lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dk at pwarchitects.com (dk)
Subject: A rather newbie question

Harlan Carvey wrote:

> > While I think you have a point I also think Ethan has one too. It
> > is important to remember that users are generally clueless and/or
> > unconcerned with security. Of course I'm grossly generalizing but I
> > think you get my point.
>
>  Yes, I can agree with that...I do get the point. But who are the
>  users? Say you're an admin at a law firm...if the users are supposed
>  to be security-conscious (face it, a great many admins lack even the
>  most rudimentary security awareness), then shouldn't the admins be
>  required to have a law degree, also? How about a hospital...shouldn't
>  each admin then have to have a medical degree?

Degrees? No. This is impractical for most business models.  But to be 
motivated
by the modern day necessity of user awareness and responsibility that comes
with the power of our computing machines - defiantly.

Barring that, they *must* be made aware of the risks they place on their
organization by using technology that they can easily mishandle. If they 
feel
this risk is acceptable, or even necessary given the current economic woes,
then that is the CEO's or B.O.D's call. Our job is to make (and keep) them
aware.

I admin a small Architectural Firm with a mix of OS's, mailservers, 
webservers,
specialized applications, workstations, laptops, plotters, printers... 
etc...
Basically anything that has electrons move through it I am expected to have
knowledge of or at least have the number to someone who does (I don't do
Copiers).  I am also to create and manage the electronic document 
standards for
the CAD applications and electronic document submittal, research new 
means and
methods, etc, etc, on and on.

Point of my rambling here is: When I am not doing one of the above (My
primary job description) I am fully expected to fill in for 
Architectural Design
and do the job of a 1st or 2nd year Architectural Intern that has a 4 year
degree in Architecture.  I do all of this, for less than 30k yr and neither
posses a Degree in any of the Computer Sciences nor in any of the 
Architecture
fields. (And for bonus points, if you carefully read my sentances you 
will see
that I do not possess a Degree in English either! :)   ) I am never 
given time
to research or practice the Architecture side of my job, but I am 
expected to
do it to a degree FAR greater than most admins ask the users to educate
themselves about "The Computer" or "Windows" when they have spare time.

I would love to trade shoes with them for a week and see how we'd both fare.

>  I agree that harmless joking is fine...but I've seen instances in
>  which that harmless joking became part of the admin's vocabulary,
>  even in front of those same users.

Well I think this may come from the frustrations of the modern American
Business outlook that the "Computer" is nothing but a big typewriter 
glued to a
Fax machine that produces money when the right keys are pressed
And perhaps in part because most "Admin's" are expected to fill many
more shoes than the co-workers they support.

So I've called my users, lusers for years to ease the frustrations that 
I must
endure daily in slowly repeating attachment mantra's, how to sync your palm,
how to change your background, why the "internet" is broke on their 
laptop (hint:
plug in the blue cable Boss)....

If *I* handled myself in an equal but opposite manner in regards to my 
assumed
"Architecture responcibilities", I'd be out of a job.

I just want that door to swing BOTH ways. Until then, they are the 
Lusers and I am
the Long Haired Freak giving up another Sunday evening tweaking the 
Bayesian filter
so sweet Edna over in Accounting can get her Amway newsletter.

But Edna ain't so sweet
when late is my timesheet,
or even incomplete.

:)

-- 
Dave

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ