Re: U.S. Military, Agencies to Phish Their Workers

[Nick FitzGerald <nick () virus-l demon co uk>]

Fergie wrote:

> Somehow, this doesn't strike me as a good idea. :-)

I think it's a good idea.

How else could they conceivably get a handle on how well their "online 
safety" (or whatever) education was working?

The real problem will be seen should they (or is that, almost 
inevitably, _when_ ??) they do the feedback part of the exercise via 
Email:

   This is your HR director.  Due to your recent failure in a "live"
   test of compliance to our online safety guidelines you are required
   to attend additional online safety training sessions.  Under current
   HR guidelines this additional training must be satisfactorily
   completed before 31 December 2006.

   Please click the link below to book a convenient training session.

   ...


It is systematic failure to grok this issue where such programs 
inevitably f**k-up big time...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.