Jesper M. Johansson, Senior Security Strategist for Microsoft, writes in his November Security Management column:

The “verbification” of our languages is a wonderful thing, isn’t it? ACL is just one of the recent additions to the powerful list of new verbs we have available to us. ACL stands for Access Control List. However, you have probably heard people use it as a verb, in the context of “you need to ACL the boot partition so Everyone can’t get to it.”

Just as the use of nouns as verbs drive linguists up the wall, statements like that should drive security professionals up the wall. Misuse of ACLs is another one of the very common ways to shoot yourself in the foot with security. In this article, part 2 of an n-part series on how not to do security, we will discuss some of the common problems people get into with ACLs.

[Continue reading How to Shoot Yourself in the Foot with Security, Part 2: To ACL or Not to ACL]

[tags]security,acl,access control list,windows problem[/tags]