|Professional Services||Second Signal||Presentations||Andrew's Blog||Support|
I do a lot of security review work, I write a lot of software in a lot of different languages. I sit in meetings with I.T. executives arguing about security issues. Do you know how many people make the same mistakes? Nearly all of them.
When I do penetration testing for a major company, about 90% of the time I end up with a whole category of findings that comes down to "big new lock on a rusty old chain." Essentially, it comes down to the idea that you should never ever halfway lock something. You're setting a challenge to a would be transgressor but you're not doing the full job of making sure you lock up the goods. Its a bit like leaving a tray of fresh pastries out in an empty conference room next to the I.T. help desk. You're just begging for some smart ass to come along steal all the pastries -- even if he doesn't like them.
I don't know which -- if any -- of my submitted topics will get picked up by Rocky for Lotusphere 2009; but I sure hope one of the security ones gets in. I have a new story to put in this year. Those of you who'll be at Rudi's conference a week from Monday may get the first chance to hear it. I think you'll laugh.
P.S. -- Yeah, the political signs in the yard are funny too. They make you look at your neighbors and think "Are they really that stupid?" No matter which side you're on, everyone on the other side is clearly an idiot. You can't help thinking it. That means putting one of those signs up is telling half your neighbors that you're an idiot. Is it worth it? Do the signs really convince anyone of anything?
Please wait while your document is saved.