Comments on: Spinnin’ Yarns http://www.securitycurve.com/wordpress/archives/415?utm_source=rss&utm_medium=rss&utm_campaign=spinnin-yarns Thu, 26 Jan 2012 14:33:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Starfan http://www.securitycurve.com/wordpress/archives/415/comment-page-1#comment-22 Starfan Fri, 17 Nov 2006 23:14:11 +0000 http://securitycurve.com/wordpress/?p=415#comment-22 You know, I've been looking all over the place for a security minded blogger to address SGC certs. These are nothing more than fools gold being sold to network and security "professionals" who don't take a little bit of time to analyze whether or not they are a good fit for their organization. Currently, I'm in a debate with some of my peers about their usefulness. CAs quote that these certs will ensure 99.9% protection. What they fail to mention is that SGC technology is extremely limited in scope and that all the right pieces must be at play in order for it to be useful at all. Old browsers on machines capable of 128bit encryption...Win2k boxes WITHOUT at least SP4. It has a very specific application that is probably not applicable to most of the security pros that buy into its usefulness today. If I had a multitude of users overseas who had not done a thing to update their PC since mid-2000, I might be able to convice myself to buy into the hype. Otherwise, the actual segment of clients that would need SGC technology is probably less than 1%...and they can't use SGC anyway! I'm finished ranting! :) Thanks for your post. You know, I’ve been looking all over the place for a security minded blogger to address SGC certs. These are nothing more than fools gold being sold to network and security “professionals” who don’t take a little bit of time to analyze whether or not they are a good fit for their organization.

Currently, I’m in a debate with some of my peers about their usefulness. CAs quote that these certs will ensure 99.9% protection. What they fail to mention is that SGC technology is extremely limited in scope and that all the right pieces must be at play in order for it to be useful at all. Old browsers on machines capable of 128bit encryption…Win2k boxes WITHOUT at least SP4. It has a very specific application that is probably not applicable to most of the security pros that buy into its usefulness today.

If I had a multitude of users overseas who had not done a thing to update their PC since mid-2000, I might be able to convice myself to buy into the hype. Otherwise, the actual segment of clients that would need SGC technology is probably less than 1%…and they can’t use SGC anyway!

I’m finished ranting! :) Thanks for your post.

]]>