LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security quotes of the week

[Posted February 16, 2011 by jake] 

From: Greg
To: Jussi
Subject: Re: need to ssh into rootkit
yes jussi thanks

did you reset the user greg or?

-------------------------------------

From: Jussi
To: Greg
Subject: Re: need to ssh into rootkit
nope. your account is named as hoglund
-- "Anonymous" does some social engineering (as reported by ars technica)

Security isn't just a tax on the honest; it's a very expensive tax on the honest. It's the most expensive tax we pay, regardless of the country we live in. If people were angels, just think of the savings!
-- Bruce Schneier

In my own private-sector security industry work, I observed a pattern: the higher the stakes, the worse the security. "Worse" usually means "more easily resolved with known techniques". I evaluated a wide range of applications and platforms, and almost invariably found that the most important systems — those managing life, health, and money — were poorly engineered. By contrast, small startups doing something interesting but not (yet) critical would sometimes have very well-engineered systems, with entire classes of vulnerability designed away, minimal feature creep, and solid development practices reducing the risk of accidental implementation flaws.
-- Chris Palmer in the EFF's Deeplinks blog
(Log in to post comments)

So true...

Posted Feb 17, 2011 5:44 UTC (Thu) by khim (subscriber, #9252) [Link]

In our company most departments have pretty good security, but there are two departments which
1. Use Windows and MS Office exclusively.
2. Worse: have no sensible way out.
3. Have between 5 and 10 trojans, viruses and other malware on any particular computer.
4. Reacquire them in hours on new systems no matter what kind of anti-virus protection is in place.

What are these departments? Accounting department and legal department, of course.

Security quotes of the week

Posted Feb 17, 2011 14:01 UTC (Thu) by ortalo (subscriber, #4654) [Link]

From ArsTechnica "Anonymous" article, I especially like the last conclusion sentence:
"The second lesson, however, is that the standard advice isn't good enough. Even recognized security experts who should know better won't follow it. What hope does that leave for the rest of us?"

Unfortunately, I agree and have been hopeless for a while now.

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds