lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <OF5B698445.D6983D17-ON86256E27.0052D750-86256E27.00543ED9@kohls
	.com>
From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com)
Subject: Anti-MS drivel




This perhaps needs some clarification.  My response to Tobias should in no
way be construed as an MS Apologista defending their record vis-a-vis
software design/secure coding.  Far from it.  It was, rather, an effort to
point out that  >>When a customer "makes a mistake" then it's not his own
but the vendor's<< does not even remotely survive the test of extending a
statement/arguement to even logical extremes.

When we have users who, within 5 minutes of receiving and reading an email
from IS Security that says "XXXXX Email may be landing in your
inbasket...with this subject...from this address...DO NOT OPEN THE
ATTACHMENT IN THAT EMAIL, please delete it immediately" decide that it did
not really mean them, and proceed to open said attachment anyway, they are
making mistakes...period.  (NOTE:  Yes we should be stripping all
potentially executable attachments, my shop does...hope yours does
too...but, I'm also willing to bet that if we are honest...I am damned sure
not in the minority of people who have had this scenario play out in the
past...and who are still very concerned about hundreds of laptop users who
are garbbing email from ISP-based sources while they are on the road)

It's wonderful to pontificate about how the world ought to be...but there
are more than a few of us who get to deal with it the way it is.  People
make mistakes.

Bart Lansing
Manager, Desktop Services
Kohl's IT


full-disclosure-admin@...ts.netsys.com wrote on 01/24/2004 05:57:25 PM:

> Bart.Lansing@...ls.com wrote:
>
> > Tobias, I have to tell you that >>Customer is king. mistake.<< is
getting old.
> >
> > 1.  If the customer decided to  make a sharp left turn at 120 kph on an
icy
> > mountain road and slid his car off the side of the cliff...or...
> >
> > 2.  If the customer decided to ignore the product warnings and popped
that
> > can of beans in the microwave then stood there with his face against
the
> > window to watch...or...
> >
> > 3.  If the customer decided to go scuba diving at 100 meters, ignored
the
> > guages that told him he was out of air, then decided to rocket to the
> > surface as fast as he could so he could get a breath...
> >
> > THE CUSTOMER MADE A MISTAKE
>
> True, but in all those cases it is reasonable to expect that a
> (reasonable) customer _should_ know better.
>
> The problem -- at least with "consumer computers" -- is that typical
> consumers do not (and, it seems, for quite some time to come yet, will
> not) "know better".  However, we keep selling them computers as if the
> mismatch between the devices' capability and the user's ability to use
> them safely are in harmony.
>
> This assumption clearly does not even hold for much of the corporate
> world (or at least _has not_), where supposedly "expert" folk are
> responsible for running the computer systems much of our financial
> systems, and thus our commerce, now depends on.  Despite this, the
> computer industry was allowed to expand and expand and expand to the
> point where any attempt to regulate it would have had massive negative
> social, economic and political repercussions, meaning we ended up in
> the situation of self-sustaining (commercial) madness that produced
> Windows XP Home...
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ