permanent download (Free Archive id): 0d40ff76a94e3c897e3c47e4daf54d806c29898bff8aced4247f5da49f817230

mime/type: text/html

source: http://www.ranum.com/security/computer_security/editorials/dumb/

description: The Six Dumbest Ideas in Computer Security "If you're a security practitioner, teaching yourself how to hack is also part of the "Hacking is Cool" dumb idea. Think about it for a couple of minutes: teaching yourself a bunch of exploits and how to use them means you're investing your time in learning a bunch of tools and techniques that are going to go stale as soon as everyone has patched that particular hole. It means you've made part of your professional skill-set dependent on "Penetrate and Patch" and you're going to have to be part of the arms-race if you want that skill-set to remain relevant and up-to-date. Wouldn't it be more sensible to learn how to design security systems that are hack-proof than to learn how to identify security systems that are dumb?" From my past experience in infosec, I tend to say that mjr is right. But I'll add that you just need to "think like an attacker" to build secure system....

tags: infosec security computing ranum computer_science fa:archive

initially imported by adulau on Fri, 12 Dec 2008 23:04:00 +0000