funsec mailing list archives
Re: C-level execs ignorant of Web 2.0 dangers
From: "Hubbard, Dan" <dhubbard () websense com>
Date: Thu, 28 May 2009 17:23:23 -0700
Email is a bastion of badness. Do you block access to *all* email? How about IM? Or the Web in general? My .02: The debate should be if the risk outweighs the benefit. My opinion is that in most cases the answer is no. There is a lot of benefit to companies to open these up. Yes, of course they need to invest in security to protect against the problem but that is no different than other areas, it's just a new vector. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Tomas L. Byrnes Sent: Thursday, May 28, 2009 1:56 PM To: Dan Kaminsky Cc: funsec () linuxbox org; rMslade () shaw ca Subject: Re: [funsec] C-level execs ignorant of Web 2.0 dangers When I've explained to the users how Facebook, Myspace and other such sites are ways for malware authors to "drive by" them, I've had no resistance to blocking them. Now, it helps that in the most recent case, they had actually been infected using just that vector.
-----Original Message----- From: Dan Kaminsky [mailto:dan () doxpara com] Sent: Wednesday, May 27, 2009 11:06 PM To: Tomas L. Byrnes Cc: <rMslade () shaw ca>; <funsec () linuxbox org> Subject: Re: [funsec] C-level execs ignorant of Web 2.0 dangers I've been informed, very off the record, that large companies that block Facebook at work have serious employee retention and acquisition problems directly because of it. I'm dead serious. On May 28, 2009, at 6:49 AM, "Tomas L. Byrnes" <tomb () byrneit net>
wrote:
C - level parsed correctly means Clue MINUS level. Since level is the highest in the company, you do the math.-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec- bounces () linuxbox org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah Sent: Monday, May 25, 2009 3:49 PM To: funsec () linuxbox org Subject: [funsec] C-level execs ignorant of Web 2.0 dangers
http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml-
9e7f4ffd- 70b7-4120&Portal=448d158c-d857-4785-b759-ffa1c005933c&sub=7345 C-level executives are pushing for greater access to social networking sites and facilities, while even IT managers and security specialists are unprepared to deal with the full range of risks from this type of activity. In order to get some traction with senior management on this issue, you might want to remind them that, when they take off with funds they'veobtainedvia fraud, it's best not to post boasts on Facebook:http://www.smh.com.au/news/technology/web/2009/05/25/1243103468196.html====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org The real problem is in the hearts and minds of men. It is not a problem of physics but of ethics. It is easier to denature plutonium than to denature the evil from the spirit of man. - Albert Einstein http://victoria.tc.ca/techrev/rms.htm http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade http://blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. Protected by Websense Hosted Email Security -- www.websense.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- C-level execs ignorant of Web 2.0 dangers Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 25)
- Re: C-level execs ignorant of Web 2.0 dangers Tomas L. Byrnes (May 27)
- Re: C-level execs ignorant of Web 2.0 dangers Dan Kaminsky (May 27)
- Re: C-level execs ignorant of Web 2.0 dangers Tomas L. Byrnes (May 28)
- Re: C-level execs ignorant of Web 2.0 dangers Hubbard, Dan (May 28)
- Re: C-level execs ignorant of Web 2.0 dangers Tomas L. Byrnes (May 28)
- Re: C-level execs ignorant of Web 2.0 dangers Rich Kulawiec (May 29)
- Re: C-level execs ignorant of Web 2.0 dangers Hubbard, Dan (May 29)
- Re: C-level execs ignorant of Web 2.0 dangers Dan Kaminsky (May 27)
- Re: C-level execs ignorant of Web 2.0 dangers Tomas L. Byrnes (May 27)
- Re: C-level execs ignorant of Web 2.0 dangers Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 28)