lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu Jun  9 22:01:23 2005
From: jftucker at gmail.com (James Tucker)
Subject: Off topic rant to my friends

Quite right too, and IMO it is not completely off topic. I might point
out that (certainly on windows platforms) teaching users the F1 key is
also a damn good start, as the modern documentation is now quite
mature.

On 6/5/05, Randall M <randallm@...mail.com> wrote:
> Sorry to rant to this list. This list though has the only people on it who
> totally understand this ranting.
> 
> Every morning before heading for work I read all my security alert emails
> and website collections about possible Trojans, worms and viruses found.
> Being a faithful worker I do this on the Weekends too.
> 
> Once at work I check my web appliances, gateway, Exchange boxes and data
> servers for dat updates and check log files. I spend the first two-three
> hours of my work day doing this every day.
> 
> Why do I do this? I do it to protect my company's investment. To ensure that
> the employee's have a job that day. To make sure that customers will have on
> time delivery and so new customers can make orders, etc., etc.
> 
> Today I read this article:
> http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K0000614
> 
> For some reason, maybe the coffee, I sat there thinking what the hell am I
> doing all this for? Am I being paid by my company to set up and protect only
> for some future use as a botnet for some organized crime boss!!
> 
> I continually spend time, money and research on ways to protect. All of my
> mechanisms I use are actually as helpless as I am!! It's the blind leading
> the blind!!
> 
> Then, like a message from God, a memory of a phone call from one of our
> users came to me:
> 
> "Hey, I received this email about my account being suspended for security
> reasons, I immediately deleted it but just wanted to let you know".
> 
> My small employee awareness program was slowly paying off. A year ago that
> same phone call would have been the "I think I did something bad" type. I
> now realize that my investments and my time have been spent MORE in the
> wrong place. I'm turning that around and heading back to the user. They are
> MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
> Anti-Virus dats or the front-end Appliances or the Gateways because a simple
> "Click" by the user makes them all useless. And it looks as though I can't
> depend on them to keep that "click" opportunity from the user.
> 
> Praise be to God for the User! They are powerful! They are trainable! They
> are my BEST defense!
> 
> There. I fell better now.
> 
> 
> thank you
> Randall M
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ