Comments on: Dr. Johannes Ullrich and the Principle of Least Priviledge

By: Roger

Roger — Wed, 12 Sep 2012 22:00:15 +0000

I stand by the title. I think that you painted all of us in IT Security with a broad “slumlord” brush. Not just specific types of people but anyone who would examine the risks involved with new technology, and even block it until its proven secure.

With friends like these…

By: Roger

Roger — Sat, 08 Sep 2012 03:56:49 +0000

Normally, I’m pretty good about releasing comment moderation. The spam filter snagged my comment notification for some reason. And I didn’t have much to blog about this week so I didn’t see the comment in queue until now. Sorry for the delay.

Thanks for the read.

By: Johannes Ullrich

Johannes Ullrich — Fri, 31 Aug 2012 15:55:39 +0000

Do you feel the death mind ray

I think you may have take the title a bit wrong, but your response does hit on some of the points I am trying to make. What it comes down to in the end is that user “buy in” is critical to make security work. If you are the security guy who always says “no”, you will fail, because users will work against you. The important part is to find the right balance, and I run into too many security people that say “no” first, just out of habit. If you don’t behave like a slumlord, then your users (tenants) will be able to pay a bit more and you tend to attract better users (tenants). Of course, there will be businesses that are very “focused” (thinking here about call centers) or have high security requirements (state secrets). But from a network security point of view, I actually find them less interesting then lets say an R&D department (difficult recruiting great people, lots of sensitive stuff to protect, tends to have creative/technical individuals).

a try a tinfoil beanie against the mind control death rays