@maswan@mastodon.acc.sunet.se avatar

maswan

@maswan@mastodon.acc.sunet.se

Sysadmin and caturday enthusiast. Hiker & biker.

Work sysadm: NeIC NT1, HPC2N

Hobby sysadm: ACC

I thought running and ftp server (well, OK, technically it is https these days) with its own AS was so much fun as a hobby, I started doing it for work too.

Admin for this server.

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

jerry , to random
@jerry@infosec.exchange avatar

The most amazing thing just happened to me. I slept the whole night and did not need to take any sleeping pills. I thought there was going to be some kind of extended fight with my brain to start sleeping unaided, but no. THE FIRST NIGHT I was unemployed.

maswan ,
@maswan@mastodon.acc.sunet.se avatar

@jerry Stress is the worst!

jerry , to random
@jerry@infosec.exchange avatar

One thing I’ve noticed, particularly with my parents and other older people, is that they are apt to equate confidence with competence. Someone can be spewing a giant bag of horse shit, but if they do it confidently, apparently about half the population will believe it

maswan ,
@maswan@mastodon.acc.sunet.se avatar

@jerry
The con in conman is confidence...
@catsalad

jerry , to random
@jerry@infosec.exchange avatar

I find it interesting that around 90% of spam account signups on Infosec.exchange use a gmail address to register. Now, that’s partly biased because I’ve blocked most of the junk email services that allow creating email addresses without needing to sign in or register, so I don’t know what it would look like if those were permitted, however it must be quite efficient for people to create large numbers of gmail accounts.

maswan ,
@maswan@mastodon.acc.sunet.se avatar

@jerry
Same here on my small and not so widely advertised server. If I would ban any email domain, it would be gmail.

jerry , to random
@jerry@infosec.exchange avatar

Remember that humans are the first and last line of defense. If they make a mistake that results in a security incident, it’s not the fault of the design of the IT system, but rather the people who didn’t know the email wasn’t really from their manager. I mean, the industry calls us “human firewalls”, right?

maswan ,
@maswan@mastodon.acc.sunet.se avatar

@jerry
By demanding accountability and putting their jobs on the line for clicking wrong, we create a good incentive to learn best practices. After all, who wants to work with people who don't try to be the best at what they do?

maswan ,
@maswan@mastodon.acc.sunet.se avatar

@jerry
Yeah, meanwhile in reality telling people to not click on things in the machine where you click on things to get your work done is an awful proposal for an effective security barrier.

I was trying to match your tone, but might have missed by a barn or two.

maswan ,
@maswan@mastodon.acc.sunet.se avatar

@jerry
Also, if we can learn anything from safety engineering, assigning blame to people (short of intentional malicious actions) makes it harder to find out what is actually wrong and fixing the system.

maswan ,
@maswan@mastodon.acc.sunet.se avatar

@jerry
Yeah. Mature safety fields (chemical aviation, civil engineering, etc) seem to have recognized this, but that insight has been bought by a lot of blood. And even there, it looks like it is a struggle to remember it at times.

Makes for good inspirational reading to see how those fields work when faced with a failure.

Oh, and hopefully IT security can learn with less blood spilled.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •