Google's Offspring: Taking Baby Steps >>
<< The Other Tech Bubble: Tech Mutual Funds
 tdicon 


Studies

by Mike Masnick

Wed, Mar 19th 2003 2:33am





Human Error Is Greatest Security Risk

from the no-surprise-there dept

For all the talk about "trustworthy computing" and how buggy software is a big "cybersecurity" risk, it turns out (and, no, this shouldn't surprise you), that the biggest security risk remains human error - and not security holes in software. People simply configure things wrong and leave security wide open all the time. While there's nothing wrong with promoting better software, it might be more productive to better train IT workers in properly securing systems.

4 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    Astonishing

    identicon
    imrdkl, Mar 19th, 2003 @ 2:49am

    A company which certifies IT workers says that not enough IT workers are certified.

    reply to this | link to this | view in thread ]

  2.  

    hmmmm, then why is it that..

    identicon
    Talislantian, Mar 19th, 2003 @ 8:09am

    I make, many, many less mistakes than all my certified friends... go figure... heh

    Sounds like someone wants more money. In an economy that's hurting and lacking job I can see where certifying agents would be "alarmed", their life's bread is dwindling.

    reply to this | link to this | view in thread ]

  3.  

    Re: Astonishing

    icon
    Mike (profile), Mar 19th, 2003 @ 8:11am

    A company which certifies IT workers says that not enough IT workers are certified.

    Excellent point. I should have noticed that...

    reply to this | link to this | view in thread ]

  4.  

    Bull!?!

    identicon
    LittleW0lf, Mar 19th, 2003 @ 11:14am

    I'd agree if they were including stupid mistakes by programmers, but there is no way that a stupid mistake by administrators can cause more trouble than stupid mistakes by programmers. No way, I don't believe it, and a survey run by a certifier against those who went through their certification program isn't going to make me believe it any more than if Microsoft said that stupid mistakes by Unix administrators caused more problems than stupid mistakes by Windows administrators.

    Yes, stupid mistakes by administrators setting up computers do happen, and sometimes they mess the machine up enough that an attacker can access their system... I've been on many an assessment where we busted root in a server because the administrator did the wrong thing, and many a DefCon CTF where the same occurred, but to find these vulnerabilities takes an attacker of far more caliber than your normal script kiddies who pound Unix boxes with Windows exploits.

    And besides, education trumps these types of errors, but looking at Microsoft for experience, very little is accomplished when you try to teach programmers to do the right thing, but don't have any real code review process in place. I'd take computers with OpenBSD on them, administered by clueless newbies over Windows boxen administered by the best of the best any day.

    Then again, I have the best of the best running OpenBSD....

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Google's Offspring: Taking Baby Steps >>
<< The Other Tech Bubble: Tech Mutual Funds
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This