just came across a tidbit of info that i'd forgotten, and it got me thinking about my op-sec
i use my handle for fun, and there are a few places where i choose to tie it to my IRL info. at cons i tell people my real name and my handle, and there are obvious places where my IRL geogrophy is publicly revealed. i'm not out there commiting crimes or tryin to be an uber-reet hax0r, so i'm not too worried about that.
but i recently started re-doing my home network, and although i do a lot of good defensive foo, there's definately some stuff i noticed that wasn't right. some things pointing to my home network that didn't really need to be there. there were gaps in visibility and logs. some files and directories that i dropped on my box but never moved into the right cryptographic containers. tracking down inet accounts that aren't often used, i realized there are a number of passwords which aren't strong enough and/or haven't been rotated recently enough. machines which were not hardened.
it's easy to let things slip when you're doin sec from 9-5 and just wanna hang out w/ the fam and/or veg-out w/ hulu when you get home. it's not always easy step up and take the extra steps that need to be done to track down the details and stay on top of your environment.
i've got friends who have awesome op-sec and go the extra mile. i need to keep them in mind when i make decisions about my environment...
yea, i've seen people get popped who made bigger mistakes than me. but that doesn't matter if it's my mailspool and / or my filesystem.
a buddy of mine commented that it sux there are ppl out there makin us scared of teh pwnage. i agreed at the time, but really i donno. attackers are a reminder... a buzz in our ear, the angel and the devil on our shoulders reminding us that we do this stuff full time. if we can't run our own houses, why should anyone trust us to help them?
sometimes it's tough to look deeply in the mirror, but ultimately it only helps. it's painful to see the truth with warts and all, but you can't make something better until you understand what it really is.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment