This blog is dedicated to IT Security Professionals that do stupid, idiotic, brain-dead security things. These could be operational mishaps, dumb technology decisions or strategy decisions that leave an org more vulnerable (and poorer) than when the IT Pro walked in the door.
A few examples to whet the appetite:
- misconfiguring routing tables on mission critical firewalls to bring production networks to a screaching halt
- implementing a non-SSL aware NIDS on a segment that only has HTTPS traffic
- declaring to management that secure email best practices require selecting a white font color on a white background when sending sensitive messages
- screwing up an arpspoof attack during a pen-test, becoming "man-on-the-end" and downing a production network
- spending all the security budget on the latest network security gizmo when the outside door to the data center doesn't shut properly.
It is *not* about non-IT Security Professionals that do stupid, idiotic, brain-dead security things. This is assumed (no offense lusers!).
The site is powered by you, the reader. You submit stories and if they're funny enough we'll post 'em.
If you have witnessed a truly idiotic action by someone that claims to be an IT Security Professional, email us at securityidiot@gmail.com. No need to name names - in fact, if you do, we can't post it - sorry.
All postings will be strictly anonymous.
Send us your "over beer" stories, we'll figure out what works as we go along...
The SecurityIdiot team.
P.S Curious about the origin of "Security Idiot"?
Posts
0 comments:
Post a Comment