lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: full-disclosure at illuminated.nl (Aschwin Wesselius)
Subject: Super Worm

Sean Crawford wrote:

>Phil wrote------------->
>
>>Nor their arrogance.  I had two people tell me this weekend that they had
>>got a virus from Windows Update.  No way would they listen to what I told
>>them.  And it was a complete waste of time enumerating the various attack
>>vectors which could lead them to believing that that was what happened.
>>Whatever I told them, they still refused to believe any other explanation
>>than that Microsoft had sent them a virus from the Windows Update site.
>>    
>>
>FFS.....I can just hear them now..
>
>I do support for a small company(about 150 end users)and these are the same
>issues I go through daily, don't even try and explain exploits, it leads to
>another whole world of frustration/pain..most people don't even want to
>understand..
>
>I say it all the time to my boss...IT support is a thankless job as the only
>time I/we get a call is when someone's not happy...
>
>On the other hand....without those dimwits I would be out of a job...God
>bless the dill's..
>  
>

Yeah, but with the problems and the stupidity of end users, the curve of 
complexity gets steeper. Dimwits can be good, because it keeps you awake 
and focussed. But too many, gives you headaches and makes you go off 
schedules.

True control (to keep your job) is to have control on the dosis of 
knowledge about security. Keep them wellinformed, but not into the 
sticky details, so you have tasks left for yourself.

Make a good list wich people can check for themselves. A knowledge base 
maybe with good understandable descriptions of threats and info on new 
things wich might hit them. If they did not obey the list with checks 
they can be hold for ignorant, unhelpful, dumb, or any names you can 
think off (still stay polite). Prioritize those people by filtering who 
is helpful and sticks with the rules, and people who are just simply 
ignorant and not willing to learn from what you tell them. In  the end 
it is their own fault and they have to feel how it is to not being 
helped that quick.

If people are refusing to listen, or just ignore your job as what it 
means (to prevent and solve problems) you don't have to help them, since 
in their view you don't exist, or are not important to them. Turn it 
around and hold them for not being important either, since it works both 
ways. You have to do it together and you are not Cinderella.

Kind regards,

Aschwin Wesselius

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ