New site at the top of my favorites list

  • Article

You know, stupid security abounds. I just discovered this site today, and I plan to become a regular visitor -- and probably a contributor, too! I encourage you to explore it and enjoy. Oh, some advice: it probably would be unwise to read an offline archived version of this site on an airplane. :)

Stupid Security: Exposing fake security since 2003
https://www.stupidsecurity.com

Comments

  • Anonymous
    November 25, 2005
    The comment has been removed
  • Anonymous
    November 25, 2005
    My favourite is http://worstcall.blogspot.com/
    - it's written by a help desk operator - well worth a read
  • Anonymous
    January 04, 2006
    A certain security company has suggested that we rename the Administrator account as one step to make our network more secure. Won't this cause problems? I have never really heard of anyone doing this as a best practice. What are your thoughts?

    Tim
  • Anonymous
    March 11, 2006
    Tim, yes that is a common recommendation, but in my (and others') opinions it really doesn't do much good. It's an instance of "security by obscurity," the thinking that if you hide, then the bad guys won't find you.

    Thing is, all local Administrator accounts have the same relative ID number: 500. Attack tools now target account 500 regardless of its name.

    The proper way to protect these accounts is to use a good strong password -- or, better, a nice long pass phrase.