cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Has security come to this?

Hi All

 

This link, provides some interesting insights into security or rather how to bypass it.

 

https://www.linkedin.com/feed/update/urn:li:activity:6579556754496028672/

 

Regards

 

Caute_cautim

6 Replies
dcontesti
Community Champion

I think we all have had users like this. They will do anything to by-pass the security implemented and then when something happens, they just shrug their shoulders and smile.......

 

I dd enjoy the humour in it though.

CraginS
Defender I

Clearly, this is evidence, anecdotal though it may be, that cat filters do not work

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
rslade
Influencer II

> CraginS (Advocate II) posted a new reply in Industry News on 09-18-2019 09:24 PM

> Clearly, this is evidence, anecdotal though it may be, that cat filters do not
> work   Craig  

Bring back Pawsense!

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Because the lives of the wicked should be made brief.
For the rest of us, death will be a relief--
We all deserve to die! `Sweeney Todd,' Stephen Sondheim
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Shannon
Community Champion

 

This shows that you can't bank on security controls by themselves, but should also instill awareness in users.

 

(Then again, training a cat might be a challenge.)

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Caute_cautim
Community Champion

@ShannonYes, training a cat could be a real problem - especially one with 9 lives and a beating heart, pumping blood and air through the system.  But probably less of a problem, if the Cat was mechanical or a robot one.

 

But then again we go back to the root of the problem - who was the developer who programmed and what were their morals, ethics and objectives?

 

Regards

 

Caute_cautim

Shannon
Community Champion

 

 


@Caute_cautim wrote:

 

But then again we go back to the root of the problem - who was the developer who programmed and what were their morals, ethics and objectives?


Very true, but I've sometimes found that part to be even more of a daunting task --- it makes imparting user awareness & changing organization culture seem trivial. 

 

To exemplify this, I'll relate 2 cases in an earlier organization, both involving an communication / collaboration application obtained from a provider.

 

Case 1: There were instances of the application's services experiencing issues due to malware & I reminded  the provider to secure the platforms they ran it on with an EPP --- their lead then insisted that there was no concern because it ran on Linux!

 

Case 2: After observing events that pointed to 'broken authentication,' I communicated with all entities using the system / providing dependent services, and concluded that the issue was with the application itself. In a report to management, I recommended that the application be checked for vulnerabilities & its code properly reviewed.

 

The end result in both cases: what happened was quickly forgotten & quietly buried --- courtesy of someone high up in the hierarchy having given the provider a go-ahead at the start.

 

So back to your earlier question, the root of the problem often becomes 'Who authorized implementation & use, with no security controls properly implemented from the start itself?'

 

 

At this point, one can't help but envy the cats.  Smiley Wink

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz