lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002601c357a9$5ac02fe0$8f04d882@bzdrnja>
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
Subject: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) 


> -----Original Message-----
> From: Ron DuFresne [mailto:dufresne@...ternet.com] 
> Sent: Thursday, 31 July 2003 10:20 a.m.
> To: Bojan Zdrnja
> Cc: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Avoiding being a good admin - 
> was DCOM RPC exploit (dcom.c) 
> 
> Cool, perimiter security and forcing users to text only based e-mail
> clients liek e-mail was intended <grin>.

See Paul's post about recommending that to a dean, VP or whatever else.

> Eucation works poorly.  Educate you users and then 30 minutes later some
> of thm will go to their everything-AND-the-kitchen-sink desktop OS, click
> on that same mass mailed exe you just told them not to click on, and
> reopen the need to once again re-educte your userbase cycle.  Of course 9

Then you are a bad teacher. A good teacher will deliver that knowledge to
his students in a way that will let it stay in their minds.

> out of 10 times it;s going to be one of the upper mgt folks that pushed
> for the employee education project that does the uncondoned clicking of
> that exe...

We can fight against that with other layers of security. However, only
education will raise security awareness.

Regards,

Bojan Zdrnja


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ