|
|
Posted by The Natural Philosopher on 10/22/07 00:49
Jerry Stuckle wrote:
> The Natural Philosopher wrote:
>> Jerry Stuckle wrote:
>>> The Natural Philosopher wrote:
>>>> Jerry Stuckle wrote:
>>>>
>>>>> Security is not about prevention, just like there is no way to
>>>>> prevent someone from breaking into your home. There is no such
>>>>> thing. What it is is about identifying undesired ways of accessing
>>>>> your files and limiting the effect of exposure. It's just like
>>>>> locking your valuables in a bank vault to limit your exposure if
>>>>> someone breaks into your house.
>>>>>
>>>> It may go no further than simply living quietly, so that no one
>>>> knows or cares where you live, and never looking like you have
>>>> anything worth stealing.
>>>>
>>>>
>>>
>>> Nope. Security by obscurity is no security at all.
>>>
>> Oh, indeed it is.
>>
>
> Not at all. It is false security.
>
It works.
Call it what you like, it works.
That's why passwords should not be on a dictionary search. Be obscure.
I have one that is the number of the first car I drove. Back in 1968.
Not used it recently, I am remember it tho. My mother, whose car it was
- can't. Dementia set in. I doubt anyone in the world knows that car
number except me.
At other times we used to simply look out of the window where we were
setting the machine up and make the password the first thing we saw.
Somewhere out there is red.bus, wet.street and nowt.at.all.
I always wanted to make the password 'there.isn't.one' ..just for
further confusion.
Someone asked us once 'How much does it cost to safeguard my data' and I
said 'as much in salary to your system administrator as anyone would
ever offer him for it'
That seemed to shake him somewhat...
Why is anyone going to bother with my systems, when there are a thousand
open wifi networks they can cruise on by ?
I use cash whenever possible, and the card goes in one of two or three
bank machines only. My wife does not know my PIN numbers. I do not know
hers. Technology? gives a false sense of security. Its humans that are
the weak point.
I don't write passwords down. I have a file that says things like
whereyoulive/Ford Escort.
Those aren't names and passwords. Those are hints to me as to what those
names and passwords are.
If that file gets stolen, its unlikely that anyone could work it out
inside of a few weeks - long enough to change them all.
I don't use paypal. Why make yourself a target?
Obscure, obfuscate, look drab and ordinary. James Bond doesn't drive an
Aston Martin in real life. He drives a 2 year old Ford Mondeo, stays at
the travelodge and buys his suits from a retail outfitters. He is dull
to the point of forgetability, and everything he does has a perfectly
ordinary explanation.
If you want to go furher, make sure there is an open telnet connection,
that gos to what seems to be a very ordinary server, and le th script
kiddes make a total mess of it whilst te real access is on a completely
differet port, and goes to the real machne with te state secrts on t.
Do you know the biggest and most public breah of computer security in te
last few months in teh UK?
The tax people downloaded the WHOLE of a banks customer details - the
ruddy lot - onto a laptop and left in in the back seat of a car...with
people like that, who needs firewalls?
Navigation:
[Reply to this message]
|