Home page logo

basics logo Security Basics mailing list archives

RE: Need Horror Stories
From: "Matt" <mbuyukozer () gmx co uk>
Date: Wed, 4 Jun 2008 13:38:41 -0500

Hi Donovan,

I’m hoping getting your question right. Things that I could think on top of my head:

-For Virus protection: I would illustrate an virus attack (changing the contents of word documents or other types of 
files that are widely used) on a vmware machine live. One scenario would be, you receive an email from Outlook on a 
computer without antivirus and it happened to be .exe, .scr file and it starts destroying the contents of hard drive.

-For Firewall protection: I would use a windows box with default shares open and you put some family pictures or other 
private documents under My Documents and you can connect to that laptop wirelessly and show them how easily you can 
access to those files.

-For Wireless and Router protection: I would use a simple Linksys router without any security configuration on it and 
show them you can access to internet using their internet service and you can even access to their shared resources. I 
would do some data capturing on wireless but it would be very technical for them and they would reject to listen.

I don’t think these are very scary stories but hopefully it will be enough to horrify them ☺

Security Systems Products and Services

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of donovan () 
blackknightcomputerconsulting com
Sent: Wednesday, May 28, 2008 5:19 PM
To: security-basics () securityfocus com
Subject: RE: Need Horror Stories

Hi Jan,

Wow! After 19 years in the human services field and six years in IT I
think I DO "have a clue" what I'm really talking about. The last 10 of
these years was spent running one organization and on the boards of
three others. I've managed non-profits with budgets ranging from $0 to

My challenge is that these folks are incredibly busy at the same time as
most are incredibly intimidated by technology. My goal here is to get
anecdotes that will enhance their buy-in on security. I have plenty of
solutions to offer; my challenge is to convince them to put the time
into implementing them. 

While I'm here, this is a public service workshop, not a "sales pitch". 
The solutions I'm offering are free; they just take work. This is what
creates my challenge. These folks are BUSY doing work that they enjoy. 
To ask them to invest time into something (IT security) that they don't
understand, and don't like, is a tough sell.


 Hi Donovan,
 I would suggest that you start to analiyze your customers needs by 
 previous understanding in which field are they operating and how they 
 work. I dont think that its a good idea to ask here for "entertaining 
 horror-stories", they wont help you in your workshop if you have no
 what are you really talking about.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]