Thursday, February 28, 2008

Two Good Posts Over on Rational Survivability

Chris Hoff did two good posts over on Rational Survivability.

1: News Flash: If You Don't Follow Suggested Security Hardening Guidelines, Bad Things Can Happen...

Not so interetested in the VM stuff, but the idea that the press sensationalizes security talks, like a GSM cracker for $1000.oo, technically correct but not quite right... is right on.


how most of these exploits require that the sun be lined up right, the checkbox that is not checked by default is checked (or unchecked), and the user clicks on the links on Wednesdays between 2:00-3:15pm.

2: McGovern's "Ten Mistakes That CIOs Consistently Make That Weaken Enterprise Security"

Post on leadership mistakes that seem to happen all over, his own list is pretty good too. I posted a comment on what we can do about his #4:

Awareness initiatives are good for sexual harassment and copier training, not security

I did a blog post about that earlier, if users are broke then we need to start incorporating SE and owning users in our pentests as well as teaching kids about the dangers of the net and how to not be so gullible. We also need to make security training more than the "ok everyone time for annual security training...just click through the slides and print out your certificate..."

It really all boils down to you never get a free lunch. if you can instill and internalize that, you'll never get taken for one of those stupid scams. Of course if i find the girl that outed me on my "member" size its gonna be fight time.


Anonymous said...

I hope when you find that "guy" who outed you on your member size that it turns out to be a "girl" who outed you on your member size. :D

CG said...

oops, not that there is anything wrong with that...just not my edited ;-)