Re: [opensuse] Re: Have you done an update recently?

On Sat, Jul 25, 2015 at 12:57 PM, Yamaban wrote:

On Sat, 25 Jul 2015 17:43, Anton Aylward wrote:

...

http://www.geek.com/apps/google-compares-security-experts-to-the-rest-of-us-...

Yes I use a unique password generator and I get VERY ANNOYED at sites that a) don't differentiate between UC and LC b) don't permit non alpha characters, especially spaces c) won't let me use password longer than 15 characters or truncate them down to 8 characters

Yes I have a password manager.

Yes I update daily.

Sadly few sites, not least of all my banks, use two-factor authentication. The best of them use what amounts to a 'double password' scheme.

All that being said ....

While I update the apps on my phone and tablet, there seems to be no updates to the kernel/os other than buying a new phone or rooting it and installing a 3rd party ROM - which may lack functionality or have other problems.

Lets not even think about updates to the cars and other IoT things! If we do we might get very, very frightened.

I see your cars, and raise the "new" fad smart-home (i.e. easy to break in and manipulate)

Even more ugly: Power-plants, Power-lines, Fresh-water plants, Waste-water treatment plants, etc -- all easy to reach and break in (electronically) just because "security" is treated as "obscurity".

A nice part of my daily work consists in reducing such possible attack areas. In some cases by pulling the plug between internal network and internet because: "the internet is safe, we do not need any firewalls".

"Passwords? -- What passwords??" and the ever famous: "Encrypted communication, what's that?" are daily fun for me.

"Stuxnet" has never happened for these guys, and they are Managers.

I avoid having a mobile if ever possible.

- Yamaban.

Then you'll appreciate this: I went with a security analyst to review a construction firm that wanted to get top secret clearance so they could work on government facilities. My task was unrelated to the review, but I was going to need Administrator access to the server. We arrived at the same time. The receptionist told me my contact was unavailable but she told me where the server was and the that the admin password was on a sticky on the screen. The computer turned out NOT to be in a physically secure area so anyone in the company could access it. And any of them could have seen (recorded) the admin password. The guy doing the security review found that very interesting and took a few pictures. Needless to say, they failed the security review pretty badly. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org