Re: OT: Re: User negligence?

[Valdis.Kletnieks () vt edu]

On Sun, 27 Jul 2003 00:56:28 EDT, Len Rose <len () netsys com>  said:

> I humbly disagree. It is not user negligence, but rather neglgence on 
> behalf of the entity's systems team, or perhaps the entity's failure 
> to support their own systems team by hiring competent staff instead
> of relying on people who play office politik or look nice in a suit 
> and tie. User's are not expected to be secure their machines, or
> even barely know more than how to use a handful of applications. 
> In the bank's case hopefully they are supposed to be financial experts.

Right.  The problem was that it was exactly that clueless *USER* machine that
got trojaned.

So for instance, if you are one of the people who got burned by the recent
Kinko key-sniffer hacks, and the hacker used the info to logon to your bank
account, in what way is the bank liable?  What *realistic* steps is the bank
supposed to take? (Hint - what percentage of *security professionals* use an
S/Key or similar for remote logins?)

Attachment: _bin
Description: