ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Excellent Editorial on IT Security Philosophy

(1/1)

J-Mac:
I just happened to find this article by Marcus Ranum, purely by accident as I was searching for another:

http://www.ranum.com/security/computer_security/editorials/dumb/

Not really earth-shattering or revolutionary -- just, well, the kind of common sense that we often forget we were born with.  (Or were we?!?!)

I thought I would share it here. If by some chance it happens to already be here somewhere and I just wasn't able to find it, sorry!

Jim

mouser:
Nice find -- most of these sound reasonable to me, and i like the focus on #1 bad idea being Default Permit, which kind of permeates the others.

I don't really get why #4 is on that list though.  In fact i think that #4, which deals with "hacking", should really be seen as "red teaming", which not only isn't a dumb idea, but an extraordinarily good idea.

Renegade:
I think he's right with #4. I'll certainly agree that "red teaming" is a good idea, but the thing with hacking being cool is that it just begs for abuse. That's the problem there. There's no good reason to try and break someone else's system unless you're supposed to do it and try and expose problems.

PLEEZ WIL U TEECH ME 2 B A 31337 H@X0R SO I CAN HAX IN2 HOTMAIL N STUF?

Lame... It's all in the attitude & purpose. The actions aren't important in 'hacking'. The motivations are everything. Like he says:

...hacking is a social problem. It's not a technology problem, at all.
--- End quote ---

Ralf Maximus:
So long as folks are clear on the distinction between White Hat Hackers and the Black Hats, I don't see a problem.  Educating the public has been iffy, but I *think* most informed adults recognize that hacking is often a positive, beneficial experience. 

If nothing else, hackers have replaced the stereotype of the crazy basement inventor in popular media.

Thus his rant on hackers and hacking is misplaced, IMHO.

J-Mac:
So long as folks are clear on the distinction between White Hat Hackers and the Black Hats, I don't see a problem.  Educating the public has been iffy, but I *think* most informed adults recognize that hacking is often a positive, beneficial experience. 

If nothing else, hackers have replaced the stereotype of the crazy basement inventor in popular media.

Thus his rant on hackers and hacking is misplaced, IMHO.
-Ralf Maximus (November 29, 2007, 12:46 AM)
--- End quote ---

Remember, though - the article was written a couple of years ago.

Jim

Navigation

[0] Message Index

Go to full version