Hacking-101.com

Have you ever heard of Security Through Obscurity?  It’s the concept of “what the enemy doesn’t know won’t hurt  you.”  Sort of like having your firewall drop all incoming ICMP packets.  They won’t know you are there…

If you believe that I have a bridge to sell you in Mexico.

Security through obscurity is like having full windows inside of your shower and pretending that since the glass is a little dirty no one can see your naughty bits and even if they could they wouldn’t want to.  You’re probably wrong on both accounts.  You can’t hide behind dirty glass and they would look at your naughty parts just because they could.

Do not pretend that security through obscurity is a part of defense in depth.  Defense in depth is a great approach to holistic security that entails operational, procedural and technical controls to protect your information.  Attempting to hide your systems will only work to a point.  Every system on the Internet is potentially vulnerable and possible to find.

What’s the good news?   The good news is that you can mitigate your risk even if someone knows that you have a juicy Oracle server hiding behind your firewall.  A properly tuned Intrusion Detection/Prevention System coupled with well documented Access Control Lists go a long way in defending your network.  Unfortunately we can no longer rely on the network perimeter as the only attack vector.  You’ll also need to ensure patches are updated, passwords are complex and that you have proper auditing enabled.

Oh the work never ends.

People who live in glass houses shouldn’t walk around naked.

I know this may seem a bit off-topic, but I was reading through CNN yesterday and I guess there’s a new fad in the UK with young women getting totally hammered and then putting pictures of themselves on Facebook. Now, we know that peacocking is something that happens across the world and no one is immune. From my opinion, women can do it too, who cares.

Here’s my concern: Does no one think that prospective employers may go search for you on the Internet?  I guarantee you that you will be Googled and Facebooked and possibly checked out on LinkedIn.

The odds of you NOT getting a job because of idiotic pictures on the Internet is probably very good.  Who wants to hire an ass-hat who doesn’t have the decency to keep their private life private.  It’s like Paris Hilton going to work in a nunnery.

If you’re going to act like an idiot just do yourself a favor and don’t document it.  You’ll only have yourself to blame in the long run.

As reported by Sunbelt, some people will stop at nothing to sell you snake oil.  Or, apparently, marijuana.  Alex makes a good point that if you’re dumb enough to try you could get a knock on the door from the authorities (at the worst) or just a bag of oregano (at the least).

Read more here.