Re: Need Horror Stories

[Hattrickinc <hattrickinc () gmail com>]

Or u can just do a pentest type report, hack the shit out of them,  
then end the presentation with a ".. Told you"


Sent from my hacked iPhone :-)

On Jun 4, 2008, at 2:38 PM, "Matt" <mbuyukozer () gmx co uk> wrote:

> Hi Donovan,
>
> I’m hoping getting your question right. Things that I could think on 
>  top of my head:
>
> -For Virus protection: I would illustrate an virus attack (changing  
> the contents of word documents or other types of files that are  
> widely used) on a vmware machine live. One scenario would be, you  
> receive an email from Outlook on a computer without antivirus and it  
> happened to be .exe, .scr file and it starts destroying the contents  
> of hard drive.
>
> -For Firewall protection: I would use a windows box with default  
> shares open and you put some family pictures or other private  
> documents under My Documents and you can connect to that laptop  
> wirelessly and show them how easily you can access to those files.
>
> -For Wireless and Router protection: I would use a simple Linksys  
> router without any security configuration on it and show them you  
> can access to internet using their internet service and you can even  
> access to their shared resources. I would do some data capturing on  
> wireless but it would be very technical for them and they would  
> reject to listen.
>
> I don’t think these are very scary stories but hopefully it will be  
> enough to horrify them ☺
> Matt
>
> Security Systems Products and Services
> http://www.a1securitycameras.com
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com 
> ] On Behalf Of donovan () blackknightcomputerconsulting com
> Sent: Wednesday, May 28, 2008 5:19 PM
> To: security-basics () securityfocus com
> Subject: RE: Need Horror Stories
>
>
> Hi Jan,
>
> Wow! After 19 years in the human services field and six years in IT I
> think I DO "have a clue" what I'm really talking about. The last 10 of
> these years was spent running one organization and on the boards of
> three others. I've managed non-profits with budgets ranging from $0 to
> $250k.
>
> My challenge is that these folks are incredibly busy at the same  
> time as
> most are incredibly intimidated by technology. My goal here is to get
> anecdotes that will enhance their buy-in on security. I have plenty of
> solutions to offer; my challenge is to convince them to put the time
> into implementing them.
>
> While I'm here, this is a public service workshop, not a "sales  
> pitch".
> The solutions I'm offering are free; they just take work. This is what
> creates my challenge. These folks are BUSY doing work that they enjoy.
> To ask them to invest time into something (IT security) that they  
> don't
> understand, and don't like, is a tough sell.
>
> Donovan
>
>
> Hi Donovan,
>
> I would suggest that you start to analiyze your customers needs by
> previous understanding in which field are they operating and how they
> work. I dont think that its a good idea to ask here for "entertaining
> horror-stories", they wont help you in your workshop if you have no
> clue
> what are you really talking about.
>
> Regards,
> Jan