Security

General discussion

Locked

The Six Dumbest Ideas in Computer Security

By jdclyde ·
This came in a security newsletter I recieve. I read it and some of the ideas I thought were pretty obvious to me, yet some others made me have to think about them for a while as they are counter the conventional "wisdome" about computer security.

"Marcus Ranum released any interesting editorial entitled "The Six Dumbest Ideas in Computer Security." He gives his views on common security misconceptions that seem to be perpetuated throughout corporate IT environments. You can read this and other editorials at:
http://www.ranum.com/security/computer_security/editorials/dumb/"

After reading this, what is your take? Are we just chasing our tails so vendors can continue to make a profit?

Is this approach something that you use, or could use?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

true to an extent

by apotheon In reply to not a c book

Ongoing coding is exclusively in C++, but there is still C code in the kernel. I guess that makes your statement true, if you mean "is coded" as in "ongoing work" rather than "all included code".

Of course, mandating that everything be C++ might be part of the security issue.

Collapse -

Well I was pretty sure there was

by Tony Hopkinson In reply to not a c book

still a lot of C code in it, there again as C++ is a superset of C we could both be right.
Both languages are extremely powerful, but power is a two edged sword.
Have you had the misfortune to use Delphi 2005, they rewrote the IDE in C++ for some reason best known to themselves and a complete wanker. It is seriously flaky. I've spent as much time dealing with it's issues as I have with those in the code I'm working on.
It has C++'s endemic problem, all your pointer management problems surface at run time.
Long live Pascal.

Collapse -

when I

by Jaqui In reply to Well I was pretty sure th ...

read the system requirements and checked the screenshots etc for delphi 2005 I wasn't impressed.

it has always been a windows only app.
borland stopped maintaining kylix.
( version 3 is latest and requires the 2.4 kernel, it won't install on 2.6 kernel systems )

only the kernel itself has c code in it.
the gui, all included apps are all written in c++

was reading the requirements for gnu branded apps today.
c code. ansi or posix or k&r only.
( preferably k&r )
all requirements must be standard, or else integral ( widget sets )
must be hardware agnostic. ( cross platform at core, as well as os level )
no references to proprietary apps / tech in documents, other than inspired by foo.
they must be given copyright ( for longevity if app is popular )
they require legal release by any contributor for use of code.
( submit a patch for a bug, and you have to submit legal release before they will concider using it )

Collapse -

I've always liked Borland products

by Tony Hopkinson In reply to when I

I'm a big fan of Delphi, but I would recommend this one to our competitors. They've stopped doing all fixes it to it (you can try unofficial patches off the devlopment team blogs). It's a damn mess. The ideas were good though by definition very heavy in resources but the execution is pathetic. I think they were forced to release it, buggy as it was, because of how abysmal Delphi 8 was.

Given the choice I'd have reverted back to Delphi 7, but the guys I'm working for went from Delphi 5 Pro to 2005 Enterprise. (Windows is mandatory)

In order to help you develop it maintains an abundance of lists and trees about your program, it however quite obviously loses control of them as you edit, leaving you with the wrong information, just crash and close, or with numerous access violations, In the latter case if you're lucky it will let you save and then a close and open will tidy up enough to continue. I'd estimate at least two weeks lost time in 5 months just down to how poor it is.

Collapse -

Same here,

by Jaqui In reply to I've always liked Borland ...

Borland was one of the first companies to actively adopt and participate in the standards.
almost every product they have meets the iso standards that are appropriate for it.


but, why on earth would they go 100% .net with delphi?
you can't install it without latest .net patches.
you can't code anything unless it's .net

a complete and utter waste of time.

Collapse -

Well I'm still devloping in Win32 Delphi

by Tony Hopkinson In reply to I've always liked Borland ...

and given any sort of choice will continue to do so.
I can understand providing .net, they've done their version of C++ for a while and C# even seems a reasonable commercial venture. Why they re-wrote the IDE in C++ , I haven't a clue, my suspicion is someone in charge had a lobotomy. Equally the decision to maintain all the development environments through one IDE, shows a total lack of brains, that was the decision of a complete moron. We have foind a few twiidles here and there but the damn thing takes nearly two minutes to load, I took the lid off my PC to make sure someone hadn't took the memory out of it.
On top of that been doing a little work at home and just lost the last forty minutes work in patches over eight code files. So now I'm chatting away and partaking of a malt or three. **** work.

Collapse -

ouch

by Jaqui In reply to I've always liked Borland ...

you lost work because of the danged thing?

send 'em a bill for faulty app.

Collapse -

You are not alone,,

by stevef199 In reply to I've always liked Borland ...

..and the solution that worked for many with your problem is to simply get a really fast machine with plenty of RAM (1 or 2 GB) for development. Also, ensure that the you are working on a 'clean' machine, ie. without much un-necessary software installed.

Cheers,
Steve

Collapse -

Plenty of oomph

by Tony Hopkinson In reply to I've always liked Borland ...

and space. Some of the problems are exacerbated by the low quality code base and some from the fact that the switch to Delphi 6 wasn't made. All the others are'nt down to lackk of resources but p1ss poor housekeeping in the IDE. It's not that it can't manage anymore pointers, but that they are pointing at the wrong thing. Changed the way I usually go at things as a work-around, but the consensus from the team about Delphi 2005 is we should never have gone near it, another highly polished turd in the market place. They didn't even test it properly. It crashed on me eight times on the first day of use. Interestingly it works better under XP than it does under 2K.

Collapse -

Undoing Social Engineering

by Larry.Johnson25 In reply to The Six Dumbest Ideas in ...

"Hacking is Cool" will never go away. That's like telling a teenage boy never to look at a Playboy magazine. Or telling any kid, "never do anything that will get you in trouble."
"Educate Users" sounds like a great plan. Problem is, there will always be a ton of users who just don't care. They'll run anything on their machines, download whatever comes their way, and never give it a second thought.
On top of that, consider how much hacking comes in from outside U.S. borders, just out of spite for the U.S.
Do you lock the doors to your office to keep unauthorized people out? Do the same to your network.

Related Discussions

Related Forums