Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

New site at the top of my favorites list

New site at the top of my favorites list

  • Comments 4
  • Likes

You know, stupid security abounds. I just discovered this site today, and I plan to become a regular visitor -- and probably a contributor, too! I encourage you to explore it and enjoy. Oh, some advice: it probably would be unwise to read an offline archived version of this site on an airplane. :)

Stupid Security: Exposing fake security since 2003
http://www.stupidsecurity.com

Comments
  • It's a great site - I love the one about forcing passengers to get off the bus between journeys for "security reasons" - best of all the exception that they'll let people stay on if the weather's bad!

  • My favourite is http://worstcall.blogspot.com/
    - it's written by a help desk operator - well worth a read

  • A certain security company has suggested that we rename the Administrator account as one step to make our network more secure. Won't this cause problems? I have never really heard of anyone doing this as a best practice. What are your thoughts?

    Tim

  • Tim, yes that is a common recommendation, but in my (and others') opinions it really doesn't do much good. It's an instance of "security by obscurity," the thinking that if you hide, then the bad guys won't find you.

    Thing is, all local Administrator accounts have the same relative ID number: 500. Attack tools now target account 500 regardless of its name.

    The proper way to protect these accounts is to use a good strong password -- or, better, a nice long pass *phrase*.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment