lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: ccozad at sci-aust.com.au (Chris Cozad)
Subject: [inbox] Re: CyberInsecurity: The cost of Mo
	 nopoly 



-----Original Message-----
From: Valdis.Kletnieks@...edu [mailto:Valdis.Kletnieks@...edu]
Sent: Tuesday, 30 September 2003 11:49 PM
To: Chris Cozad
Cc: 'Paul Schmehl'; 'full-disclosure@...ts.netsys.com'
Subject: Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Mo nopoly 


On Tuesday, 30 September 2003 11:49 PM, Valdis.Kletnieks said:

>> Do you really think you could convince the average user that they need to
>> know this much about security? I mean, most users see their computers
(and
>> the network, servers, phones, faxes, etc...) as a tool to do business
with.
>> Nothing else. The computers are there to do a job, or help get a job
done,
>> and nothing else. It is not so much that they don't know, it is that they
>> don't need to know.

>This argument is a total crock.  Most people manage to drive cars that
>remain operational, because they either learn how to do the maintenance
>themselves, or they outsource it to a guy called a "mechanic".

>Here.. let's do a s/computer/cars/ on that paragraph:

You are just re-wording my point. Security Personel are the mechanics in
your example. There are two types of people user) in the computer world.
There are those that have an interest in how things work, and those that
don't care, or don't want to know. Our problem is that the vast majority of
users out there don't care about security. And these people probably don't
need to know. They are accountants, sales people, managers, trainers, etc...
They are employed for their abilities in other areas.

I suppose I could follow your example, and come up with a different analogy.
These same people that use our computers also use photocopiers. They don't
necessarily know all the functions that are available on that machine, nor
do they know how to fix it when it breaks. They may just know how to put a
piece of paper in the top, and make 10 copies come out the bottom. But that
is fine. Thats all they need to know to sell their product, or do their
accounts, or whatever.

I could keep going with coffee machines, printers, calculators, etc..., but
you get the point.

>> Do you really think you could convince the average person that they need
to
>> know this much about fuel injectors? I mean, most people see their cars
(and
>> the network, servers, phones, faxes, etc...) as a tool to do business
with.
>> Nothing else. The cars are there to do a job, or help get a job done,
>> and nothing else. It is not so much that they don't know, it is that they
>> don't need to know.

>I'll point out that the average car no longer comes with a crank to start
it,
>or a manual choke button that you have to remember to push back in.  The
>average car no longer needs major maintenance every few hundred miles.

>So why are we tolerating computers that have cranks and choke buttons and
>need major maintenance every few hundred hours?

We definitely shouldn't tolerate this, but until there is a viable
solution.......

Chris
----------------------------------------------------------------------------
----------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Service Corporation International Australia.

Scanning of this message and addition of this footer is performed
by SurfControl SuperScout Email Filter software in conjunction with 
virus detection software.
--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Service Corporation International Australia.

Scanning of this message and addition of this footer is performed
by SurfControl SuperScout Email Filter software in conjunction with 
virus detection software.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031002/a83d0481/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ