Archived

This topic is now archived and is closed to further replies.

Please be aware that the content of this thread may be outdated and no longer applicable.

Xenologist

Something's gone Horribly Wrong

Recommended Posts

Gurgel    1489
1 hour ago, Xenologist said:

What kind of monster would do this to @Brothgar's youtube account?

Not monster, just somebody that does not care about anything but themselves. You can find these people everywhere, including really high political offices.

The real problem is, that 30 years after the internet became available to the general population, security still sucks badly. In fact, things seem to get slowly worse.

Share this post


Link to post
Share on other sites
KittenIsAGeek    1459
On 2/7/2020 at 4:18 PM, Gurgel said:

The real problem is, that 30 years after the internet became available to the general population, security still sucks badly. In fact, things seem to get slowly worse.

Part of that is the fault of the community.  We want stuff and we want it fast.  We want it easy to access and we don't want to jump through hoops to get there.  To quote a Navy security friend of mine: "As a security technician, you'll have to straddle the line between 'protected' and 'usable.'  Unfortunately, 'usable' is defined by your clients and not you.  If you force them to change passwords twice a week, you'll get a lot of consecutive numbers or dictionary words as passwords.   If you force them to use symbols, numbers, and letters in each password, they'll start writing them down, defeating the purpose."

On top of that, we find it necessary to maintain 100% backwards compatibility, despite leaps in technology.   This week I had to re-enable Flash on sixteen computers I run support for... because apparently animated greeting cards are more important than internal network security.  I'm half tempted to put together a malicious Flash application just to show corporate why its not a good idea.  

OK, deep breath.  Innnnnn and oooooout.  Innnnn and ouuuuuut.  Anyway, the point is, if network security makes it harder for the user to do what they want to do, they're going to bypass it.  What's the point in putting a deadbolt on your front door if you're just going to leave the key in the lock all the time?  So programmers start skipping the deadbolt and hope nobody notices it isn't there.

Share this post


Link to post
Share on other sites
Yunru    1140
3 hours ago, KittenIsAGeek said:

quote a Navy security friend of mine: "As a security technician, you'll have to straddle the line between 'protected' and 'usable.'

When first learning about cyber security, I remember the lecturer said "the most secure system is a literal brick. Unfortunately, you also can't do much with a brick."

Share this post


Link to post
Share on other sites
Coolthulhu    1045
16 minutes ago, Yunru said:

When first learning about cyber security, I remember the lecturer said "the most secure system is a literal brick. Unfortunately, you also can't do much with a brick."

There's also the more general variant that goes like "When you sacrifice usability for security, you lose usability and security".

Share this post


Link to post
Share on other sites