mailing list archives
CyberSec Tips: Follow the rules - and advice
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Thu, 5 Dec 2013 12:18:13 -0800
A followup to 1-2-3-4-5 (or 00000000):
A recent story (actually based on one from several years ago) has pointed out
that, for years, the launch codes for nuclear missiles were all set to 00000000.
(Not quite true: a safety lock was set that way.)
Besides the thrill value of the headline, there is an important point buried in the
story. Security policies, rules, and procedures are usually developed for a reason.
In this case, given the importance of nuclear weapons, there is a very real risk
from a disgruntled insider, or even simple error. The safety lock was added to the
system in order to reduce that risk. And immediately circumvented by people who
didn't think it necessary.
I used to get asked, a lot, for help with malware infestations, by friends and family.
I don't get asked much anymore. I've given them simple advice on how to reduce
the risk. Some have taken that advice, and don;t get hit. A large number of
others don't ask because they know I will ask if they've followed the advice, and
Security rules are usually developed for a reason, after a fair amount of thought.
This means you don't have to know about security, you just have to follow the
rules. You may not know the reason, but the rules are actually there to keep you
safe. It's a good idea to follow them.
(There is a second point to make here, addressed not to the general public but to
the professional security crowd. Put the thought in when you make the rules.
Don't make stupid rules just for the sake of rules. That encourages people to
break the stupid rules. And the necessity of breaking the stupid rules encourages
people to break all the rules ...)
Posted at http://blogs.securiteam.com/index.php/archives/2304
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
It doesn't matter if the cup is half full or half empty.
Whatever's inside it is evaporating either way.
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.
- CyberSec Tips: Follow the rules - and advice Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 05)