lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dufresne at winternet.com (Ron DuFresne)
Subject: [inbox] Re: CyberInsecurity: The cost of Mo
 nopoly 

On Tue, 30 Sep 2003 Valdis.Kletnieks@...edu wrote:

> On Tue, 30 Sep 2003 16:09:51 +1000, Chris Cozad said:
>
> > Do you really think you could convince the average user that they need to
> > know this much about security? I mean, most users see their computers (and
> > the network, servers, phones, faxes, etc...) as a tool to do business with.
> > Nothing else. The computers are there to do a job, or help get a job done,
> > and nothing else. It is not so much that they don't know, it is that they
> > don't need to know.
>
> This argument is a total crock.  Most people manage to drive cars that
> remain operational, because they either learn how to do the maintenance
> themselves, or they outsource it to a guy called a "mechanic".
>
> Here.. let's do a s/computer/cars/ on that paragraph:
>
> > Do you really think you could convince the average person that they need to
> > know this much about fuel injectors? I mean, most people see their cars (and
> > the network, servers, phones, faxes, etc...) as a tool to do business with.
> > Nothing else. The cars are there to do a job, or help get a job done,
> > and nothing else. It is not so much that they don't know, it is that they
> > don't need to know.
>
> I'll point out that the average car no longer comes with a crank to start it,
> or a manual choke button that you have to remember to push back in.  The
> average car no longer needs major maintenance every few hundred miles.
>
> So why are we tolerating computers that have cranks and choke buttons and
> need major maintenance every few hundred hours?
>


Howdy Valdis,

Yet if we continue with your analogy, then it's merely advocating that the
average user still needs to 'outsource' their pc maintainance to a trained
pc 'mechanic'.  cool, job security <smile>!

Ive a number of times, in various forums, including this one, stated that
user training is not a means in and of itself, and feel that any reliance
upon that as the major factor is keeping systems patched and uptodate and
secure is bound to failure.  Time and again, it's been shown that, lusers
as others have stated again, only see their systems as a 'tool' with which
to do their real jobs, and thus user training is an ongoing/never-ending
proposition.  There are a number of companies that make their fortunes on
this premise.

Thanks,


Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ