| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: [inbox] Re: CyberInsecurity: The cost of Mo nopoly [SNIP] > Oh come on. We don't expect our mechanics to brake and steer for us, > fer cryin' out loud. We're not talking about *maintaining the computer. > We're talking about *operating* it. Things like passwords, awareness of > attachment dangers, the need for routine patching (think oil changes) > and up to date antivirus software (think gas). The car mechanic takes > care of repairs and maintenance, yes, but the driver is the one who has > to bring the car in. That means they have to be *aware* that > maintenance is required. They have to realize that if they don't change > the oil every 3000 miles they will have long term problems. > > The same thing is true in computing. Users must realize that > maintenance is required, and it's their responsibility to "bring it in" > for maintenance. They can't just blithely assume that IT is doing it > for them. They need to *know* if it's overdue (think missing patches) > or requires an overhaul (think new OS.) > > We don't let people drive cars without some proof that they know how. > We don't even let them neglect the maintenance any more (think emissions > inspections.) Why should we let people use computers with no training, > no awareness of the potential trouble spots, no idea what they're > getting in to? That's insanity. And that's why we have hundreds of > thousands of infections with every new iteration of a worm or virus. > And IT people contribute to the problem by throwing up their hands and > saying that the users don't want to learn or can't be taught. They > *must* be taught. There is no other way to solve the problem. > This might come to be true in a workforce whence everyone has been made familiar with the technology, even educated with it in their formal growth years. But, I have to look at my userbase, and see many, yes many, that grew up and wrote their papers on typewriters <manual>, remember punch cards, dumb terminals, 8088's and lisa II's, had their desktops upgraded to win3.1/1 and 386's, and are nearing retirement age with the eveloution of super pentium speed CPU's. Quite a few of these folks seriously do not know how to program those clocks on their VCR's and feel no real need to have their kids or grandkids do it for them. Throughout their careers,m it's been the task of support staff to do things for them when it came to the tools they were supplied to do their jobs. How come suddenly now, when all alot of them are trying to do is 'hang-on' until they can retire in these forboding economic times, are we changing the whole game on them rather then helping to spur the economy, and do justice to all those skilled folks from various IT sectors that have been seeking new employment since the fallout since the 2000/1 recession, and actually staff those IT divisions and put those skills to work. And all the while seeing IT uppper mgt types ranting about their being no folks with the skills to hire? Security wire digests recent release had only to say that the top mgt positions are faring well in this economy, the other levels are suffering and thus those depts top level folks are tasked to manage remain, understaffed, underfunded, and filled with overburdened employees scrambling to stay on top of the jobs their tasked to do. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists