Hello,
Herein lays the issue. If ones security systems is only 95% effective...
One has 1,000,000 customers then it is expected that 50,000 of these
customers will have there data exposed. As a customer this is NOT
acceptable.
I prefer to deal with only companies that protect, and have a good record
with consumer data. If your local Telco can offer 99.995% uptime why
shouldn't security.
Regards,
--
Jason Muskat | GCUX - de VE3TSJ
____________________________
TechDude
e. Jason@TechDude.Ca
m. 416 .414 .9934
http://TechDude.Ca/
From: Stephen John Smoogen <smooge@gmail.com>
Date: Wed, 17 May 2006 17:07:18 -0600
Cc: <security-basics@securityfocus.com>
Subject: Re: Article: "Security Absurdity: The Complete, Unquestionable, And
Total Failure of Information Security."
On 5/16/06, Jason Muskat <Jason@techdude.ca> wrote:
Hello,
Security has to be correct 100% of the time. One omission can lead to an
exposure. Count yourself lucky that your vulnerabilities haven't been
exposed (that you know of -- Think Ohio State's exposure
<http://www.ohio.edu/datatheft/alumni/index.cfm>). Many organizations cover
up (do not report to governmental authorizes) every exposure that occurs.
This is the norm.
The only 100% correct all the time system is the one that has been
turned off and buried in a Nickel lined concrete bunker 100 feet from
anything. You are going to be lucky if you see 95% of the time over
say a year that you are not going to see some sort of breach somewhere
on any large system. That doesnt mean you do not try to protect to
your best ability, but you also need to make sure that you are
prepared for what happens when the breach occurs. And that means
beyond "Cover our butt and point our fingers at xyz user, contractor,
etc as the source of the problem"
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
