Security Basics mailing list archives
Re: Need Horror Stories
From: Hattrickinc <hattrickinc () gmail com>
Date: Wed, 4 Jun 2008 18:04:13 -0400
Or u can just do a pentest type report, hack the shit out of them, then end the presentation with a ".. Told you"
Sent from my hacked iPhone :-) On Jun 4, 2008, at 2:38 PM, "Matt" <mbuyukozer () gmx co uk> wrote:
Hi Donovan,I’m hoping getting your question right. Things that I could think on top of my head:-For Virus protection: I would illustrate an virus attack (changing the contents of word documents or other types of files that are widely used) on a vmware machine live. One scenario would be, you receive an email from Outlook on a computer without antivirus and it happened to be .exe, .scr file and it starts destroying the contents of hard drive.-For Firewall protection: I would use a windows box with default shares open and you put some family pictures or other private documents under My Documents and you can connect to that laptop wirelessly and show them how easily you can access to those files.-For Wireless and Router protection: I would use a simple Linksys router without any security configuration on it and show them you can access to internet using their internet service and you can even access to their shared resources. I would do some data capturing on wireless but it would be very technical for them and they would reject to listen.I don’t think these are very scary stories but hopefully it will be enough to horrify them ☺Matt Security Systems Products and Services http://www.a1securitycameras.com -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com ] On Behalf Of donovan () blackknightcomputerconsulting comSent: Wednesday, May 28, 2008 5:19 PM To: security-basics () securityfocus com Subject: RE: Need Horror Stories Hi Jan, Wow! After 19 years in the human services field and six years in IT I think I DO "have a clue" what I'm really talking about. The last 10 of these years was spent running one organization and on the boards of three others. I've managed non-profits with budgets ranging from $0 to $250k.My challenge is that these folks are incredibly busy at the same time asmost are incredibly intimidated by technology. My goal here is to get anecdotes that will enhance their buy-in on security. I have plenty of solutions to offer; my challenge is to convince them to put the time into implementing them.While I'm here, this is a public service workshop, not a "sales pitch".The solutions I'm offering are free; they just take work. This is what creates my challenge. These folks are BUSY doing work that they enjoy.To ask them to invest time into something (IT security) that they don'tunderstand, and don't like, is a tough sell. Donovan Hi Donovan, I would suggest that you start to analiyze your customers needs by previous understanding in which field are they operating and how they work. I dont think that its a good idea to ask here for "entertaining horror-stories", they wont help you in your workshop if you have no clue what are you really talking about. Regards, Jan
Current thread:
- Re: RE: Need Horror Stories rah . wollongong (Jun 02)
- <Possible follow-ups>
- RE: Need Horror Stories Matt (Jun 04)
- Re: Need Horror Stories Hattrickinc (Jun 05)