Jon rites:
> I've seen several cases of this; netpower.com was broken via an
>unpassworded PPP account; a major local corporation (in Tampa) was
>cracked and root obtained even though they had a firewall - they had an
>easily guessed account/pw pair and unpatched bugs. The point I keep
>trying to get across to people is that a firewall is _NOT_ a magic fix.
The fact is that most corporations have no intrest in anything that they
cannot be fed as pablum and entered as a line item in the company budget -
there is no place in there for a dynamic and evolving situation such as
computer security.
This was not always so, but is a natural outgrowth of the cycle that started
in the early seventies when CEOs began being bean-counters instead of
involved with whatever the company's product was.
That the cycle began reversing itself about four years ago has just made
them even more fearful of anything not well understood. IMHO this is part
of the dislocation created as we transform from a manufacturing society to
an information=driven one.
> Stupidity just seems to be rampant.
Ignorance is curable but first leaders are going to have to learn how to deal
with the dynamics of the situation and enough people are going to have to
learn how to tell outdated thinking from anticapatory planning. In the
incident mentioned, the time to find out if the consultant was aware of AIX
vulnerabilities was *before* the contract was let.
Coming from an educational institution makes it hilarious to me since at one
time I was refused admittance into a graduate studies program in Computer
Science by a major university because I "lacked prerequisites". The fact that
at the time I was designing flight control computers for air superiority
aircraft did not count, knowlege of JCL could not be documented - offered
to demonstrate skill with either 360 or 370 but that was not acceptable as
it wasn't on my transcript.
The simple fact is that those in authrity lack the knowlege to make an
intelligent decision at a time when they are fearful to admit this lack
(or worse, often do not even realize that they are deficient). So decisions
are made from ignorance and there are quite enough wolves circling whose
main interest is in prey rather than protection. Is a cultural thing.
Warmly,
Padgett
|
|
