Monday, March 5, 2012

The problem with computer security

It has nothing to do with Best Practice.  Rather, it concerns the woefully low Typical Practice.  Like this:
A NASA laptop stolen last year had not been encrypted, despite containing codes used to control and command the International Space Station, the agency's inspector general told a US House committee.
*Headdesk*

Technology isn't the problem.  Measure with a micrometer, mark with chalk, cut with an axe.

Via email from ASM826.

6 comments:

That Guy said...

The Human factor is the biggest hole in all computer security. In my work, we see people all the time purposefully screw up things like passwords, encryption, physical security, etc... and we are called to solve the problem.

Yep. All those theories and best practices sound great until some end user screws things up.

North said...

Lamenting that a chain is only as strong as its weakest link is senseless if you are trying to tow your car with a gold necklace.

Dave H said...

Hey, it's NASA. It's not like they're working for the DoD. If they did they'd have procedures for keelhauling the offender.

DaddyBear said...

I've yet to find a way to engineer around humans. Every day I make progress, but it Sysiphus had better odds of success.

Alan said...

Good old social engineering will bypass any security system.

Anonymous said...

The codes the article refers to are fairly useless unless you connected to the ISS C&C MDMs.