> So organizations get compromised by well-meaning users who click on a > link in an email or slip up and use an insecure connection, and while > we can ameloriate that to a certain extent with code, we really need > to think more about how to make it easier for users to make the > "right" choices versus the "wrong" choices. >
Too often this is phrased as "users should know better." But, to be honest, I think most anyone could be fooled by a well planned spear-phishing attack. Last year it got RSA security, ORNL, Lockheed-Martin, and the entire state of South Carolina. The use of email in normal business practices far exceeds what should be done, given the lack of authentication and the ease of slipping malicious payloads into innocuous looking URLs, PDFs, etc. -- =================== R. R. Brooks Associate Professor Holcombe Department of Electrical and Computer Engineering Clemson University 313-C Riggs Hall PO Box 340915 Clemson, SC 29634-0915 USA Tel. 864-656-0920 Fax. 864-656-5910 email: r...@acm.org web: http://www.clemson.edu/~rrb -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech