Dumbest ideas in security

General Topics
1

Hi security aware forum members,

Read here about the 6 dumbest ideas in security, and try to avoid them; find the link on this site.
http://www.ranum.com/security/computer_security/index.html

polonus

2

I just spent more than an hour reading that site. The ideas there make too much sense for the industry to ever grasp the concepts! ::slight_smile:

I do not know how you found that, polonus … but thanks! :smiley:

3

Hi CharleyO,

Yep, that is why I put it out here for us. It is a pity the avarage user and industry that serves them cannot seem to grasp the ideas presented here. There is a majority out there that follow like sheep security wise, they do what everybody else does,and they never even have a point of view of their own or reconsider their attitudes.
We have not yet given up on them, Charley, the community here is trying to educate the masses, but I fear there is a bunch of people out there that is beyond help. It would be a gigantic leap forward if all of the “clickers” would go as fat as installing a FW and AV.
If they started updating and patching the software on their boxes, there would be meagre days for the malcreants, but I think my dear friend, these days may seem quite a bit in the future yet. At least you gained the right attitude, we were brought up that way.

your co-malware fighter,

polonus

4

Yeah, I just do not understand why so many do not want to install a good free firewall and great free anti-virus. (Avast, of course! ;)) I am affraid you are right about “these days may seem quite a bit in the future yet.”

Pah! I’ve never been one to follow the flock as sheep do. But, as you said, we were brought up that way. ;D

OOPS … I did not mean ill against our “SuperSheep” friend! :wink:

5

Hi CharleyO,

But you also know where this particular “as default mania” stemmed from. Yes from the ways the first firewalls were configurated, start with as default allow all, while to-day most start with deny all, and then configure the exclusions you need. The one security man blindly followed the other 'ad absurdis". As default there should be full functionability on a box, but it should not be wide open as default, and one should install only those functionality e.q. services that are needed, and only when needed.

polonus

6

Yes, I agree 100% … only what is needed & nothing out unless I say so! :slight_smile:

7

Hi CharleyO,

Just a few comments on the article. The part about the firewall is absolute truth. The thing in #2 about the software somewhat, but sorta unmaintainable, #3 reading Mitnick and “Hacking Exposed”, Hackers Guide, and HackWars 1 and 2"can really help a security man, pentests are still necessary. The minor thoughts at the end are the best.
Educating end-users is the best policy. Give out password = bad should be give out password = fired. People are dumb and believe all the "magic computer box"tells them, which is why phishing works so many times. The Ënumerating Badness
http://flavor8.com/index.php/2005/12/21/enumerating-badness-as-a-wrongheaded-approach-to-security/
" and this here: http://www.securitybuzz.org/buzz/emails/id/333093/
point is a good one, if you know sh** about computers, else you’d only generate a lot of dumb questions. But just to rethink what people do security-wise is a good thing to start with,

polonus