Computer Security! For Teh Lulz! (@riskybusiness ftw)

There's a certain resonant truth in this "LulzSec" article by Patrick Grey, the man behind Risky Business, a Security Blogger and Podcaster known to the NZ 'scene'.

It's hilarious. Hilarious because it's so true.

In my opinion it is possible to build a 'secure' system - but there's a couple of caveats.

1) Security comes in many layers; electronic security is just one. If someone can get physical access to your gear, your network, your workstations or servers... you're toast.
2) Any system with external connectivity is reduced in security, Firewalls or no Firewalls. IPSEC or no IPSEC.
3) Any system with Internet connectivity is worse again.

Note that 2 and 3 are different. Ultimately the Internet has to be looked at as a 'wild, wild west of computers' and one has to accept that by being online, you've got a big target painted on you. All you can do is reduce your profile. Much like dodging criminals in our fine city's dodgier neighbourhoods. Nod to Metlstorm's 'low hanging fruit' presentation from Kiwicon 2009.... if your fruit hang low they will be harvested, along with all the goodness contained therein.

So if you want a truly secure environment, connectivity to the Internet should be seen as a) optional, and b) risky. And if you're on the Internet, accept that there's definate limitations to the level of security you can expect.

This goes double, and perhaps even triple, for anyone actively using Facebook or its ilk. How much of your personal data is on there? How much faith are you putting in a megacorp who's in the 'we're so big the individual doesn't matter' camp?