Re: truth is for Admins

[Valdis.Kletnieks () vt edu]

On Sun, 25 Oct 2009 19:23:30 CDT, RandallM said:

> Now that I re-read you reply I see where we are not on the same
> thought. I said "teach" not pick. Most users start out without
> knowledge. If in my network I let them stay that way about safety on
> the web I provide then its my fault. Today's user if careless usually
> ends up without a usable computer. When I fix'em backup they are dumb
> with what happen and soon are tired of it and wants to know how to
> prevent it.

Yes, that does work for *some* users.  My point is that quite often you get
users who *refuse* to play along with the security game, causing issues
repeatedly. What you said:

> truth is, stupid is stupid does. if my users are stupid then I am to
> blame. Users are my best defense or worse enemy, depends on the
> training I do

Actually believing that statement is true 100% of the time will lead to
several things:

1) Massive surprise when a trained-but-still-stupid user leaves the
back door open and somebody takes advantage of it.

2) Much heavy drinking while you're still in the denial phase.

It's been repeatedly shown that if you restrict yourself to the sort of
training you can do and remain employed (no training at gunpoint, etc),
you'll be lucky if half of the users retain a significant portion of
your message.

If you have a training program that actually works more than 90% of the
time, let us know - the industry needs whatever secret sauce you're putting
into it...

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.