Quote:
Originally Posted by BSDfan666
.. all bets are off if they break into your premises and steal your machine.
|
This deserves a reply, in regards to administrative decisions affecting "security".
Some typical examples of ignorance of implication driving poor decision making (beyond the NFSv4 one I cited above):
- A backup of an encrypted partition stored in unencrypted form at a 3rd party service provider.
- Unencrypted backups of a critical (and privacy-required) application being taken home by an admin as the sole "offsite" service.
- A portable computer containing an encrypted partition, lost or stolen while in a suspended state, rather than powered down.
- Both public and private key-pair halves made publicly readable, or transmitted in-the-clear (such as by E-mail) to users to enable them to log on to some secure application.
- A web of certificate trust so complicated, users of a secure service just give up and approve any certificate blindly. (Web browsers and X509 / SSL certs, anyone?)
The list is unending, these just come immediately to mind.