Antivirus Inventor Says Security Pros Are Wasting Time 282
talkinsecurity writes "Earlier this week Peter Tippett, chief scientist at the ICSA and the inventor of the progam that became Norton Antivirus, had some interesting things to say about the state of the security industry. In a nutshell, Tippett warned that about a third of the work that security departments do today is a waste of time. Tippett goes on to systematically blow holes in a lot of security's current best practices, including vulnerability research/patching, strong passwords, and the product evaluation process. 'If a hacker breaks into the password files of a corporation with 10,000 machines, he only needs to guess one password to penetrate the network, Tippett notes. "In that case, the long passwords might mean that he can only crack 2,000 of the passwords instead of 5,000," he said. "But what did you really gain by implementing them? He only needed one."' Some of his arguments are definitely debatable, but there is a lot of truth to what he's saying as well."
Double Eentendres (Score:5, Funny)
my root password is (Score:3, Funny)
Re:What did I gain? (Score:3, Funny)
Um, I must have misunderstood you.. just thought, you want to say, that the IE is a secure browser..
Re:PBKAC (Score:2, Funny)
Re:Car Analogies (Score:5, Funny)
Or to put it another way, if car analogies were like cars on a highway...
Lost all credibility at... (Score:2, Funny)
I'd be more prone to listen to security practices from the guy who...say...invented cheese string...
Re:chicken egg? (Score:5, Funny)
From my password file:
That "x" after the first colon indicates that the password is stored elsewhere --- in /etc/shadow, which is not world-readable:
So what does the corresponding entry in the shadow file look like?
Re:PBKAC (Score:5, Funny)
Boss: Great! How'd you pull it off?
DBA: Well, we replaced all queries with 'Select * from tblQuery' which only has 1 row and 1 Column. Then stopped letting people call the queries!
Boss: You're fired...
Re:What did I gain? (Score:5, Funny)
Crap. I'd better go and change my password.
Re:PBKAC (Score:2, Funny)
Atheist, eh?
Re:PBKAC (Score:5, Funny)
Re:Actually (Score:5, Funny)
Except that one, of course. ...whoa
Re:PBKAC (Score:3, Funny)
Re:PBKAC (Score:3, Funny)
Re:PBKAC (Score:2, Funny)
Re:PBKAC (Score:2, Funny)