All I see so far are antivirus/spyware type questions. Anybody else hoping to discuss real security issues?
To get the ball rolling, we could talk about something from Bruce Schneier's newsletter: penetration testing. article and article
I did pen testing for a bit at my old job and the mentality was that we had to find a way in or we weren't doing our job. There were some times when we would just brute force passwords and get lucky and find a complex password. I just felt that the mentality of penetration testing rarely fixed problems since most of them were organizational and procedural problems to begin with. For example, hospitals never had secure passwords because doctors would say "I'm too busy saving lives to have to remember and spend the time typing a complex password".
To get the ball rolling, we could talk about something from Bruce Schneier's newsletter: penetration testing. article and article
I did pen testing for a bit at my old job and the mentality was that we had to find a way in or we weren't doing our job. There were some times when we would just brute force passwords and get lucky and find a complex password. I just felt that the mentality of penetration testing rarely fixed problems since most of them were organizational and procedural problems to begin with. For example, hospitals never had secure passwords because doctors would say "I'm too busy saving lives to have to remember and spend the time typing a complex password".