Security Common Sense Lost

The <a href="http://www.auscert.org.au/">Australian Computer Emergency Response Team</a> last week held a security conference that is making <a href="http://news.cnet.com/insecurity-complex/?tag=rb_content;overviewHead">headlines</a> for the wrong reasons. Apparently, organizers allowed IBM to hand out USB keys to conference participants, some of which contained malware. <a href="http://beastorbuddha.com/2010/05/21/ibm-letter-to-auscert-delegates-free-malware-giveaway/">Oh, the irony</a>.

The Australian Computer Emergency Response Team last week held a security conference that is making headlines for the wrong reasons. Apparently, organizers allowed IBM to hand out USB keys to conference participants, some of which contained malware. Oh, the irony.

The AusCERT 2010 conference tagline is "Nothing Without Security," but it looks like organizers ignored what could be the most fundamental rule in the book: Don't stick USB keys into your computer. This truly boggles the mind, and I'm not sure what's worse - that the conference handed out the keys, or that some of the participants used them. Remember, there's no such thing as a safe USB key, no matter where it comes from.

This news also reminds me of the open computer portals at this year's RSA conference in San Francisco. Many conference participants did their computing from them despite being open and completely visible to hundreds of people walking by. In fact, there were four computers set up next to an escalator, giving those riding up and down a nice long perched look at users' computing. Where did the common sense go?