<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d6566853\x26blogName\x3d1%25+inspiration\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://patke.blogspot.com/search\x26blogLocale\x3den\x26v\x3d2\x26homepageUrl\x3dhttp://patke.blogspot.com/\x26vt\x3d2795022480681574377', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Tuesday, October 11, 2005

A convicted hacker debunks some myths: "A company can spend hundreds of thousands of dollars on firewalls, detection systems and encryption and other security technologies, but if an attacker can call one trusted person within the company, and that person complies, and if the attacker gets in, then all that money spent on technology is essentially wasted. It's essentially meaningless."

Interesting interview with Mitnick. I like this particular quite because I spend a lot of my time making systems secure. ...but secure from who? Businesses just don't understand how hacking actually works. Computer programmers with 6 figure jobs are not the ones you need to worry about. These guys might hack your system, but they are not going to do anything malicious. Here is a rule of thumb: if you would hire them and give them admin access (or just put them on the network) then there is no point trying to make the system secure from them. Besides, even if one of these "true" hackers does damage to your system you need to work out the cost of the damage vs. the cost of preventing the damage.

Script kiddies on the other hand - cause damage. Viruses cause damage. Giving your password away causes damage. Companies need to stop paying me to make systems secure in an attempt to fix what is really a people problem. Don't give your password out. Ever. To anybody. ...and don't open email attachments unless you know what they are already. These are the security problems that I am worried about - but there is nothing I can do to prevent these attacks. As long as stupid people have access to the network there will be major security holes.

Comments: Post a Comment