Quote:
|
Originally Posted by Golden Teapot
This and it's precursor is a stupid thing to say. It's like observing that nobody lives forever whilst refusing to acknowledge that there's a mighty big difference between the minimum experienced lifespan and the maximum.
Have a light and a button on the network and internet sides of the connection and stand a trained pigeon in the middle. Connected? Absolutely. Likelihood of getting anything unexpected to flowing in either direction? Pretty slim.
|
"Pretty Slim" ... what? Your idea of "Nothing is Secure" seems to differ from what was implied... what you just said isnt 100% secure, you said it yourself "pretty slim", so theres a chance, there always is, that was the point.
What drone was saying is absolutely correct, theres no such thing as "secure" even if its completely air gapped. Because even then a user is in control of the "air gap" and thus theres a flaw, which could be exploited through the (currently) most common form/successful method of hacking, social engineering.
If you think anything else eg "I'm completely secure" you are fooling yourself.
"Security" end of the day is all about mitigation. Mitigate as much as possible and put points on risks (normally where a user or admins need access or communication to/from said device is required) completely secure is a myth. Any high-security oriented person worth their salt would agree and only idiots would say they were 100% secure, (see any of the recent lulz etc events as a prime example).
I'm not really that keen to get into a long term debate about this as (same angle as drone here, many ways to skin a cat etc etc and this probably isnt the place to discuss "IT best practices" and "meaning of 'nothing is secure'") I can't be arsed rinsing and repeating the same shit thats been said before.