funsec mailing list archives
Re: Adobe investigates sophisticatic corporate networksecurity issue
From: Dan Kaminsky <dan () doxpara com>
Date: Thu, 14 Jan 2010 14:56:23 +0100
On Thu, Jan 14, 2010 at 2:18 PM, Rich Kulawiec <rsk () gsp org> wrote:
On Wed, Jan 13, 2010 at 03:05:19PM -0800, Paul M. Moriarty wrote:Or put another way, expecting end users to change their behavior and start doing all the things they "should" be doing is futile. Anyapproachbased on this premise will fail.Absolutely true. "Educating users" is listed as one of Marcus Ranum's six dumbest ideas in security, and it really is. Spammers and phishers, among others, prove it millions of times a day.
A few years back, Jason Larsen explained to me the great irony of USB sticks. We've had networking for how many years? But if you've got ten people sitting around a conference room table, from three different companies, and all of them need a slide show, guess what? They're not using network file sharing to share that file. The odds that they'll all be able to get on the same network are quite low. See, it's always assumed by IT that in general, the only people who need access work from the company, and those people outside have bad untested insecure horrors of laptops. So those bad untested insecure horrible outsiders bring in USB 3G networking and USB sticks. And those sticks get passed around, so people can get their slides and business can be done. How does security react? By banning USB sticks. And what will people thus use? Gmail. Watch. The war after USB sticks is 3G networking. Because we've stopped being good at saying, yes, we have a solution for you. But we're damn good at saying, HOLY CRAP YOU FOUND A SOLUTION, WE MUST SUPPRESS IT.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Adobe investigates sophisticatic corporate networksecurity issue Juha-Matti Laurio (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Joel Esler (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Paul Ferguson (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Joel Esler (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Paul Ferguson (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Paul Ferguson (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Dan Kaminsky (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Paul M. Moriarty (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Dan Kaminsky (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Rich Kulawiec (Jan 14)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Dan Kaminsky (Jan 14)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Wim Lewis (Jan 19)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Larry Seltzer (Jan 19)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Valdis . Kletnieks (Jan 19)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Larry Seltzer (Jan 19)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Paul Ferguson (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Joel Esler (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Joel Esler (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Paul Ferguson (Jan 13)
- Re: Adobe investigates sophisticatic corporate networksecurity issue Wim Lewis (Jan 19)