lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: [OFFTOPIC] Zone Alarm

If you understand security, using Outlook/Exchange is not dangerous.  If
it makes you feel better, I can respond from my RedHat box or my OpenBSD
box or my FreeBSD box.  Frankly, I don't really give a rats a$$.  I use
what's handy at the time.  They're just tools, and I'm not religious
about them.

I'm already on record as saying that I *prefer* a DSL router or "true"
firewall.  I'm just trying to make the point that *for some people* PFWs
are better, because they're simple to use and understand and they're
certainly better than nothing, which is what they'll have if you try to
get them to use more sophisticated tools.  Hell, some of our users still
struggle trying to figure out how a mouse works.  I just tell them,
don't ask me to master physics and I won't ask you to master computers.
They're just tools to do work.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/


-----Original Message-----
From: Robert J. Liebsch [mailto:rliebsch@...neyamashita.com] 
Sent: Wednesday, June 04, 2003 8:57 PM
To: Schmehl, Paul L
Cc: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm


worse than HTML email... Exchange 
*eep* 
I have mixed emotions about making ppl understand security. Users are
rather stupid by nature. 
Otherwise, I wouldn't have a job. 
I think however, having them use the software and equipment, making
natural, and letting them 
watch the news and read the magazines, and talk to the clients about
"oh, that worm/virus/hack, 
didn't affect us. 
I cannot make users understand why they need to change passwords. They
argue and whine and 
cry alot, but they do change those passwords. 
My wife, my family are not tech savvy folks. But they humor me and they
take precautions, then 
they patiently listen to their friends and collegues complain about
virii, ftp and irc servers they were 
unwittingly running on thier systems. Then I get to overhear my family
say things like "well why don't 
you have a Router/Firewall thingy... it works for me" 
9out of 10, that silly little NAT on the linksys is enough to ward off
penetrations to home computers, for 
home manual non-reading users. 
Ferrari?!? Um, need a son, or another admin... I don't even own a car
*grin* 



---------- 
From:   Schmehl, Paul L 
Sent:   Wednesday, June 4, 2003 6:44 PM 
To:     Robert J. Liebsch; Michael Reilly; Kurt Seifried 
Cc:     Ben Tyson-Norrman; full-disclosure@...ts.netsys.com 
Subject:        RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm 
>-----Original Message----- 
>From: Robert J. Liebsch [mailto:rliebsch@...neyamashita.com] 
>Sent: Wednesday, June 04, 2003 6:45 PM 
>To: Michael Reilly; Schmehl, Paul L; Kurt Seifried 
>Cc: Ben Tyson-Norrman; full-disclosure@...ts.netsys.com 
>Subject: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm 
> 
> 
>I have on asbestos underwear, so I am prepared for your flames...  
> 
You should be, since you're using HTML email. :-) 
> 
>However, Because security is inconvenient does not make it 
>irrelevant. You do have your car serviced? You do go see a 
>doctor regularly? You do perform maintenance to your home? 
>   ....don't you? 
Yes, but I don't expect my 20 year old daughter to jump in my Ferrari 
and drive it safely either.  She drives the Honda Civic, and after she's

got some experience under her belt and has gone to driving school *then*

I'll consider giving her the keys to the Ferrari. 
I'd rather have an inexperienced user behind a PFW any day than expect 
them to understand and *properly* implement NAT *and* a firewall.  I'd 
rather have them introduced to the concept of security in a way that 
they understand than to shove it down their throats with technology they

don't comprehend and can't possibly use correctly. 
Paul Schmehl (pauls@...allas.edu) 
Adjunct Information Security Officer 
The University of Texas at Dallas 
AVIEN Founding Member 
http://www.utdallas.edu/~pauls/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ