Home > Jackassery > Security, Drinking Straws, Cavities and Wrinkles…

Security, Drinking Straws, Cavities and Wrinkles…

StrawsI was reading an article on SlashFood titled "Drinking Straw: Friend or Foe" and chuckled at the parallels to the reflexive hyping, purchase and (oft failed) use of "solutions" in the security space.  Sometimes I think we need a securitysnopes.com:

Recently, a friend passed along a tip from a dermatologist: Stop
sipping through straws. The doctor said it was the number one cause of
wrinkles.

Even more recently, at lunch one day my aunt relayed
some info from her husband, an orthodontist. He said that drinking
through a straw prevents cavities and tooth decay, since straws allow
sugary beverages to bypass your teeth. When my aunt said this,
everybody around the table (six women) stuck straws in their drinks.

But when I countered with the skincare side of the question, my aunt
was the first to pluck her straw right back out again.

Brings new meaning to "security sucks."  What's your favorite "security straw" analogy?

/Hoff

Categories: Jackassery Tags:
  1. TJ
    October 31st, 2008 at 11:35 | #1

    VPNs baby!

  2. October 31st, 2008 at 12:32 | #2

    90- (or 60-)day password changes. You betcha.

  3. Steven Andrés
    October 31st, 2008 at 16:33 | #3

    If you have an insecure web application, switch to SSL for added security. Much like your straw, it'll suck.

  4. Joe Friday
    November 5th, 2008 at 17:00 | #4

    Chris – You are a bag of wind, hang it up….please

  5. November 5th, 2008 at 18:07 | #5

    Sure, sweetheart…just for you.
    /Hoff

  6. November 11th, 2008 at 07:13 | #6

    Damned if you do, damned if you don't.
    The whole business of security fits that analogy. Either you suffer the insecurity or you suffer the administrative/analyst nightmare of what you implement.
    But if I were to get specific: NAC/NAP. "We need it to keep out rogues!" "Oh god, this is horrible to manage, take it out!"
    Curiously, I think this applies to almost all non-groundbreaking security technology (NAC isn't groundbreaking, the same benefit [being aware of rogue systems] can be done with simple arp-aware tools and some spare boxes. Sure, you don't get automatic correction, but is that *really* the value pursued?).

  1. No trackbacks yet.