| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com) Subject: Anti-MS drivel This perhaps needs some clarification. My response to Tobias should in no way be construed as an MS Apologista defending their record vis-a-vis software design/secure coding. Far from it. It was, rather, an effort to point out that >>When a customer "makes a mistake" then it's not his own but the vendor's<< does not even remotely survive the test of extending a statement/arguement to even logical extremes. When we have users who, within 5 minutes of receiving and reading an email from IS Security that says "XXXXX Email may be landing in your inbasket...with this subject...from this address...DO NOT OPEN THE ATTACHMENT IN THAT EMAIL, please delete it immediately" decide that it did not really mean them, and proceed to open said attachment anyway, they are making mistakes...period. (NOTE: Yes we should be stripping all potentially executable attachments, my shop does...hope yours does too...but, I'm also willing to bet that if we are honest...I am damned sure not in the minority of people who have had this scenario play out in the past...and who are still very concerned about hundreds of laptop users who are garbbing email from ISP-based sources while they are on the road) It's wonderful to pontificate about how the world ought to be...but there are more than a few of us who get to deal with it the way it is. People make mistakes. Bart Lansing Manager, Desktop Services Kohl's IT full-disclosure-admin@...ts.netsys.com wrote on 01/24/2004 05:57:25 PM: > Bart.Lansing@...ls.com wrote: > > > Tobias, I have to tell you that >>Customer is king. mistake.<< is getting old. > > > > 1. If the customer decided to make a sharp left turn at 120 kph on an icy > > mountain road and slid his car off the side of the cliff...or... > > > > 2. If the customer decided to ignore the product warnings and popped that > > can of beans in the microwave then stood there with his face against the > > window to watch...or... > > > > 3. If the customer decided to go scuba diving at 100 meters, ignored the > > guages that told him he was out of air, then decided to rocket to the > > surface as fast as he could so he could get a breath... > > > > THE CUSTOMER MADE A MISTAKE > > True, but in all those cases it is reasonable to expect that a > (reasonable) customer _should_ know better. > > The problem -- at least with "consumer computers" -- is that typical > consumers do not (and, it seems, for quite some time to come yet, will > not) "know better". However, we keep selling them computers as if the > mismatch between the devices' capability and the user's ability to use > them safely are in harmony. > > This assumption clearly does not even hold for much of the corporate > world (or at least _has not_), where supposedly "expert" folk are > responsible for running the computer systems much of our financial > systems, and thus our commerce, now depends on. Despite this, the > computer industry was allowed to expand and expand and expand to the > point where any attempt to regulate it would have had massive negative > social, economic and political repercussions, meaning we ended up in > the situation of self-sustaining (commercial) madness that produced > Windows XP Home... > > > Regards, > > Nick FitzGerald > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists