OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] Off topic rant to my friends

From: James Tucker (jftuckergmail.com)
Date: Thu Jun 09 2005 - 16:01:16 CDT


Quite right too, and IMO it is not completely off topic. I might point
out that (certainly on windows platforms) teaching users the F1 key is
also a damn good start, as the modern documentation is now quite
mature.

On 6/5/05, Randall M <randallmfidmail.com> wrote:
> Sorry to rant to this list. This list though has the only people on it who
> totally understand this ranting.
>
> Every morning before heading for work I read all my security alert emails
> and website collections about possible Trojans, worms and viruses found.
> Being a faithful worker I do this on the Weekends too.
>
> Once at work I check my web appliances, gateway, Exchange boxes and data
> servers for dat updates and check log files. I spend the first two-three
> hours of my work day doing this every day.
>
> Why do I do this? I do it to protect my company's investment. To ensure that
> the employee's have a job that day. To make sure that customers will have on
> time delivery and so new customers can make orders, etc., etc.
>
> Today I read this article:
> http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K0000614
>
> For some reason, maybe the coffee, I sat there thinking what the hell am I
> doing all this for? Am I being paid by my company to set up and protect only
> for some future use as a botnet for some organized crime boss!!
>
> I continually spend time, money and research on ways to protect. All of my
> mechanisms I use are actually as helpless as I am!! It's the blind leading
> the blind!!
>
> Then, like a message from God, a memory of a phone call from one of our
> users came to me:
>
> "Hey, I received this email about my account being suspended for security
> reasons, I immediately deleted it but just wanted to let you know".
>
> My small employee awareness program was slowly paying off. A year ago that
> same phone call would have been the "I think I did something bad" type. I
> now realize that my investments and my time have been spent MORE in the
> wrong place. I'm turning that around and heading back to the user. They are
> MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
> Anti-Virus dats or the front-end Appliances or the Gateways because a simple
> "Click" by the user makes them all useless. And it looks as though I can't
> depend on them to keep that "click" opportunity from the user.
>
> Praise be to God for the User! They are powerful! They are trainable! They
> are my BEST defense!
>
> There. I fell better now.
>
>
> thank you
> Randall M
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/