back to article RSA supremo rips 'failed' security industry a new backdoor, warns of 'super-mega hack'

RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year's RSA computer security conference that they have failed. “2014 was yet another reminder that we are losing this contest,” Yoran said in his keynote this morning at the annual event in San Francisco, California. “The …

  1. gerdesj Silver badge

    Bit rich ...

    "RSA president Amit Yoran has ripped into the infosec industry"

    ... coming from a firm selling *ahem* that _sold_ a security product or two that sported a rather large backdoor.

    Cheers

    Jon

  2. Spearchucker Jones

    Re: Bit rich ...

    You're right, but that doesn't make him wrong.

  3. Anonymous Coward
    Anonymous Coward

    Re: Bit rich ...

    failed security = you aren't paying RSA!

  4. Mark 85 Silver badge

    Re: Bit rich ...

    Well.. he would know, wouldn't he.

  5. Anonymous Coward
    Anonymous Coward

    Criminal hypocrites - you are the problem, not the solution

    The fact that RSA and NSA officials can still charge people to come hear them lecture about security issues is laughable.

    A large component of the reason we are in this mess is that these same people violated the public trust by colluding to maintain weak security. Now that world infrastructure is beginning to feel the brunt of this betrayal, the same people get up on stage to berate us about lax security.

    Until these people and companies start getting prosecuted and start to feel economic pain for willful sabotage of American technology companies, no meaningful security reform can even begin.

  6. This post has been deleted by a moderator

  7. h4rm0ny Silver badge

    Re: Criminal hypocrites - you are the problem, not the solution

    I see one downvote already. I think it may not be clear that your references to Jews are intended to draw parallels with how Jewish people were used as scapegoats and could be read as you saying hoarders is a euphemism for Jews. Just because that's how strikethrough text is so often used online. I actually had to double check and think about what you probably meant.

    Just to make you aware.

  8. fruitoftheloon
    WTF?

    @Destroy all monsters: Re: Criminal hypocrites - you are the problem, not the solution

    Dam,

    You are a prick.

    My wife is 25% jewish, does that make her less of a person in your view?

    J

  9. phil dude
    Stop

    Re: @Destroy all monsters: Criminal hypocrites - you are the problem, not the solution

    @fruitoftheloon: We are all human first, and that is what matters.

    P.

  10. fruitoftheloon
    Thumb Up

    @Phil dude: Re: @Destroy all monsters: Criminal hypocrites - you are the problem, not the solution

    Phil,

    Indeed we are. I hold no particular religious convictions myself, but I get pretty grumpy when f'wits use (name of religion) to denigrate folk that they feel are beneath them.

    Re my previous posts, nearly all of my mother-in-laws (non practicing) jewish family were murdered by the Nazis.

    Hence I am not overly enamoured by intellectually flatulent, anti-semitic social warts, 'Destroy all monsters' being a very good example of that particular social irritant...

    Many thanks for your contribution btw!

    Cheers,

    J.

  11. This post has been deleted by a moderator

  12. John Savard Silver badge

    Audiences

    No doubt his advice is appropriate for major businesses.

    However, building higher and smarter walls is what makes sense for the average home computer user who cannot afford to hire a staff of security experts to protect the computer with which he surfs the Web and sends E-mail. So trying to make higher and smarter walls almost work is still a worthwhile endeavour.

  13. Voland's right hand Silver badge

    Re: Audiences

    Indeed. Though even at home you are starting to look at defence in depth. If you have kids you simply cannot afford not to - you never know what they will drag in from the Internet despite all of your firewall and AV efforts.

  14. Tom 7 Silver badge

    Re: Audiences

    Higher walls and deeper moats have never worked. The people who are your greatest threat are those that work on the inside and want easier access through these walls and across these moats.

    The next greatest threat come in over and under both.

  15. Vimes

    Re: Audiences @Tom 7

    The people who are your greatest threat are those that work on the inside and want easier access through these walls and across these moats.

    ...or are simply willing to lower the drawbridge for the invaders because they're told they have a problem with their portcullis that needs fixing...

  16. Anonymous Coward
    Anonymous Coward

    Re: Audiences

    Of course... it would help if the suppliers of our hardware/software didn't rush out POS merchandise riddled with glaring vulnerabilities.

    The highest wall in the world does nothing when you don't have any/adequate gates on the openings. and as a previous poster stated, it does nothing to thwart the guy INSIDE the wall from F'ing you. (Even if YOU are the one inside; ))

    Rely on education and behavior, more than hardware or software. Good behavioral habits will remain your best defense. Don't trust the people telling you their crap is safe. It has NEVER been safe. Ever. EVER. With enough time, any security will be breached (not going into the whole "billions of years to break encryption X" or anything, I'm sticking with tangible numbers). If your behavior is such that your information is not readily available.... then when a breach does occur, you're still "safe."

    It is the nature of the beast. Don't rely on someone else's product to keep you safe. Keep yourself safe and use someone else's product to make it more difficult for the less-skilled to gain access.

  17. All names Taken
    Paris Hilton

    Erm, ...

    ... don't use computers unless you really have to and make sure that any computers doing really, really important stuff like You Tube, ebay, ... don't do trivial stuff like online accounts and banking?

  18. Anonymous Coward
    Anonymous Coward

    Re: Erm, ...

    While not using computers "unless you really have to" isn't feasible for a number of professions (yes, even outside of work), if you can afford it.. a cheapo laptop is definitely a good idea.

    I set my parents up with a desktop and a laptop. Every time I go home to visit, I spend a few hours cleaning up the desktop. I had locked down the laptop with just the basic "needs" to facilitate banking, taxes, etc... Along with the built in UAC from MS, it runs watchdog and AV monitoring software. Limited to Firefox (modified + addons like ABP) as a browser, MS Office (couldn't convince them to use OpenOffice) without Outlook, WPA2 & MAC locked wireless, LastPass, etc... I also "trained" them to flip off the physical wireless toggle switch when not in use (in addition to turning it off, cause they're old and might forget one or the other).

    Really.. one heck of a cheap investment. Doesn't need 16G of ram, 1TB of storage, the latest video card... nope. bare bones, cheap.

    On top of the physical hardware separation, keeping a "secure" e-mail only related to banking/finances, an e-mail for family & friends, an e-mail for shopping, and an e-mail for signing up to misc websites or any "public" use. (Each was created to be easily identified by them)

    Getting them to _NOT_ select "remember my payment details" was the most difficult.. but thanks to the recent breaches at Target, Home Depot, etc... It made it easier to "prove" why. (As well as getting them to use Pre-paid cards and PayPal in lieu of CC's)

    That has cut their spam down a ton, as well as limited their exposure to phising e-mails.

    There is a lot that a person can do. It takes a little bit of time, a little bit of money, and a little bit of getting used to.... but I sleep better knowing that I don't have to worry as much for them.

    A cheap laptop for handling "sensitive" information + a password manager and properly configured user access is a good idea for anyone, required to or intent on, conducting financial affairs online.

  19. annodomini2 Bronze badge

    Or to put it more simply

    If there's a way in, you can get in.

  20. Amphibious RawCod

    Re: Or to put it more simply

    If there's no way in, you can make one.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018