lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: evaughn at levithan.net (Ethan Vaughn)
Subject: A rather newbie question

OK. OK. But the point is *User Beware*. Just because the only thing on
your computer is aunt Gracie's recipes and a couple games doesn't mean
it's not important to try and secure it. The "no valuables here" might
work WRT the physical world of security (don't leave your digital cam
sitting on the driver's seat), but it's diff't with the Internet ... and
not necessarily intuitive. It just seems to be a common argument I hear --
indeed, one I used myself way back when.

Anyway. I think I'm preeching to the choir, as it were. I just thought it
worth mentioning ...




>> While I think you have a point I also think Ethan
>> has one too. It is important
>> to remember that users are generally clueless and/or
>> unconcerned with
>> security. Of course I'm grossly generalizing but I
>> think you get my point.
>
> Yes, I can agree with that...I do get the point.  But
> who are the users?  Say you're an admin at a law
> firm...if the users are supposed to be
> security-conscious (face it, a great many admins lack
> even the most rudimentary security awareness), then
> shouldn't the admins be required to have a law degree,
> also?  How about a hospital...shouldn't each admin
> then have to have a medical degree?
>
>> Keeping in mind that the weakest link can be the
>> average user is always a
>> good idea. And who would argue with idiot proofing
>> any system, computer or otherwise?
>
> Within the context of the business needs of the
> organization...sure.
>
>> So I think a little harmless joking amongst
>> ourselves isn't necessarily all
>> bad :-) After all, how many ID10T errors have you
>> fixed in the last week ;-P
>
> I agree that harmless joking is fine...but I've seen
> instances in which that harmless joking became part of
> the admin's vocabulary, even in front of those same
> users.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ