lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: purdy at tecman.com (Curt Purdy)
Subject: Super Worm

sean01@...net.com.au wrote:
> >On the other hand....without those dimwits I would be out of
> >a job...God
> >bless the dill's..
>
> Yeah, but with the problems and the stupidity of end users,
<snip>

> Make a good list wich people can check for themselves. A
> knowledge base
> maybe with good understandable descriptions of threats and
> info on new
> things wich might hit them. If they did not obey the list with checks
> they can be hold for ignorant, unhelpful, dumb, or any names you can
> think off (still stay polite). Prioritize those people by
> filtering who
> is helpful and sticks with the rules, and people who are just simply
> ignorant and not willing to learn from what you tell them. In
>  the end
> it is their own fault and they have to feel how it is to not being
> helped that quick.

Good points.  I have developed just such a list at our organization.  In
addition to quickly responding to these individuals when they need help,  I
take the extra time to educate them in security including conducting
voluntary classes, put them on an email list that I keep updating with the
latest worms and threats and fixes, and even take extra time to do
one-on-one to make them feel part of the team.  I have even dubbed our group
"the white-hats".

In return, they have taken it to heart and have become my un-official
deputies, keeping their eyes open for security problems from physical (an
unknown person walking around suspiciously or a co-worker pasting their
password on a monitor) to informational (notifying me of a virus getting
through the gateway filter or being able to access something they know they
shouldn't).  I have found that my time spent has paid me back in a user base
(at least part of it) that has become an asset not a liability, as we often
think of them.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke


Powered by blists - more mailing lists