lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: A rather newbie question

> While I think you have a point I also think Ethan
> has one too. It is important 
> to remember that users are generally clueless and/or
> unconcerned with 
> security. Of course I'm grossly generalizing but I
> think you get my point. 

Yes, I can agree with that...I do get the point.  But
who are the users?  Say you're an admin at a law
firm...if the users are supposed to be
security-conscious (face it, a great many admins lack
even the most rudimentary security awareness), then
shouldn't the admins be required to have a law degree,
also?  How about a hospital...shouldn't each admin
then have to have a medical degree?

> Keeping in mind that the weakest link can be the
> average user is always a 
> good idea. And who would argue with idiot proofing
> any system, computer or otherwise?

Within the context of the business needs of the
organization...sure.  
 
> So I think a little harmless joking amongst
> ourselves isn't necessarily all 
> bad :-) After all, how many ID10T errors have you
> fixed in the last week ;-P

I agree that harmless joking is fine...but I've seen
instances in which that harmless joking became part of
the admin's vocabulary, even in front of those same
users.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ