News from PANUG

News from PANUG/BizNix - September 17, 2002
http://panug.org - http://biznix.org

PANUG MEETING
The PANUG user group's monthly meeting is this Thursday,
September 19 at 6:15 pm. The presentation will cover
Novell's iFolders. iFolders is a WebDAV-like application
that allows mobile users to store data on a centralized
file server. Unlike remote file systems like CIFS, iFolders
is more secure and can be deployed without having to
reconfigure your company firewall or deploy a VPN.
Visit the PANUG Web site for meeting location.
http://panug.org


EXCUSES FOR SECURITY PROBLEMS
by Ed Sawicki - Accelerated Learning Center / Tailored Computers

A publishing industry-focused mailing list I'm on has been
discussing the latest Word security hole that's described at
Microsoft's Web site. The URL is very long. You can get there
with this redirect:
http://panug.org/wordsec

The publishing industry is firmly entrenched in Microsoft
Word. Security issues like this create lots of concern
and discussion. Word and Windows security has been
criticized numerous times on the list. Each time, list
participants respond in the same way with the same excuses
why they must ignore these problems and continue to use
Word in spite of the problems. Here's a sample of the
reasons/excuses:

"There is nowhere safe [to store data]."

"There are so many ways to do it [steal data] that an
obscure oversight in some Word code is likely to be more
hassle to take advantage of than it's worth."

"Every security system will fail."

"If someone really wants your data, they will have it."

"You can only build so strong a door before it becomes
easier to come through the wall [or the Windows]."

"Ben Franklin summed up security the best, "The only way
two people can keep a secret is if one of them is dead.""

"The only thing safe is a never been formatted hard-drive
that has no power attached to it."

"Security, like pregnancy, is binary. Either you and your
data are secure, or you and it are not."

These people (there are a lot of them) take a binary view
of security. The concept of "better security" doesn't seem
to exist for them. Since they don't believe any system can
be totally secure, they accept systems that have very
little security. All of this means that the Internet and
local networks are target-rich environments for attackers
because the victims accept the attacks.

Security involves shades of gray. You can be "more secure".