Security Basics mailing list archives
Re: Security and the Under 30 User
From: "0x90" <secbasics () spam gagspace com>
Date: Thu, 7 Feb 2008 22:03:16 +0100
Dear 'net sec consule'You seem to be deliberately confusing some other subjects ("they told me this and that and they were wrong") with the last one you mentioned. My guess is you received some hate for the content filter.
Also, you were talking about under-30 people throughout your mail - wrongly. It is not a matter of age whether somebody is going to turn their AV's off or not (if it's a policy, they shouldn't be able to, in the first place). I can imagine that statistically more people use myspace under 30 than above. But this isn't the root of the problem.
Let's get back to your original point, the content filter. Did you decide to install it alone? I got the impression you were responsible for _IT sec_, and not human resources, privacy of your fellow workers, or efficiency of workflow.
If the concern was keeping people from spending a big part of their worktime on social networking sites, it would be OK. But that's a decision the management is going to have to make.
"Why the fierce resistance to anything relating to security?"
Their resistance comes from the the thought that even if they had five minutes without work to take a break, they could still not access myspace. If you had a strong plus side (in the context of security) to doing all this, it would be OK. Do you? I'm always happy to learn new things.
0x90 http://hax.tor.hu/----- Original Message ----- From: "net sec consule" <netseccon () yahoo com>
To: <security-basics () securityfocus com> Sent: Thursday, February 07, 2008 6:25 PM Subject: Security and the Under 30 User
Hi, First, the disclaimer: I am over 40, have never been 'cool' and I have always been considered 'the tall, lanky, four-eyed geek.' But I don't get the under-30 crowd's attitude towards IT security. Can someone please give me a clue? I am at a loss how to respond to the attitude I hear, and it impacts my client's security and my credibility. I have been doing network security consulting for over 15 years. I also do several public service IT security presentations to community and professional groups each month. In either environment, I consistently get a hostile reception from those under 30. The attitude I get is "IT security is a bunch of moronic bull (expletive deleted) dreamed up by paranoid moronic geezers to justify their existence." I my consulting practice, I often find where under 30 users either don't have anti-virus or anti-spyware installed. Or, if their company has installed it, they have disabled it. They label the AV concept 'stupid' and believe that malware is just a fact of life and you should 'get over it', and that it really isn't as bad as 'people like me' claim it is. I also find that the majority of the younger crowd has either disabled the anti-virus that came with their personal computer or did not renew the subscription when it expired. You mention key stoke loggers and other spyware, the attitude I get is "If you don't have anything to hide, then you have nothing to worry about." Or, "Why should I worry about privacy? Every aspect of my life is already out there for anyone to read in my blog on MySpace." If you bring up all the malware slowing down their computer, you get arguments that AV software slows it down worse. I also get the attitude that "Everything I need to keep is on my flash drive, so what whenever my performance starts to (expletive deleted), I just blow away the hard drive and reinstall." Mention Joe Lopez and his loss of bank funds, and the attitude is that his case is an anomaly; "Why haven't other cases made the news? He must have done something to p-o BoA." And it never fails that someone claims to have a friend that had money stolen from their bank account or credit card, and the bank put the money back. I bring up that we are all paying for such losses by lower interest rates on savings and higher credit card and bank free rates, they could care less. (A couple of side note to banks: 1) I have had many people claim that they would be willing to pay $5 to $25 per transaction just to be able to continue to use online banking if that was what was required to offset the fraud costs. When probing deeper, the per transaction cost appears to be about one-half hour's pay. Just for the convenience of not having to write a check or use snail mail. 2) I have heard several of the younger crowd claim that it is common practice that when you get mad at your bank, just post your credit card information on-line so that the bank gets a bunch of fraudulent charges against the card and cancels it. They see it as a way to punish the bank for upping their interest rate or imposing late fees.) In the corporate world, the attitude is even worse. I have a client that recently implemented web content filtering that blocks the social networking sites, blogs, chat rooms, and other non-business content. That resulted in the mass resignation of under 30 staff, because "I can't work here if I can't keep in contact with my friends while I work." Some are even screaming "age discrimination" because sites like FoxNews or CNN 'that the old geezers use' were not blocked. Can someone please explain this attitude? Why the fierce resistance to anything relating to security? Why the "I don't care about privacy" attitude? Why do they have to be in constant communication with their friends, to the point they would rather be unemployed than out of contact? I do not understand and cannot comprehend these attitudes! Please enlighten me! Thanks. ____________________________________________________________________________________ Looking for last minute shopping deals?Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Current thread:
- Re: Security and the Under 30 User, (continued)
- Re: Security and the Under 30 User Jason Thompson (Feb 12)
- RE: Security and the Under 30 User Dixon, Wayne (Feb 07)
- Re: Security and the Under 30 User Patrick Hendrick (Feb 08)
- Message not available
- re: Security and the Under 30 User Jon D (Feb 07)
- Re: Security and the Under 30 User Brian Altenhofel (Feb 07)
- RE: Security and the Under 30 User Malhoit, Lauren (Feb 08)
- RE: Security and the Under 30 User Worrell, Brian (Feb 08)
- Message not available
- Re: Security and the Under 30 User Chris Pick (Feb 08)
- RE: Security and the Under 30 User Mason, Samuel (Feb 11)
- Re: Security and the Under 30 User Mike Hale (Feb 11)
- Re: Security and the Under 30 User Chris Pick (Feb 08)
- RE: Security and the Under 30 User Timmothy Lester (Feb 11)
- OT: Getting Mails three times tomsec (Feb 11)
- RE: Getting Mails three times Joe Klein (Feb 11)
- RE: Getting Mails three times Robert Holtz (Feb 11)
- Re: OT: Getting Mails three times Valentine Gostev (Feb 12)
- AW: OT: Getting Mails three times tomsec (Feb 12)