Security in 2017 (was "OK, the list *really* needs to be fixed")
Richard Gaskin
ambassador at fourthworld.com
Tue Jan 3 16:42:58 EST 2017
Bob Sneidar wrote:
> And redundant backups are just one more vector to your data.
Indeed it is. The old adage "physical access = root" still applies.
I have a friend I met through my local Linux user group who does
security audits. One of the most common sets of problems he finds isn't
with firewall rules or password policies, but server room doors propped
open and ancient easily-picked locks. And more than a few C-suite
secretaries with their boss' password on a Post-It note on their
monitor, viewable by anyone who enters the reception area. No, really.
> Really, security has to be balanced with usability. Absolute security
> is to never write, type, speak or otherwise store any information
> you want to protect, or which might give clues to any information you
> want to protect. This is of course absurd. We sacrifice some degree
> of confidence for some degree of usability. I personally do not do
> bit level encryption because of the reason stated below. It's too
> easy to lose everything. But locking down you information as best you
> can is always wise.
There is currently a spectrum with Usability on one end and Security at
the other. Changes favoring one tend to weaken the other.
I like to believe that the next frontier in UX is to make good security
practices easy.
My favorite example is wifi routers. They ship with a default password
and login published in the manual, and more than 75% are never changed.
Some day we'll see a router vendor come up with a really nice solution
to make updating the password on first-use super-easy.
And the first one to do it will get the lion's share of the market,
because right now the rest are so cumbersome to set up that few bother.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the use-livecode
mailing list