Email is a bastion of badness. Do you block access to *all* email? How about IM? Or the Web in general?
My .02: The debate should be if the risk outweighs the benefit. My opinion is that in most cases the answer is no. There is a lot of benefit to companies to open these up. Yes, of course they need to invest in security to protect against the problem but that is no different than other areas, it's just a new vector. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tomas L. Byrnes Sent: Thursday, May 28, 2009 1:56 PM To: Dan Kaminsky Cc: [email protected]; [email protected] Subject: Re: [funsec] C-level execs ignorant of Web 2.0 dangers When I've explained to the users how Facebook, Myspace and other such sites are ways for malware authors to "drive by" them, I've had no resistance to blocking them. Now, it helps that in the most recent case, they had actually been infected using just that vector. >-----Original Message----- >From: Dan Kaminsky [mailto:[email protected]] >Sent: Wednesday, May 27, 2009 11:06 PM >To: Tomas L. Byrnes >Cc: <[email protected]>; <[email protected]> >Subject: Re: [funsec] C-level execs ignorant of Web 2.0 dangers > >I've been informed, very off the record, that large companies that >block Facebook at work have serious employee retention and acquisition >problems directly because of it. I'm dead serious. > > > >On May 28, 2009, at 6:49 AM, "Tomas L. Byrnes" <[email protected]> wrote: > >> C - level parsed correctly means Clue MINUS level. Since level is the >> highest in the company, you do the math. >> >> >> >>> -----Original Message----- >>> From: [email protected] [mailto:funsec- >>> [email protected]] >>> On Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah >>> Sent: Monday, May 25, 2009 3:49 PM >>> To: [email protected] >>> Subject: [funsec] C-level execs ignorant of Web 2.0 dangers >>> >>> http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml- >>> 9e7f4ffd- >>> 70b7-4120&Portal=448d158c-d857-4785-b759-ffa1c005933c&sub=7345 >>> >>> C-level executives are pushing for greater access to social >>> networking >>> sites and >>> facilities, while even IT managers and security specialists are >>> unprepared to deal >>> with the full range of risks from this type of activity. >>> >>> In order to get some traction with senior management on this issue, >>> you >>> might >>> want to remind them that, when they take off with funds they've >> obtained >>> via >>> fraud, it's best not to post boasts on Facebook: >>> >>> >http://www.smh.com.au/news/technology/web/2009/05/25/1243103468196.html >>> >>> ====================== (quote inserted randomly by Pegasus Mailer) >>> [email protected] [email protected] >>> [email protected] >>> The real problem is in the hearts and minds of men. It is not a >>> problem of physics but of ethics. It is easier to denature >>> plutonium than to denature the evil from the spirit of man. >>> - Albert Einstein >>> http://victoria.tc.ca/techrev/rms.htm >>> http://blog.isc2.org/isc2_blog/slade/index.html >>> http://twitter.com/rslade >>> http://blogs.securiteam.com/index.php/archives/author/p1/ >>> _______________________________________________ >>> Fun and Misc security discussion for OT posts. >>> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >>> Note: funsec is a public and open mailing list. >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. Protected by Websense Hosted Email Security -- www.websense.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
