Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 02, 2016, 10:46:34 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Excellent Editorial on IT Security Philosophy  (Read 3448 times)

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,913
    • View Profile
    • Donate to Member
Excellent Editorial on IT Security Philosophy
« on: November 28, 2007, 02:34:42 AM »
I just happened to find this article by Marcus Ranum, purely by accident as I was searching for another:

http://www.ranum.com/security/computer_security/editorials/dumb/

Not really earth-shattering or revolutionary -- just, well, the kind of common sense that we often forget we were born with.  (Or were we?!?!)

I thought I would share it here. If by some chance it happens to already be here somewhere and I just wasn't able to find it, sorry!

Jim

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,405
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Excellent Editorial on IT Security Philosophy
« Reply #1 on: November 28, 2007, 04:34:05 AM »
Nice find -- most of these sound reasonable to me, and i like the focus on #1 bad idea being Default Permit, which kind of permeates the others.

I don't really get why #4 is on that list though.  In fact i think that #4, which deals with "hacking", should really be seen as "red teaming", which not only isn't a dumb idea, but an extraordinarily good idea.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Excellent Editorial on IT Security Philosophy
« Reply #2 on: November 28, 2007, 04:17:10 PM »
I think he's right with #4. I'll certainly agree that "red teaming" is a good idea, but the thing with hacking being cool is that it just begs for abuse. That's the problem there. There's no good reason to try and break someone else's system unless you're supposed to do it and try and expose problems.

PLEEZ WIL U TEECH ME 2 B A 31337 H@X0R SO I CAN HAX IN2 HOTMAIL N STUF?

Lame... It's all in the attitude & purpose. The actions aren't important in 'hacking'. The motivations are everything. Like he says:

Quote
...hacking is a social problem. It's not a technology problem, at all.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Ralf Maximus

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 927
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Excellent Editorial on IT Security Philosophy
« Reply #3 on: November 29, 2007, 12:46:32 AM »
So long as folks are clear on the distinction between White Hat Hackers and the Black Hats, I don't see a problem.  Educating the public has been iffy, but I *think* most informed adults recognize that hacking is often a positive, beneficial experience. 

If nothing else, hackers have replaced the stereotype of the crazy basement inventor in popular media.

Thus his rant on hackers and hacking is misplaced, IMHO.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,913
    • View Profile
    • Donate to Member
Re: Excellent Editorial on IT Security Philosophy
« Reply #4 on: November 29, 2007, 10:43:12 AM »
So long as folks are clear on the distinction between White Hat Hackers and the Black Hats, I don't see a problem.  Educating the public has been iffy, but I *think* most informed adults recognize that hacking is often a positive, beneficial experience. 

If nothing else, hackers have replaced the stereotype of the crazy basement inventor in popular media.

Thus his rant on hackers and hacking is misplaced, IMHO.

Remember, though - the article was written a couple of years ago.

Jim