Rewrote my previous comment, as muddling up both cases as a single obtuse analogy was a mistake on my part. But can't we say that we have both a moral and an ethical obligation to protect our nontechnical users or our…
That's not really a solution. The problem falls into two categories, on one hand you have non technical end users, and it takes a non trivial amount of time to train them to roll their own crypto if you will, and it's…
Projecting? Unsure in which direction you mean, but fwiw I'm pushing 30 my self (26) and use apple products. But I agree with you, the medical records argument is kind of boring. But, not everything needs to be…
Yes, the foolish neckbeards who aren't agile and dynamic, don't use git and aren't iterative but care deeply obeying regulations and not sending data to the /dev/null that mongodb on US-EAST is. This mindset screams "I…
> A future bulk-scan may leverage a new SSH-exploit before you know it exists. Sure, this is true. I consider this a "minor" issue, truth be told (I didn't want muddle up the conversation) I don't tend to run sshd…
If undirected bulk scans are a serious threat to your security, something is up. Properly configured (AllowUsers, Disable root, no clear text passwords only keys etc), I'd say that the undirected bulk scans pose no…
Sure. > "Port knocking by definition is an extra layer of security through obscurity" Security through obscurity is not security, it's at best theater. > "It protects against 0 day attacks on OpenSSH" You…
>> 2. As long as you're customizing the firewall you should block pings entirely. Why? I've never seen a threat model where filtering icmp doesn't end up being more trouble then it's worth. Then there is even…
Rewrote my previous comment, as muddling up both cases as a single obtuse analogy was a mistake on my part. But can't we say that we have both a moral and an ethical obligation to protect our nontechnical users or our…
That's not really a solution. The problem falls into two categories, on one hand you have non technical end users, and it takes a non trivial amount of time to train them to roll their own crypto if you will, and it's…
Projecting? Unsure in which direction you mean, but fwiw I'm pushing 30 my self (26) and use apple products. But I agree with you, the medical records argument is kind of boring. But, not everything needs to be…
Yes, the foolish neckbeards who aren't agile and dynamic, don't use git and aren't iterative but care deeply obeying regulations and not sending data to the /dev/null that mongodb on US-EAST is. This mindset screams "I…
> A future bulk-scan may leverage a new SSH-exploit before you know it exists. Sure, this is true. I consider this a "minor" issue, truth be told (I didn't want muddle up the conversation) I don't tend to run sshd…
If undirected bulk scans are a serious threat to your security, something is up. Properly configured (AllowUsers, Disable root, no clear text passwords only keys etc), I'd say that the undirected bulk scans pose no…
Sure. > "Port knocking by definition is an extra layer of security through obscurity" Security through obscurity is not security, it's at best theater. > "It protects against 0 day attacks on OpenSSH" You…
>> 2. As long as you're customizing the firewall you should block pings entirely. Why? I've never seen a threat model where filtering icmp doesn't end up being more trouble then it's worth. Then there is even…