Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Yahoo)   23% of software security experts are idiots   ( ) divider line
    More: Stupid  
•       •       •

62 clicks; posted to Main » on 31 Mar 2003 at 7:26 PM (13 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»

68 Comments     (+0 »)

Oldest | « | 1 | 2 | » | Newest | Show all

2003-03-31 07:29:54 PM  
shouldn't this have received the "obvious" tag?
2003-03-31 07:30:45 PM  
nick burns was unavailable for comment
2003-03-31 07:32:03 PM  
The odd part is that 46% of all people are idiots. Hmmm...
2003-03-31 07:33:21 PM  
100% of all people are idiots. i hate everyone and especially you
2003-03-31 07:35:15 PM  
Yeah? Well that's just, like, your opinion... man.
2003-03-31 07:35:47 PM  
The figure is as low as that ??

When your security 'expert' job applicant doesn't know what sendmail is, you wonder what the definition of expert is these days.
2003-03-31 07:39:52 PM  
80% of Americans are more likely to believe a statement supported by statistics.
2003-03-31 07:40:08 PM  
Obvious? HURR
2003-03-31 07:42:54 PM  
89% of people will invent statistics in an attempt to impress somebody.
2003-03-31 07:44:27 PM  
Sendmail is default with OPENBSD according to the security freaks it is the best, so long as you are not a moron.
2003-03-31 07:46:11 PM  
83.4% of statistics are made up on the spot.
2003-03-31 07:48:54 PM  
I liked, and still like Sendmail, but it's security holes just annoyed me. I went with Postfix and I've been happy with the change ever since.
2003-03-31 07:50:20 PM  

03-31-03 06:57:04 PM Null
Incorrect. 89% are idiots. 89% use Winblows in security-sensitive applications.

Mind you, most UNIX-likes use Sendmail for their MTA....

Hahhaah. Yes. The recent two-fer not withstanding.

On the other hand I love patching unix. Rolling out a new business at work dedicated to securing stuff.. yehaaa pay me suckers!
2003-03-31 07:50:55 PM  
Yeah, yeah, yeah.

Microsoft bad.
Linux good.
Eat more cheese.

Just one more thought. Experts are extremely overrated. It would seem that all you need to qualify for the title of expert these days is to be able to open your mouth wide enough to let all the bullsh*t fall out.
2003-03-31 07:53:30 PM  
Blah, blah, blah, Microsoft sucks, blah, blah, blah, Linux is the best, blah, blah, blah, you both suck, Mac Rulz, blah, blah, blah....

Companies use whatever they need to use to be productive. That's why firewalls were invented. If you're worried about internal security, don't hire thieves.
2003-03-31 07:54:28 PM  
Now, I hate microsoft as much as the next nerd, but the article is tossing off percentages left and right...27%! 88%! 40%! 59%!

All these percentages are the result of a study based on...35 PEOPLE?'s amazing what passes for a "study" these days.
2003-03-31 08:03:20 PM  
The article was clearly written for people who need this bit of information:

" Microsoft, the world's largest software maker, . . ."
2003-03-31 08:03:44 PM  
Mind you, most UNIX-likes use Sendmail for their MTA....

Smart ones use qmail
2003-03-31 08:09:16 PM  
74% of people believe that 35% of the statistics cited in 58% of all articles can be misleading 29% of the time. Margin of error: +/- 3%.

Blenderkitty, you're right about the sample size. WAY too small to have any sort of meaning.
2003-03-31 08:10:19 PM  
only 23%
2003-03-31 08:10:27 PM  
perfect headline for this one...
2003-03-31 08:13:35 PM  
Its really getting a bit annoying to see the Unix world transmogrify into the Linux-religious-zealot world, complete with clueless repetition of anything the Linux Gurus say. Sendmail == bad, but what about the /proc directory? How many linuxes are wide open /proc waiting to be written to by exploits? Why is it that when I've run FreeBSD or Solaris on as servers on the network they rarely to never have been hacked (the last one I remember was when I ran ftpd in Solaris 6) but when I ran linux on the same network it was HaX0r3D on a regular basis. All linuxes, Redhat, Slackware, even Debian -- are either hardened to the point of difficulty, or they are wide open and waiting.

Sorry, thats just what I have observed since 1995 running all of the above in the enterprise and over connections from home. The Linux tribesmen will throw spears but my experience is it is the least secure or the most useless, take your pick. Because it cannot be hardened unless you remove its functionality, whereas FreeBSD or Solaris can be hardened more easily. Thats another thing -- Linux has ridiculous dependencies, if you want to run a server app you'll wind up needing about 16 lib dependencies for whatever the package maintainer or the .cpp programmer was using when he wrote the code. But Solaris or BSD have far saner ports / packaging systems in place, and things just tend to work on a secure server better.

Yes even with Sendmail. What the authors of this low-level fear mongering left off is that fixing Sendmail when you compile source is a 5 minute (more like 30 second) fix. Wow, that was hard. Yes it is exploited more than Postfix, but in my experience Postfix has been a headache on anything but Linux. Qmail is better than both of them.
But I know these things from experience, how many of the luserland Linux rantings know any OS other than Linux?
2003-03-31 08:13:50 PM  
Blaming MS or *nix for security problems is 78% dumb. Good admins make networks secure. There will *always* be bugs and security holes in software (and thereby, the patches to correct them). It's up to the admins to keep their shi* tight.

2003-03-31 08:16:11 PM  
"The survey polled 35 software security experts at $1 billion companies."
"77 percent of respondents in the information technology (IT) field said security was a top concern when using Windows"

So 77% of 35 people are concerned. Well that must be a decent cross-sampling of the industry, as it's on the Intar-web and all..
2003-03-31 08:17:11 PM  
"Microsoft had already provided a security patch that the worm targeted in July of 2002....
But because the patch was difficult to install..."

Duhhhh...... Unzip it and copy the files. Oh wait, I forgot. I actually EARNED the title Security Officer.

Hey, somebody ask me about security policy in the enterprise. I got it down pat.

A recent study shows that one in five people makes up 20% of the population.
2003-03-31 08:17:56 PM  
This headline just begs for an obvious tag..
2003-03-31 08:19:35 PM  
Props to Drew, though, for running FreeBSD.
2003-03-31 08:21:58 PM  
Blah, blah, blah, Microsoft sucks, blah, blah, blah, Linux is the best, blah, blah, blah, you both suck, Mac Rulz, blah, blah, blah....

Companies use whatever they need to use to be productive. That's why firewalls were invented. If you're worried about internal security, don't hire thieves.

yup, that's what we do. we need something that can be used easily, and if there's a problem, i want that fix fast.
2003-03-31 08:23:28 PM  
Obvious indeed.
2003-03-31 08:25:28 PM  
..And windows ... lets just say if you expect Windows to be secure there's at least 4 hours a week for patching in your life. Hopefully the patch doesnt break any legacy apps. The Slammer Worm was often due to that -- boxes cant be patched cause legacy applications the enterprise still requires will break, so the box is left unpatched, and vulnerable.

The self-appointed security consultants are not the same guys that actually do the work. They talk a good line but it is not the same as being the guy that answers when the business dept can't run their server because it had an app that couldn't be patched but they won't replace it til 2004 when its out of warranty...

Security consultant --> IT reporter --> CIO
^ +
| |
+-------wank wank wank <--- <---<---<---+

Server Admin. Hoping the splash misses.
2003-03-31 08:28:25 PM  
Cool, I'm an idiot. Where do I sign up?
2003-03-31 08:30:36 PM  

whoa. fnord.
2003-03-31 08:32:07 PM  
Most IT people are stupid for not keeping products up-to date. But being as I am very overworked, I can honestly say that I have a hard time too.
2003-03-31 08:32:50 PM  
So it's Microsoft's fault for not making the patches magically transport and install themselves. Keeping the network secured involves making sure all necessary patches have been installed.
2003-03-31 08:33:35 PM  
only 23%?
2003-03-31 08:36:38 PM  
100% of all people are idiots.
2003-03-31 08:38:05 PM  
I think the Y2K bug is going to cause global chaos!!!
2003-03-31 08:38:16 PM  
I think we are using the worng tag
[image from too old to be available] is more accurate
2003-03-31 08:41:47 PM  
this is why i go hardware. i got paid $5 for cracking open an IBM case and retrieving a pokemon card from inside. 5 minutes, $1 a minute.
2003-03-31 08:59:13 PM  
here's a rap about security that i just made up:
(sing to 'Wish I was a Baller'...)

i wish i wuz a... admin
c-g-i bin
20-stroke password
on my shorty's log-in, I
IM her, gettin' laid tonight
linux be licking my nutz so tight
i want it myyyyy way, securitizzle
yes myyyy way, sure to fizzle
my inbox hey is hacked tonight, haxxed all night

dat linux peng'n is my biznatch!
2003-03-31 09:08:37 PM  
Iwasbiggs, except for one minor little fact. They aren't. IBM is.
2003-03-31 09:14:29 PM  
Microsoft and Security is an oxymoron. Always was, always will be...
2003-03-31 09:21:36 PM  
This should've had an "Obvious" tag. Most of those experts are just lying out their ass and telling people anything that they want to hear.
2003-03-31 09:23:46 PM  
74.263% of people polled don't know what a percentage sign means, but 44.915263549% of them are reasonably sure that "it's one of those computer chat thingies."
2003-03-31 09:24:04 PM  
100% of security engineer realize that thier biggest holes are in the users themselves and not the software they are running.

If you're so concerned about security buy a Netscreen.
2003-03-31 09:32:11 PM  
Avery1415, run a proggie like John the Ripper against your "easy to remember" password, and you'll have it unraveled in seconds.

The sysadmin's just trying to keep the script kiddies outta his network, and it ain't his problem if his lusers can't remember anything more complex than their initials.

Where do these guys get their ideas of how hackers operate?

Good sysadmins are hackers.

2003-03-31 09:46:28 PM  
03-31-03 08:32:50 PM

So it's Microsoft's fault for not making the patches magically transport and install themselves. Keeping the network secured involves making sure all necessary patches have been installed.

No, it's Microsoft's fault for not actually writing good code.
2003-03-31 10:02:38 PM  
In regards to the "Sendmail has tons of security holes too" conversation:

Sendmail does have bugs. Lots of them. Qmail is a whole lot more secure.

Sendmail is one of the most featureful MTAs available at any price. Qmail doesn't do everything Sendmail does.

Pick the right tool for the job. Running your own home mail server? Use Qmail. Running an ISP? Consider Sendmail.
2003-03-31 10:12:48 PM  
I concur.My brother works for a Fortune 500 company and he self-taught himself.He is now the division head with several guys under him with MIS degrees and they have no clue which end is up.
2003-03-31 10:18:39 PM  
Insecure networks develop from the following:

1) Ignorance
2) Laziness
3) Lack of defined policy (or lack of following policy)

1 and 2 can lead to the lack of following policy.

Secure your environment. Develop a best practice. Base your network OS on your needs and most importantly the staff that you have to support it. You got a stud MS guy? Use MS. You got a stud SUN guy? Go with SUN. Or vice versa get a stud MS guy. Get a stud SUN to support your system. An OS is only as good as the administrator.

Keep up to date of latest advisories, patch your systems, install a session-based firewall, and enforce your policy.

Security should be separation by duty to, or honestly you will have no time to do everything you need to do and admin the network at the same time.
Displayed 50 of 68 comments

Oldest | « | 1 | 2 | » | Newest | Show all

This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter

In Other Media
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.