Wednesday, November 16, 2005

A constant state of insecurity

Another link from schneier has:

As a security professional, my friend often attends security conferences and teaches security classes. She noted that the number of passwords she collected in these venues was higher on average than in non-security locations. The very people who are supposed to know more about security than anyone appeared to have a higher-than-normal level of remote access back to their companies, but weren’t using any type of password protection.


A Constant State of Insecurity

Good God.

On the other hand, I admit that I do use several levels of insecure passwords for free but insecure web based services. Any service that requires registration for free access will get one of my fake (I lied about everything, including what country I'm supposedly from [I don't know where Anguilla is, but it sounds pretty]) identities with my lowest level password (I don't mind giving it away to anyone, although I don't actually post it on a blog or anything either :-).

Maybe some of those people were doing something like that. On the other hand, well, if companies are exposing FTP or POP3 on the internet (or maybe even ssh with their users having the same ssh password as their POP3 password), well, this is depressing my donkey. I wonder if anyone learns anything at those security seminars. Maybe they're Windows security seminars and the lessons have to do with which buttons to click to turn the firewall on. A lesson that is instantly forgotten because the listeners are Windows security professionals.

No comments: