funsec mailing list archives
Re: truth is for Admins
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 26 Oct 2009 07:17:07 -0400
On Mon, Oct 26, 2009 at 01:50:26PM +1100, Les Bell wrote:
That's probably true, but if user screwups account for, say, 90% of breaches, then if half the users clean up their act, that will account for a 45% improvement in the situation?
That's a wildly optimistic projection. And this in turn is why any security strategy that depends on user education/cooperation has already failed. Completely. It's prudent to presume that one's users are at best utterly incompetent, at worst actively malicious, and design accordingly. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- truth is for Admins RandallM (Oct 23)
- Re: truth is for Admins Valdis . Kletnieks (Oct 25)
- Message not available
- Re: truth is for Admins Valdis . Kletnieks (Oct 25)
- Re: truth is for Admins John Bambenek (Oct 25)
- Message not available
- Re: truth is for Admins RandallM (Oct 25)
- Re: truth is for Admins Valdis . Kletnieks (Oct 25)
- Re: truth is for Admins Valdis . Kletnieks (Oct 25)
- <Possible follow-ups>
- Re: truth is for Admins Les Bell (Oct 25)
- Re: truth is for Admins Rich Kulawiec (Oct 26)
- Re: truth is for Admins chris (Oct 26)
- Re: truth is for Admins Nick FitzGerald (Oct 26)
- Re: truth is for Admins chris (Oct 26)
- Re: truth is for Admins Rich Kulawiec (Oct 26)