I’m hoping getting your question right. Things that I could think on
top of my head:
-For Virus protection: I would illustrate an virus attack (changing
the contents of word documents or other types of files that are
widely used) on a vmware machine live. One scenario would be, you
receive an email from Outlook on a computer without antivirus and it
happened to be .exe, .scr file and it starts destroying the contents
of hard drive.
-For Firewall protection: I would use a windows box with default
shares open and you put some family pictures or other private
documents under My Documents and you can connect to that laptop
wirelessly and show them how easily you can access to those files.
-For Wireless and Router protection: I would use a simple Linksys
router without any security configuration on it and show them you
can access to internet using their internet service and you can even
access to their shared resources. I would do some data capturing on
wireless but it would be very technical for them and they would
reject to listen.
I don’t think these are very scary stories but hopefully it will be
enough to horrify them ☺
Security Systems Products and Services
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com
] On Behalf Of donovan () blackknightcomputerconsulting com
Sent: Wednesday, May 28, 2008 5:19 PM
To: security-basics () securityfocus com
Subject: RE: Need Horror Stories
Wow! After 19 years in the human services field and six years in IT I
think I DO "have a clue" what I'm really talking about. The last 10 of
these years was spent running one organization and on the boards of
three others. I've managed non-profits with budgets ranging from $0 to
My challenge is that these folks are incredibly busy at the same
most are incredibly intimidated by technology. My goal here is to get
anecdotes that will enhance their buy-in on security. I have plenty of
solutions to offer; my challenge is to convince them to put the time
into implementing them.
While I'm here, this is a public service workshop, not a "sales
The solutions I'm offering are free; they just take work. This is what
creates my challenge. These folks are BUSY doing work that they enjoy.
To ask them to invest time into something (IT security) that they
understand, and don't like, is a tough sell.
I would suggest that you start to analiyze your customers needs by
previous understanding in which field are they operating and how they
work. I dont think that its a good idea to ask here for "entertaining
horror-stories", they wont help you in your workshop if you have no
what are you really talking about.