nanog mailing list archives
Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)
From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Mon, 12 Feb 2007 10:13:39 +0100
On Mon, Feb 12, 2007 at 01:45:41AM -0500, Sean Donelan <sean () donelan com> wrote a message of 16 lines which said:
The important lesson is you can educate people. The content may have been bogus,
Right on spot: it is easy to "educate" people with simple and meaningless advices such as "Install an antivirus" or "Hide under the desk" or (my favorite, now known by most ordinary users) "Do not open attachments from unknown recipients". But most security risks do not require "monkey advices" (advices that an ordinary monkey could follow). They require intelligence, knowledge in the field, and time, all things that are in short supply. The discussion about the NPO who had the choice between breaking stuff that works because of patches or risking an attack was a very good one and the "IT manager" at the NPO was quite reasonable, indeed: the aim is not security (except for security professionals), the aim is to have the work done and, if you listen only the security experts, no work will ever be done (but you will be safe).
If you can come up with a few simple things to do, it is possible to reach most of the public.
Sure, just find these few simple things that will actually improve security. (My personal one would be "Erase MS-Windows and install Ubuntu". If we are ready to inconvenience ordinary workers with computer security, this one would be a good start.)
Current thread:
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet, (continued)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet Paul Vixie (Feb 11)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet Steve Sobol (Feb 11)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet Paul Vixie (Feb 11)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Steven M. Bellovin (Feb 11)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Dave Pooser (Feb 11)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Steven M. Bellovin (Feb 11)
- RE: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Stasiniewicz, Adam (Feb 11)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Sean Donelan (Feb 11)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Gadi Evron (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Stephane Bortzmeyer (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Gadi Evron (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Stephane Bortzmeyer (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Alexander Harrowell (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Stephane Bortzmeyer (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Gadi Evron (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Marshall Eubanks (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) Dave Pooser (Feb 12)
- Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers) D'Arcy J.M. Cain (Feb 12)