On Thu, Sep 14, 2017 at 7:41 PM, Tom Brennan <[email protected]> wrote:
> John McKown wrote: > >> IMO, encrypting data is a very good defense. Another good defense is >> hiring competent people rather than inexpensive people and giving them the >> time to design, code, and test their solutions. I don't have statistics, >> but many attacks are based on coding errors such as the infamous "SQL >> Injection" attacks. On the almost hilarious attacks which succeed because >> "whomever" didn't bother to configure the security on some piece of >> equipment, and left the administrator credentials as "admin/admin". Of >> course, the people & time requirements that I mentioned "cost too much" >> and >> "delay time to market". Today's world is based on think up something in >> the >> morning, design over lunch, create before dinner, ship the next morning. >> > > Did you mention admin/admin because of this news report, or just > coincidence? > > http://www.bbc.com/news/technology-41257576 That was the reason. I just couldn't remember if it was Equifax or something else in the news recently; and I was too lazy to double check. -- UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
