Security in 2017 (was "OK, the list *really* needs to be fixed")

Richard Gaskin ambassador at
Tue Jan 3 22:42:58 CET 2017

Bob Sneidar wrote:

 > And redundant backups are just one more vector to your data.

Indeed it is.  The old adage "physical access = root" still applies.

I have a friend I met through my local Linux user group who does 
security audits.  One of the most common sets of problems he finds isn't 
with firewall rules or password policies, but server room doors propped 
open and ancient easily-picked locks.  And more than a few C-suite 
secretaries with their boss' password on a Post-It note on their 
monitor, viewable by anyone who enters the reception area. No, really.

 > Really, security has to be balanced with usability. Absolute security
 > is to never write, type, speak  or otherwise store any information
 > you want to protect, or which might give clues to any information you
 > want to protect. This is of course absurd. We sacrifice some degree
 > of confidence for some degree of usability. I personally do not do
 > bit level encryption because of the reason stated below. It's too
 > easy to lose everything. But locking down you information as best you
 > can is always wise.

There is currently a spectrum with Usability on one end and Security at 
the other.  Changes favoring one tend to weaken the other.

I like to believe that the next frontier in UX is to make good security 
practices easy.

My favorite example is wifi routers.  They ship with a default password 
and login published in the manual, and more than 75% are never changed.

Some day we'll see a router vendor come up with a really nice solution 
to make updating the password on first-use super-easy.

And the first one to do it will get the lion's share of the market, 
because right now the rest are so cumbersome to set up that few bother.

  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  Ambassador at      

More information about the use-livecode mailing list