[Info-vax] What to do with my VAX.....

Alexander Schreiber als at usenet.thangorodrim.de
Wed Nov 11 18:56:18 EST 2020 

seasoned_geek <roland at logikalsolutions.com> wrote:
> On Tuesday, November 3, 2020 at 8:24:16 PM UTC-6, Arne Vajhøj wrote:
>> On 10/18/2020 7:33 PM, seasoned_geek wrote: 
>> > On Sunday, October 18, 2020 at 12:34:14 PM UTC-5, Grant Taylor 
>> > wrote: 
>> >> On 10/18/20 3:17 AM, seasoned_geek wrote: 
>
> You are completely incorrect about Security by Obscurity as well. ALL
> ENCRYPTION is security by obscurity. Period. 

Thus proving nicely that you know _absolutely_ nothing about encryption.
You imight want to read up on Kerckhoff's principle for starters.

>
> Security breaches happen a lot.
> https://www.cshub.com/attacks/articles/top-5-cyber-security-breaches-of-2019-so-far

Lets see:
 1. misconfigured web application firewall -> configuration error
 2. credential stuffing -> application design error
 3. more credential stuffing -> application design error
 4. "cloud vulnerability" -> can be anything but most likely
    boils down to "we have no idea what we're even doing"
 5. spear phishing -> the classic combination of employees
    making minor mistakes and a bad security setup that allows
    those to blow up into a breach - there are well known ways
    to avoid that (and no, firing employees for reading the
    wrong email is not it)
 6. Yahoo was phished ... somebody forgot about defense in depth
 7. Health care industry ... notorious for amazing incompentence
    about these newfangled computer thingies (especially on the
    vendor side)

I'm not going through all of them, but credential stuffing and phishing is
a common theme. Both can be defended against by proper system design and
security in depth, including proper internal access controls (no, the
CEO does _not_ need full access to all production systems just because
he is the boss).

But nothing of the above is related to Unix per se - it's design errors,
system config errors, bad access controls ... or in short: incompetence.
And that is a lot more common, than one might think, sadly.

Kind regards,
            Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison

More information about the Info-vax mailing list