lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri Jun 10 11:12:24 2005
From: cmacfarlane at Drummond-Miller.co.uk (Cassidy Macfarlane)
Subject: Off topic rant to my friends

Agreed.

In ICT/Security, I commonly encounter an attitude of 'technocracy' - in
that skilled professionals look down upon and patronise the plain
(relatively unskilled) user.

In business, this attitude is immensely counter-productive, as unless
ICT/Security staff are approachable, they are not going to learn of
day-to-day issues encountered by 'their' users.  

I am a strong believer in the 'support through training' ideal, as the
users have to learn what it is they are either doing wrong, or just not
in the 'right way' (such as checking a suspect mail from phishing
attributes: incorrect URLS/suspect text, etc).  These users cannot be
expected to see through all the varied and nefarious ways malware can be
presented, unless they are shown/trained how to do so.

Not OT at all, imho.

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of James
Tucker
Sent: 09 June 2005 22:01
To: Randall M
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Off topic rant to my friends


Quite right too, and IMO it is not completely off topic. I might point
out that (certainly on windows platforms) teaching users the F1 key is
also a damn good start, as the modern documentation is now quite
mature.

On 6/5/05, Randall M <randallm@...mail.com> wrote:
> Sorry to rant to this list. This list though has the only people on it
who
> totally understand this ranting.
> 
> Every morning before heading for work I read all my security alert
emails
> and website collections about possible Trojans, worms and viruses
found.
> Being a faithful worker I do this on the Weekends too.
> 
> Once at work I check my web appliances, gateway, Exchange boxes and
data
> servers for dat updates and check log files. I spend the first
two-three
> hours of my work day doing this every day.
> 
> Why do I do this? I do it to protect my company's investment. To
ensure that
> the employee's have a job that day. To make sure that customers will
have on
> time delivery and so new customers can make orders, etc., etc.
> 
> Today I read this article:
>
http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K000
0614
> 
> For some reason, maybe the coffee, I sat there thinking what the hell
am I
> doing all this for? Am I being paid by my company to set up and
protect only
> for some future use as a botnet for some organized crime boss!!
> 
> I continually spend time, money and research on ways to protect. All
of my
> mechanisms I use are actually as helpless as I am!! It's the blind
leading
> the blind!!
> 
> Then, like a message from God, a memory of a phone call from one of
our
> users came to me:
> 
> "Hey, I received this email about my account being suspended for
security
> reasons, I immediately deleted it but just wanted to let you know".
> 
> My small employee awareness program was slowly paying off. A year ago
that
> same phone call would have been the "I think I did something bad"
type. I
> now realize that my investments and my time have been spent MORE in
the
> wrong place. I'm turning that around and heading back to the user.
They are
> MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
> Anti-Virus dats or the front-end Appliances or the Gateways because a
simple
> "Click" by the user makes them all useless. And it looks as though I
can't
> depend on them to keep that "click" opportunity from the user.
> 
> Praise be to God for the User! They are powerful! They are trainable!
They
> are my BEST defense!
> 
> There. I fell better now.
> 
> 
> thank you
> Randall M
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ