|
I dunno if this is any worse than the many, many replies one sees to
some hot topic about Microsoft and stuff like that.. Overall everytime
I went to a security conference users got insulted. They were stupid,
they fell for things, hook line and sinker etc. etc. etc. Of course
sometimes the "professionals" never mentioned that the poor users are
bombarded by a bunch of directives that are not explained and are hard
to follow and seem like another stupid directive handed down from
on-high that ask them to do something difficult without explaining how,
for example how to pick passwords that are not in the dictionary. The
take a phrase and take the first letter technique is something that
does not intuitively spring to mind to everyone. It took a lecture to
explain that "F*CK SUSAN and BOB" were not good passwords. N.B. I have
been around for awhile and on the old TOPS-20 Systems passwords were
not intially encrypted. So it was easy to find actual passwords and
tell people not to use those. Now things are encrypted and all that
but still a weakpassword doesn't work and other small things that
people could do to be just reasonably careful they don't. Dunno how
much verbage to waste on random issues. Have Fun, Sends Steve I read the article and it was interesting. I don't quite know how much of it to believe. It is clear some people are up to something questionable. Whether it fits the model the authors have of well coordinated effort to deliver services to organized crime maybe a bit much on the conspiracy side for me tyo swallow. Security experts often miss that they use FUD without knowing it. But it is still to be careful because there are people who don't realise one's machine might be for something important and not just a plaything for others to mess with and ruin if they had a bad day or wanted to play weird "process war games". Have Fun, Sends Steve J.A. Terranson wrote: You don't have a blogspot account you could have posted this to?On Sun, 5 Jun 2005, Randall M wrote:Date: Sun, 5 Jun 2005 10:32:20 -0500 From: Randall M <[EMAIL PROTECTED]> To: [email protected] Subject: [Full-disclosure] Off topic rant to my friends Sorry to rant to this list. This list though has the only people on it who totally understand this ranting. Every morning before heading for work I read all my security alert emails and website collections about possible Trojans, worms and viruses found. Being a faithful worker I do this on the Weekends too. Once at work I check my web appliances, gateway, Exchange boxes and data servers for dat updates and check log files. I spend the first two-three hours of my work day doing this every day. Why do I do this? I do it to protect my company's investment. To ensure that the employee's have a job that day. To make sure that customers will have on time delivery and so new customers can make orders, etc., etc. Today I read this article: http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K0000614 For some reason, maybe the coffee, I sat there thinking what the hell am I doing all this for? Am I being paid by my company to set up and protect only for some future use as a botnet for some organized crime boss!! I continually spend time, money and research on ways to protect. All of my mechanisms I use are actually as helpless as I am!! It's the blind leading the blind!! Then, like a message from God, a memory of a phone call from one of our users came to me: "Hey, I received this email about my account being suspended for security reasons, I immediately deleted it but just wanted to let you know". My small employee awareness program was slowly paying off. A year ago that same phone call would have been the "I think I did something bad" type. I now realize that my investments and my time have been spent MORE in the wrong place. I'm turning that around and heading back to the user. They are MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the Anti-Virus dats or the front-end Appliances or the Gateways because a simple "Click" by the user makes them all useless. And it looks as though I can't depend on them to keep that "click" opportunity from the user. Praise be to God for the User! They are powerful! They are trainable! They are my BEST defense! There. I fell better now. thank you Randall M _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ |
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
