The Six Dumbest Ideas in Computer Security

Marcus Ranum, the inventor of the proxy firewall, brilliantly condenses why many security efforts are doomed from the start: they fall prey to the The Six Dumbest Ideas in Computer Security :


This is a companion discussion topic for the original blog entry at: http://www.codinghorror.com/blog/2005/09/the-six-dumbest-ideas-in-computer-security.html

Agreed. Even then, the problem is that you need to trust something to gain utility from it, but a client is never a good thing to be trusting. Mitigate, mitigate, mitigate, mitigate.

Hacking is cool! I don’t agree with that statement but I also don’t agree with the reason.
“Maybe as hacking becomes more strongly associated with flat-out stealing” - Isn’t that a complete opposite of what hacking really is…what your referring to is “cracking”. Hacking is the fulfillment of a voyeristic need is some individuals…cracking is the necessitation of theft and jailtime in a pound-you-in-the-ass prison.

:slight_smile:

And Tristan, how did I miss your link to “The Ten Immutable Laws of Security”?

http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

In fact, hacking IS cool. It’s the hackers who push the systems they have access to that find the really detailed holes in security. If there were no hackers, pushing the limits of software, who would find out about exploits before they got exploited?