The Problem with Pundits, part III.
When an exploit comes out based on some vector or user activity, pundits are all over it and saying, “Duh! Well, just don’t DO that!”
Dudes. If it were that easy to stop, we’d have stopped it already. We can’t just strip all .gif files at the gateway willy-nilly. And password-protected zip files are often the poor man’s “encryption” for email. Would you like to explain to a few hundred non-technical business partners how to download and use AxCrypt as an alternative? Would you like to buy them a real encryption product? Would you like to explain to hundreds of internal users why they suddenly can’t get legitimate attachments from external correspondents?
I didn’t think so.
I’m taking your pragmatic armchairs away for a time-out now.
UPDATE: Mike Rothman gets all bombastic on my ass about how there are “no excuses” for not just stripping .zips at the gateway. (He also seems really to care about my chromosome allocation; I suppose he can’t decide whether to patronize me or buy me a beer.) Come on, Mike, I thought you were all about pragmatism.
There are a lot of workarounds to getting secure information from one location to another. They are not all overly technical and hard to use.
Great. Give me a practical solution, right now, as to how to get around the lack of available mail encryption. AxCrypt classes for hundreds of external business partners? Tell them all to send us password-protected CDs in the mail? And how do you deal with correspondents who HAVE to zip up their 10-meg files just so they don’t melt down their ISP dialup connection? (They still exist, y’know.) Seriously, when was the last time you actually had to implement a quick solution in a real-world environment where things were NOT perfect and getting a new solution in required not only hours of your time, but hours of everyone else’s?
It ain’t excuses, son, it’s reality. Give me a workable solution, and I’ll be glad to implement it. Don’t give me the security equivalent of “just say no.”
(1) Comments • Permalink •
