On Wed, 13 Jan 2010, Paul M. Moriarty wrote: > Or put another way, expecting end users to change their behavior and > start doing all the things they "should" be doing is futile. Any > approach based on this premise will fail.
That's not what I read Dan Kaminsky's point to be at all --- his point is, as I understood it, that some users' job *is* to open unsolicited attachments from random people on the internet. They *are* doing what they should be doing. The fact that this exposes their entire company to attack can't really be blamed on user misbehavior. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
