Re: Adobe investigates sophisticated corporate network security issue

["Aryeh Goretsky (home)" <goretsky () gmail com>]

Hello,

It seems you received a notebook computer whose USB ports were not disabled
properly via Group Policy, Dan.

I've logged a ticket with the help desk and someone from IT department will
push out a fix shortly.

:^)

Regards,

Aryeh Goretsky

At 05:56 AM 1/14/2010, you wrote:

> From: Dan Kaminsky <dan () doxpara com>
> Precedence: list
> MIME-Version: 1.0
> Cc: funsec () linuxbox org
> To: Rich Kulawiec <rsk () gsp org>
> References: <23179758.350001263401715422.JavaMail.juha-matti.laurio () netti fi>
>         <314cf0831001131028p4bdd6c02vd583ec605540c124 () mail gmail com>
>         <6cd462c01001131054q6d22c890s7ff68b06d2012bc0 () mail gmail com>
>         <314cf0831001131135g19b029c6r862969b694de36de () mail gmail com>
>         <6cd462c01001131139j64769a5fy1e4bbdaeca13f6cb () mail gmail com>
>         <f26cd0911001131213k701caf01pe5f2094bfd420863 () mail gmail com>
>         <9008CEF9-ADF6-4967-AD15-A4F3E550FF25 () igtc com>
>         <20100114131828.GA2661 () gsp org>
> In-Reply-To: <20100114131828.GA2661 () gsp org>
> Date: Thu, 14 Jan 2010 14:56:23 +0100
> Message-ID: <f26cd0911001140556l6de5e85dt4ceea92eae09d72b () mail gmail com>
> Content-Type: multipart/alternative; boundary=0016e6dab171a53b7f047d204021
> Subject: Re: [funsec] Adobe investigates sophisticatic corporate
>         networksecurity issue
> Message: 9
>
> On Thu, Jan 14, 2010 at 2:18 PM, Rich Kulawiec 
> <<mailto:rsk () gsp org>rsk () gsp org> wrote:
> On Wed, Jan 13, 2010 at 03:05:19PM -0800, Paul M. Moriarty wrote:
> > Or put another way, expecting end users to change their behavior and
> > start doing all the things they "should" be doing is futile.  Any approach
> > based on this premise will fail.
> Absolutely true.  "Educating users" is listed as one of Marcus Ranum's
> six dumbest ideas in security, and it really is.  Spammers and phishers,
> among others, prove it millions of times a day.
>
>
> A few years back, Jason Larsen explained to me the great irony of 
> USB sticks.  We've had networking for how many years?  But if you've 
> got ten people sitting around a conference room table, from three 
> different companies, and all of them need a slide show, guess 
> what?  They're not using network file sharing to share that 
> file.  The odds that they'll all be able to get on the same network 
> are quite low.  See, it's always assumed by IT that in general, the 
> only people who need access work from the company, and those people 
> outside have bad untested insecure horrors of laptops.
>
> So those bad untested insecure horrible outsiders bring in USB 3G 
> networking and USB sticks.  And those sticks get passed around, so 
> people can get their slides and business can be done.
>
> How does security react?  By banning USB sticks.  And what will 
> people thus use?
>
> Gmail.
>
> Watch.  The war after USB sticks is 3G networking.  Because we've 
> stopped being good at saying, yes, we have a solution for you.  But 
> we're damn good at saying, HOLY CRAP YOU FOUND A SOLUTION, WE MUST SUPPRESS IT.
>
> _______________________________________________
> funsec mailing list
> funsec () linuxbox org
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.