Security: Running Faster than the Next Guy

It's not that we're paranoid, it's that we're not paranoid enough.

Rich Cook: "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning."

Things haven't changed much

I wrote a brief presentation in 1998. It sounds like I wrote it today. Just replace HFG with whomever is in vogue for web site defacement. Sites devoted to security used to be mostly amateur, or sidelines. Many of the professional sites out there still seem like amateurs. Consider the amount of fear, uncertainty, and doubt (FUD) that they try to plant, and the even smaller amount of content that they offer.

Broadband is replacing dialup in many areas, and ISDN is disappearing as an option, but the risks are still the same. People are still people.

Take heart. It's not hopeless.

I occasionally teach a Unix and Network Security class, and my first intent is always to frighten the class, but I also offer solutions. The most important thing to remember is that most sites are broken into not because the intruder had esoteric and difficult knowledge, but because the administrator of the site was lazy or overworked. If you don't read the CERT reports, if you don't follow BUGTRAQ, if you don't keep your operating system patched and up to snuff, you WILL be compromised (and probably already have been).

If you place the burden of network and system security on someone inexperienced, or overburdened, or don't give them the authority to go with the responsibility, you WILL be embarrassed, and you WILL lose valuable data.

Other offerings:

Last modified: Sat Oct 30 22:29:12 PDT 2004