Matt Goff’s Techdirt Profile

gatorheel

About Matt Goff




Matt Goff’s Comments comment rss

  • Jul 8th, 2014 @ 12:33pm

    Re: Re: Re: Re: Don't Cheapen Real Security Screw-ups

    First, in my opinion you're not in keeping with the spirit of the "real name" request (and, in my opinion, you know this).

    Second, you called me "a special kind of narcissist." Technically you only implied it, I suppose.

    Shared training credentials leaking via the CNN report is a total red herring. There are so, so, so many reasons not to have training accounts on production systems and to not have real data on training instances that anyone who does this (company prohibition or no) is lazy and unprofessional. The bonus is, if this is done, there's no reason to worry about training credentials being revealed.

    Really, what's the alternative? Create unique training accounts and high-entropy passwords for every user for every class? How will these credentials be transmitted to the user? If it's in writing, you know some third party would eventually get their hands on that and blow it out of proportion too (even if these unique accounts were deleted at the end of the training session since the bias on the internet seems to be to assume that everyone who is not you is a complete moron).
  • Jul 8th, 2014 @ 11:51am

    Re: Re: Don't Cheapen Real Security Screw-ups

    Michael, name calling isn't very productive. It's an easy thing to do while cloaked in the anonymity of the internet (and while disregarding Techdirt's request to use your real name), but I wonder if you would speak to someone like that in person.

    Back to the LAPD: Why do you assume it isn't dummy data? In addition to leading classes, I have also attended dozens and NEVER ONCE has the training system had real data. We don't even use real data in our dev environments-- only UAT and production have real data. AFAIK, this is industry standard. If they have real data on a training instance, THAT is the REAL mistake.
  • Jul 8th, 2014 @ 11:06am

    Don't Cheapen Real Security Screw-ups

    Who cares? I have run IT training many times where I put the shared login up on a whiteboard. It's pretty standard practice to have an isolated training instance and to load dummy data so you don't have to worry about specific user rights.

    Save all the hate for real security screw-ups. Piling on to this one just looks like petty cop-hating.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it