[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, April 25, 2024

Dumbest Ideas in Computer Security

Author: Mark Dixon
Wednesday, September 14, 2005
2:38 am

good friend Brent Jensen alerted me to a humorous, but thought provoking article
by Marcus Ranum entitled "The
Six Dumbest Ideas in Compute Security

Marcus proposes: "These dumb ideas are the fundamental reason(s) why all
that money you spend on information security is going to be wasted, unless you
somehow manage to avoid them."

May I offer a sound bite from each of the Dumb Ideas to entice you to read
the whole article:

1. Default Permit. "Systems based on ‘Default Permit’
are the computer security equivalent of empty calories: tasty, yet fattening."

2. Enumerating Badness. "It’s a dumb idea because sometime
around 1992 the amount of Badness in the Internet began to vastly outweigh the
amount of Goodness."

3. Penetrate and Batch. "The primary dumb idea behind
the current fad (which has been going on for about 10 years) of vulnerability
disclosure and patch updates."

4. Hacking is Cool. "The Internet has given a whole new
form of elbow-room to the badly socialized borderline personality."

5. Educating Users. "The Anna Kournikova worm showed
us that nearly 1/2 of humanity will click on anything purporting to contain
nude pictures of semi-famous females."

6. Action is Better than Inaction. "It really is easier
to not do something dumb than it is to do something smart."



Comments Off on Dumbest Ideas in Computer Security . Permalink . Trackback URL

Comments are closed.

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.