Full Disclosure mailing list archives
RE: Super Worm
From: "Curt Purdy" <purdy () tecman com>
Date: Mon, 19 Apr 2004 14:26:10 -0500
sean01 () accnet com au wrote:
On the other hand....without those dimwits I would be out of a job...God bless the dill's..Yeah, but with the problems and the stupidity of end users,
<snip>
Make a good list wich people can check for themselves. A knowledge base maybe with good understandable descriptions of threats and info on new things wich might hit them. If they did not obey the list with checks they can be hold for ignorant, unhelpful, dumb, or any names you can think off (still stay polite). Prioritize those people by filtering who is helpful and sticks with the rules, and people who are just simply ignorant and not willing to learn from what you tell them. In the end it is their own fault and they have to feel how it is to not being helped that quick.
Good points. I have developed just such a list at our organization. In addition to quickly responding to these individuals when they need help, I take the extra time to educate them in security including conducting voluntary classes, put them on an email list that I keep updating with the latest worms and threats and fixes, and even take extra time to do one-on-one to make them feel part of the team. I have even dubbed our group "the white-hats". In return, they have taken it to heart and have become my un-official deputies, keeping their eyes open for security problems from physical (an unknown person walking around suspiciously or a co-worker pasting their password on a monitor) to informational (notifying me of a virus getting through the gateway filter or being able to access something they know they shouldn't). I have found that my time spent has paid me back in a user base (at least part of it) that has become an asset not a liability, as we often think of them. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: [FD] Super Worm, (continued)
- Re: Re: [FD] Super Worm Valdis . Kletnieks (Apr 19)
- Re: Re: [FD] Super Worm Gregory A. Gilliss (Apr 19)
- Re: Re: [FD] Super Worm Dave Horsfall (Apr 19)
- Re: Re: [FD] Super Worm Bruce Ediger (Apr 20)
- Re: Re: [FD] Super Worm Dave Horsfall (Apr 20)
- Re: .hash= Joris De Donder (Apr 21)
- RE: Super Worm Sean Crawford (Apr 19)
- Re: Super Worm Aschwin Wesselius (Apr 19)
- RE: Super Worm Curt Purdy (Apr 19)
- RE: Super Worm Bart . Lansing (Apr 19)
- Re: Super Worm Aschwin Wesselius (Apr 19)
- Re: Super Worm Paul Schmehl (Apr 19)
- Re: Super Worm Valdis . Kletnieks (Apr 19)
- Re: Super Worm Bart . Lansing (Apr 20)