| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 Feb 2009 09:55:20 -0500 From: "Elazar Broad" <elazar@...hmail.com> To: yr42.lists@...il.com, kevin@....appstate.edu Cc: full-disclosure@...ts.grok.org.uk, astle.j@...il.com Subject: Re: Windows 7 UAC compromised -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <snip> I maintain that by not educating our users we are failing in that goal. </snip> With many it is in one ear, out the other, unless you are allowed to use a clue bat... On Fri, 06 Feb 2009 09:36:32 -0500 Kevin Wilcox <kevin@....appstate.edu> wrote: >2009/2/6 Yudi Rosen <yr42.lists@...il.com>: > >> But Joe the Plumber doesn't want to have to click on endless >'confirm' >> dialogs every time he tries to use the computer. Simply having >him run as a >> non-admin user only fixes half the problem. > >No, it doesn't fix anywhere *near* half of the problem; it doesn't >address that we have millions of people that use their computers >without knowing anything about them. > >"But not every car driver needs to be a mechanic!" Yes, I know >this, >but every driver needs to know that there are laws and rules >concerning how they drive and what happens when a 1200 kilogramme >car >hits a 100 kilogramme pedestrian at 70 kilometres/hour. Every >driver >needs to know they need to have their tyres rotated and their oil >changed. There are things you must know beyond, "accelerator, >decelerator and steering wheel". > >"But a computer isn't going to kill anyone if someone gets >infected by >a virus or trojan!" Yes, I know this, too, but if you're mixing >questionable software and surfing habits with online banking and >shopping, it's a recipe for destruction. Welcome to identity theft >and >empty bank accounts. > >We can either continue to pretend like it's *only* really crappy >software or we can realise that it's a combination of easily >exploitable software, user ignorance and user apathy. You can give >them an operating system that has been vetted and been through >multiple code reviews by people that really do know secure OS >design >but they wouldn't be able to accomplish anything at all. So what >do we >do? We give them operating systems that are less secure, hope they >don't shoot their feet off and turn them loose with it - but we >don't >shoulder the burden of training them. Some of us do but we, as a >collective, do not. Until we can properly educate our users, all >we >are doing is trying to mitigate risk in the best ways we can while >still providing them a service. I maintain that by not educating >our >users we are failing in that goal. > >kmw > >-- >Far better is it to dare mighty things, to win glorious triumphs, >even >if chequered by failure, than to take rank with those poor spirits >who >neither enjoy much nor suffer much, because they live in the grey >twilight that knows not victory or defeat. > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkmMT1gACgkQi04xwClgpZgnUgP7B0HbM0CEvXuhzgFmOuCe78TAbNsu sbc4JuWZU7sY6AqL7gHlg7MP4x6z3j49DWYtpHOHLvwThJeKzwxAthXnnaH0I6PT64Ki 5l2HO42hI+hmablEJKvqSdBCMJgk48UGONnFAPvVCuThr3yyIRpnIb9vjH5RDY093yOo KMo1FTY= =eAt7 -----END PGP SIGNATURE----- -- Protect our community. Click here to take criminal justice classes and begin a rewarding career. http://tagline.hushmail.com/fc/PnY6qxtpLJCHFvjYoeYUQ4XsQaFkOvAGtlKkYBY2VxrXTypHIfN0k/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists