Browsing some of my favorite tech blogs, I came across an article from 2005 on The Six Dumbest Ideas in Computer Security by Marcus Ranum. This is the sort of IT discussion I like to see - advanced topics tackled in a way the modestly-informed reader can understand. In short, the article outlines the absurdness of:
- The Default Permit - “…the computer security equivalent of empty calories…”
- Enumerating Badness - “…around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness…”
- Penetrate and Patch - “…the problem with ‘Penetrate and Patch’ is not that it makes your code/implementation/system better by design, rather it merely makes it toughened by trial and error…”
- Hacking is Cool - “….I find it interesting to compare societal reactions to hackers as ‘whiz kids’ versus spammers as ’sleazy con artists’..”
- Educating Users - “…like ‘Penetrate and Patch’ if it was going to work, it would have worked by now. …”
- Action is Better Than Inaction - derides “…product-purchasing decisions by reading Gartner research reports and product glossies from vendors…”
Between the lines, Ranum is saying that computer system security should be addressed through predictive systems rather than permissive & reactive technology or training. What can average at-home users take from this? Realize your computers have vulnerabilities with people dedicated to exploit them. For tech professionals, it seems to be a much more urgent message: adapt the way you think about your world or face security as an endless, sisyphean task.
Technorati Tags: computer security, Marcus Ranum
3 Comments
Dear friend …
thank you for nice work
January 6th, 2008 at 1:22 am. Permalink.
Great find, thanks for the link, keep it up
January 11th, 2008 at 7:59 am. Permalink.
[...] Link [...]
January 16th, 2008 at 12:03 pm. Permalink.