[Shacs] The Six Dumbest Ideas in Computer Security
Pilling, Andrew Alexander
STDAAP17 at shsu.edu
Mon Jul 10 14:53:18 CDT 2006
A friend of mine shared a printed copy of this with me a while back and
I didn't think to share it with any of the new SHACS people that might
not have had the chance to read this yet. Here's the URL I found on the
print: http://www.ranum.com/security/computer_security/editorials/dumb/
On a side note I personally don't agree 100% with the dumbest idea #5. I
believe educating users is good but that it should be automated as much
as possible. I think he makes a good point about it all the same as too
much effort could easily be spent in educating your users. You need to
do at least a Burris-Level(D) C/B analysis to make that call.
-Drix
More information about the Shacs
mailing list