[Dailydave] Semi-anonymized moderation.
Stephen John Smoogen
smooge at gmail.com
Mon Jan 28 18:13:35 EST 2008
On Jan 28, 2008 1:30 PM, Mark Loveless <mloveless at autonomic-networks.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> > On Mon, Jan 28, 2008 at 09:39:17AM -0500, Someone other than
> > Dave Aitel wrote:
> > > Every time I hear the argument that some level of security,
> > even lame
> > > security, is better than NO security, I think about my Zappa
> > > paraphrasing. In my opinion, lame security is WORSE than no
> > security,
> > > simply because most of the people involved (think CxO/pointy-haired
> > > boss
> > > types) live with a sense that they are being protected,
> > when in fact
> > > they are not. The ones with no protection are not living a
> > lie -- they
> > > are at least AWARE they really have no security.
> >
> > Really? I know this has been said before. Horse, baseball
> > bat, applying.
> >
> > Your house still has doors with locks, yet your windows are
> > still trivial to break, bypassing the locks. Go ahead,
> > remove the locks on the doors because obviously, you are
> > better off without it.
> >
> > Oh, no windows? Got siding & drywall house, like most of America?
> > I can cut a new enterance in most houses in minutes, thanks
> > to my trusty sawzall.
> >
> > I know, lets live in brick hosues and hire armed guards to
> > not allow enterance and exit of those that someone deams
> > should not be allwowed in or out.
> >
> > Have fun living in a jail.
> >
> > Me, I'll live with my minor increases in security, as I
> > improve where I can, what I can.
>
> I actually agree with you 100% on houses. However I was referring to
> computers... ;-)
>
> Here is the main reason the house argument doesn't work. I cannot postal
> mail you a letter or a package that creates a hidden backdoor into your
> house that only I have the key to. Sure maybe if I mailed you a bomb, I
> could create a crude opening in your house, but it would hardly be
> secret or hidden.
>
Actually I would use this analogy as extension. You know that the
housekeeper has a vulnerability and you mail her a set of photos of
her with the Labrador to get yourself into the house. In this case,
the owner could be backdoored by his help, but because this
possibility exists does not mean you remove the locks on your door.
You just have to make a risk analysis of how much background checking
you need to do on the people who have access to the house.
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the Dailydave
mailing list