lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050605153216.33B88E6@lists.grok.org.uk>
Date: Sun Jun  5 16:32:24 2005
From: randallm at fidmail.com (Randall M)
Subject: Off topic rant to my friends

Sorry to rant to this list. This list though has the only people on it who
totally understand this ranting.

Every morning before heading for work I read all my security alert emails
and website collections about possible Trojans, worms and viruses found.
Being a faithful worker I do this on the Weekends too.

Once at work I check my web appliances, gateway, Exchange boxes and data
servers for dat updates and check log files. I spend the first two-three
hours of my work day doing this every day.

Why do I do this? I do it to protect my company's investment. To ensure that
the employee's have a job that day. To make sure that customers will have on
time delivery and so new customers can make orders, etc., etc.

Today I read this article:
http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K0000614
 
For some reason, maybe the coffee, I sat there thinking what the hell am I
doing all this for? Am I being paid by my company to set up and protect only
for some future use as a botnet for some organized crime boss!! 

I continually spend time, money and research on ways to protect. All of my
mechanisms I use are actually as helpless as I am!! It's the blind leading
the blind!!

Then, like a message from God, a memory of a phone call from one of our
users came to me: 

"Hey, I received this email about my account being suspended for security
reasons, I immediately deleted it but just wanted to let you know".

My small employee awareness program was slowly paying off. A year ago that
same phone call would have been the "I think I did something bad" type. I
now realize that my investments and my time have been spent MORE in the
wrong place. I'm turning that around and heading back to the user. They are
MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
Anti-Virus dats or the front-end Appliances or the Gateways because a simple
"Click" by the user makes them all useless. And it looks as though I can't
depend on them to keep that "click" opportunity from the user. 

Praise be to God for the User! They are powerful! They are trainable! They
are my BEST defense!

There. I fell better now.


thank you 
Randall M 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ