculus is done of the value in additional sales from such statements versus the number of claims and the ultimate liability from making such an offer. To me it doesn't mean that no one will be hacked, just that it's worth it to them in additional sales of services to make the offer. Sort of like credit card fraud is an assumed cost factored into the interest rates credit providers set.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    My general impression is that almost all attacks that we read about, both on businesses and home users, can be stopped by current security tools. So that's what I meant. With the right tools, a bit of knowledge and a healthy dose of paranoia, it's relativity easy to keep systems clean. But tools are also not perfect, I can imagine that sometimes they are way too complex or too "aggressive" causing system admins to turn off certain features, or to configure them in a wrong way.
     
Loading...