|
|
Posted by Jerry Stuckle on 10/22/07 01:57
The Natural Philosopher wrote:
> Jerry Stuckle wrote:
>> The Natural Philosopher wrote:
>>> Jerry Stuckle wrote:
>>>> The Natural Philosopher wrote:
>>>>> Jerry Stuckle wrote:
>>>>>
>>>>>> Security is not about prevention, just like there is no way to
>>>>>> prevent someone from breaking into your home. There is no such
>>>>>> thing. What it is is about identifying undesired ways of
>>>>>> accessing your files and limiting the effect of exposure. It's
>>>>>> just like locking your valuables in a bank vault to limit your
>>>>>> exposure if someone breaks into your house.
>>>>>>
>>>>> It may go no further than simply living quietly, so that no one
>>>>> knows or cares where you live, and never looking like you have
>>>>> anything worth stealing.
>>>>>
>>>>>
>>>>
>>>> Nope. Security by obscurity is no security at all.
>>>>
>>> Oh, indeed it is.
>>>
>>
>> Not at all. It is false security.
>>
> It works.
> Call it what you like, it works.
>
Keep thinking that. Right up until you get hacked.
> That's why passwords should not be on a dictionary search. Be obscure.
>
Which is completely different from trying to hide a system.
>
> I have one that is the number of the first car I drove. Back in 1968.
> Not used it recently, I am remember it tho. My mother, whose car it was
> - can't. Dementia set in. I doubt anyone in the world knows that car
> number except me.
>
So? Who cares? It has absolutely nothing to do with this discussion.
> At other times we used to simply look out of the window where we were
> setting the machine up and make the password the first thing we saw.
>
We're not talking about passwords here, dummy.
> Somewhere out there is red.bus, wet.street and nowt.at.all.
>
> I always wanted to make the password 'there.isn't.one' ..just for
> further confusion.
>
Again, completely unrelated to the topic at hand.
> Someone asked us once 'How much does it cost to safeguard my data' and I
> said 'as much in salary to your system administrator as anyone would
> ever offer him for it'
>
> That seemed to shake him somewhat...
>
> Why is anyone going to bother with my systems, when there are a thousand
> open wifi networks they can cruise on by ?
>
> I use cash whenever possible, and the card goes in one of two or three
> bank machines only. My wife does not know my PIN numbers. I do not know
> hers. Technology? gives a false sense of security. Its humans that are
> the weak point.
>
>
> I don't write passwords down. I have a file that says things like
> whereyoulive/Ford Escort.
>
> Those aren't names and passwords. Those are hints to me as to what those
> names and passwords are.
>
> If that file gets stolen, its unlikely that anyone could work it out
> inside of a few weeks - long enough to change them all.
>
> I don't use paypal. Why make yourself a target?
>
> Obscure, obfuscate, look drab and ordinary. James Bond doesn't drive an
> Aston Martin in real life. He drives a 2 year old Ford Mondeo, stays at
> the travelodge and buys his suits from a retail outfitters. He is dull
> to the point of forgetability, and everything he does has a perfectly
> ordinary explanation.
>
> If you want to go furher, make sure there is an open telnet connection,
> that gos to what seems to be a very ordinary server, and le th script
> kiddes make a total mess of it whilst te real access is on a completely
> differet port, and goes to the real machne with te state secrts on t.
>
> Do you know the biggest and most public breah of computer security in te
> last few months in teh UK?
>
> The tax people downloaded the WHOLE of a banks customer details - the
> ruddy lot - onto a laptop and left in in the back seat of a car...with
> people like that, who needs firewalls?
>
Blah, blah, blah.
Fine. But you're the only one who has brought up passwords. They are
not at all related to what we're discussing.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|