Author Topic: Excellent Editorial on IT Security Philosophy (Read 5971 times)

J-Mac · « **on:** November 28, 2007, 02:34 AM »

I just happened to find this article by Marcus Ranum, purely by accident as I was searching for another:

http://www.ranum.com/security/computer_security/editorials/dumb/

Not really earth-shattering or revolutionary -- just, well, the kind of common sense that we often forget we were born with. (Or were we?!?!)

I thought I would share it here. If by some chance it happens to already be here somewhere and I just wasn't able to find it, sorry!

Jim

mouser · « **Reply #1 on:** November 28, 2007, 04:34 AM »

Nice find -- most of these sound reasonable to me, and i like the focus on #1 bad idea being Default Permit, which kind of permeates the others.

I don't really get why #4 is on that list though. In fact i think that #4, which deals with "hacking", should really be seen as "red teaming", which not only isn't a dumb idea, but an extraordinarily good idea.

Renegade · « **Reply #2 on:** November 28, 2007, 04:17 PM »

I think he's right with #4. I'll certainly agree that "red teaming" is a good idea, but the thing with hacking being cool is that it just begs for abuse. That's the problem there. There's no good reason to try and break someone else's system unless you're supposed to do it and try and expose problems.

PLEEZ WIL U TEECH ME 2 B A 31337 H@X0R SO I CAN HAX IN2 HOTMAIL N STUF?

Lame... It's all in the attitude & purpose. The actions aren't important in 'hacking'. The motivations are everything. Like he says:

...hacking is a social problem. It's not a technology problem, at all.

Ralf Maximus · « **Reply #3 on:** November 29, 2007, 12:46 AM »

So long as folks are clear on the distinction between White Hat Hackers and the Black Hats, I don't see a problem. Educating the public has been iffy, but I *think* most informed adults recognize that hacking is often a positive, beneficial experience.

If nothing else, hackers have replaced the stereotype of the crazy basement inventor in popular media.

Thus his rant on hackers and hacking is misplaced, IMHO.

J-Mac · « **Reply #4 on:** November 29, 2007, 10:43 AM »

So long as folks are clear on the distinction between White Hat Hackers and the Black Hats, I don't see a problem. Educating the public has been iffy, but I *think* most informed adults recognize that hacking is often a positive, beneficial experience.

If nothing else, hackers have replaced the stereotype of the crazy basement inventor in popular media.

Thus his rant on hackers and hacking is misplaced, IMHO.
-Ralf Maximus (November 29, 2007, 12:46 AM)

Remember, though - the article was written a couple of years ago.

Jim

Author Topic: Excellent Editorial on IT Security Philosophy (Read 5971 times)

J-Mac

Excellent Editorial on IT Security Philosophy

mouser

Re: Excellent Editorial on IT Security Philosophy

Renegade

Re: Excellent Editorial on IT Security Philosophy

Ralf Maximus

Re: Excellent Editorial on IT Security Philosophy

J-Mac

Re: Excellent Editorial on IT Security Philosophy