Bit rich ...
"RSA president Amit Yoran has ripped into the infosec industry"
... coming from a firm selling *ahem* that _sold_ a security product or two that sported a rather large backdoor.
Cheers
Jon
RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year's RSA computer security conference that they have failed. “2014 was yet another reminder that we are losing this contest,” Yoran said in his keynote this morning at the annual event in San Francisco, California. “The …
The fact that RSA and NSA officials can still charge people to come hear them lecture about security issues is laughable.
A large component of the reason we are in this mess is that these same people violated the public trust by colluding to maintain weak security. Now that world infrastructure is beginning to feel the brunt of this betrayal, the same people get up on stage to berate us about lax security.
Until these people and companies start getting prosecuted and start to feel economic pain for willful sabotage of American technology companies, no meaningful security reform can even begin.
No doubt his advice is appropriate for major businesses.
However, building higher and smarter walls is what makes sense for the average home computer user who cannot afford to hire a staff of security experts to protect the computer with which he surfs the Web and sends E-mail. So trying to make higher and smarter walls almost work is still a worthwhile endeavour.
The people who are your greatest threat are those that work on the inside and want easier access through these walls and across these moats.
...or are simply willing to lower the drawbridge for the invaders because they're told they have a problem with their portcullis that needs fixing...
Of course... it would help if the suppliers of our hardware/software didn't rush out POS merchandise riddled with glaring vulnerabilities.
The highest wall in the world does nothing when you don't have any/adequate gates on the openings. and as a previous poster stated, it does nothing to thwart the guy INSIDE the wall from F'ing you. (Even if YOU are the one inside; ))
Rely on education and behavior, more than hardware or software. Good behavioral habits will remain your best defense. Don't trust the people telling you their crap is safe. It has NEVER been safe. Ever. EVER. With enough time, any security will be breached (not going into the whole "billions of years to break encryption X" or anything, I'm sticking with tangible numbers). If your behavior is such that your information is not readily available.... then when a breach does occur, you're still "safe."
It is the nature of the beast. Don't rely on someone else's product to keep you safe. Keep yourself safe and use someone else's product to make it more difficult for the less-skilled to gain access.
While not using computers "unless you really have to" isn't feasible for a number of professions (yes, even outside of work), if you can afford it.. a cheapo laptop is definitely a good idea.
I set my parents up with a desktop and a laptop. Every time I go home to visit, I spend a few hours cleaning up the desktop. I had locked down the laptop with just the basic "needs" to facilitate banking, taxes, etc... Along with the built in UAC from MS, it runs watchdog and AV monitoring software. Limited to Firefox (modified + addons like ABP) as a browser, MS Office (couldn't convince them to use OpenOffice) without Outlook, WPA2 & MAC locked wireless, LastPass, etc... I also "trained" them to flip off the physical wireless toggle switch when not in use (in addition to turning it off, cause they're old and might forget one or the other).
Really.. one heck of a cheap investment. Doesn't need 16G of ram, 1TB of storage, the latest video card... nope. bare bones, cheap.
On top of the physical hardware separation, keeping a "secure" e-mail only related to banking/finances, an e-mail for family & friends, an e-mail for shopping, and an e-mail for signing up to misc websites or any "public" use. (Each was created to be easily identified by them)
Getting them to _NOT_ select "remember my payment details" was the most difficult.. but thanks to the recent breaches at Target, Home Depot, etc... It made it easier to "prove" why. (As well as getting them to use Pre-paid cards and PayPal in lieu of CC's)
That has cut their spam down a ton, as well as limited their exposure to phising e-mails.
There is a lot that a person can do. It takes a little bit of time, a little bit of money, and a little bit of getting used to.... but I sleep better knowing that I don't have to worry as much for them.
A cheap laptop for handling "sensitive" information + a password manager and properly configured user access is a good idea for anyone, required to or intent on, conducting financial affairs online.