[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002601c357a9$5ac02fe0$8f04d882@bzdrnja>
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
Subject: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
> -----Original Message-----
> From: Ron DuFresne [mailto:dufresne@...ternet.com]
> Sent: Thursday, 31 July 2003 10:20 a.m.
> To: Bojan Zdrnja
> Cc: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Avoiding being a good admin -
> was DCOM RPC exploit (dcom.c)
>
> Cool, perimiter security and forcing users to text only based e-mail
> clients liek e-mail was intended <grin>.
See Paul's post about recommending that to a dean, VP or whatever else.
> Eucation works poorly. Educate you users and then 30 minutes later some
> of thm will go to their everything-AND-the-kitchen-sink desktop OS, click
> on that same mass mailed exe you just told them not to click on, and
> reopen the need to once again re-educte your userbase cycle. Of course 9
Then you are a bad teacher. A good teacher will deliver that knowledge to
his students in a way that will let it stay in their minds.
> out of 10 times it;s going to be one of the upper mgt folks that pushed
> for the employee education project that does the uncondoned clicking of
> that exe...
We can fight against that with other layers of security. However, only
education will raise security awareness.
Regards,
Bojan Zdrnja
Powered by blists - more mailing lists