Comments on: How to Be a Security Idiot http://www.tssci-security.com/archives/2007/05/02/how-to-be-a-security-idiot/ top secret/secure computing information Tue, 14 Oct 2008 10:49:51 +0000 http://wordpress.org/?v=2.2.3 By: a random reader http://www.tssci-security.com/archives/2007/05/02/how-to-be-a-security-idiot/#comment-1390 a random reader Sat, 28 Jul 2007 09:40:23 +0000 http://www.tssci-security.com/archives/2007/05/02/how-to-be-a-security-idiot/#comment-1390 Nice slides and all, people need education and all, but maybe the title should read: "How to Be a Windows Security Idiot" or "How to be an Idiot with the Operating System Designed for Idiots" or something. Nice slides and all, people need education and all, but maybe the title should read: “How to Be a Windows Security Idiot” or “How to be an Idiot with the Operating System Designed for Idiots” or something.

]]> By: dannyl http://www.tssci-security.com/archives/2007/05/02/how-to-be-a-security-idiot/#comment-510 dannyl Fri, 04 May 2007 13:28:28 +0000 http://www.tssci-security.com/archives/2007/05/02/how-to-be-a-security-idiot/#comment-510 Here is my humble contribution to stupid security practices - but with a slant for the "Corporate IT guys" 1. Leave Default permissions on all systems 2. Outsource your process of knowing what's good. Instead of taking the time to list the 30 or so legitimate things you need to do, pay $29.95/year to someone else who has a checklist and will scan your web site once/week 3. Penetrate and patch - Let me put it to you in different terms: if "Penetrate and Patch" was effective, we would have run out of security bugs in Internet Explorer by now. 4. Hacking is cool - (No Virginia - good engineering is better) 5. Educating users on IT security is good. No....a little knowledge can be dangerous - I would say some simple guidelines like "Always delete mail from people or subjects you don't know" is probably the most effective security training you can do 6. Action is Better Than Inaction - YOH - let's clean up all those old log directories with a rm -rf /var Danny Here is my humble contribution to stupid security practices - but with a slant for the “Corporate IT guys”

1. Leave Default permissions on all systems
2. Outsource your process of knowing what’s good. Instead of taking the time to list the 30 or so legitimate things you need to do, pay $29.95/year to someone else who has a checklist and will scan your web site once/week
3. Penetrate and patch - Let me put it to you in different terms: if “Penetrate and Patch” was effective, we would have run out of security bugs in Internet Explorer by now.
4. Hacking is cool - (No Virginia - good engineering is better)
5. Educating users on IT security is good. No….a little knowledge can be dangerous - I would say some simple guidelines like “Always delete mail from people or subjects you don’t know” is probably the most effective security training you can do

6. Action is Better Than Inaction - YOH - let’s clean up all those old log directories with a rm -rf /var

Danny

]]> By: ezgranny420 http://www.tssci-security.com/archives/2007/05/02/how-to-be-a-security-idiot/#comment-503 ezgranny420 Thu, 03 May 2007 17:04:14 +0000 http://www.tssci-security.com/archives/2007/05/02/how-to-be-a-security-idiot/#comment-503 HAHAHAHA, brilliant additions! HAHAHAHA, brilliant additions!

]]>