RE: Compromised PC Leads To Big Fraud Losses For E*Trade

["D'Aloisio, Marc" <Marc.DAloisio () ct gov>]

I used to have the same view.  People need to be good at what they do -
salespeople sell, managers lead people, IT folks deal with computers.  I
felt computer technical 'stuff', like security, should be transparent to
the end user to allow them to use the tool to excel in their profession,
not worry about the tool.  I, too, have changed my view.  I take example
from the automobile - all the above use automobiles as a tool of their
profession, if only to get to work in the morning; but, there is some
responsibility to using the tool - at least the ability to recognize the
need to service the tool (in the case of the automobile,  replace worn
tires, have the brakes serviced, etc.).  In many cases this is directly
related to safety.  I feel the same thing applies to computers.  The
user should have a basic understanding of the care and maintenance of
the tool in order to maintain the safety of the data and the data of
other computers.  And there's the obvous need to know how to safely
operate and use the tool, whether it be an automobile or a computer.
Hmmm...a computer operator license...no, let's not go there....
 
Preemption:  If you feel compelled to reply "but you can kill people
with cars, computers are different", talk to the folks that manage
hospital or SCADA systems first.
 
Marc D'Aloisio, CISSP
Security Analyst; Security Incident Response and Investigation
State of Connecticut - Department of Information Technology



        -----Original Message-----
        From: funsec-bounces () linuxbox org
[mailto:funsec-bounces () linuxbox org] On Behalf Of Randall M
        Sent: Thursday, October 26, 2006 7:35 AM
        To: funsec () linuxbox org
        Subject: RE: [funsec] Compromised PC Leads To Big Fraud Losses
For E*Trade
        
        



        The fergie wrote: 
        
_____________________________________________________________________ 
        Message: 8 
        Date: Thu, 26 Oct 2006 03:28:38 GMT 
        From: "Fergie" <fergdawg () netzero net> 
        Subject: [funsec] Compromised PC Leads To Big Fraud Losses For
E*Trade 
        To: funsec () linuxbox org 
        Message-ID:
<20061025.202850.20443.1295112 () webmail10 lax untd com> 
        Content-Type: text/plain 

        Those darned botnets... 

        Via InformationWeek. 

        [snip] 

        A compromised PC opened the door for cyber attackers to wreak
havoc on online broker E*Trade. The Securities and Exchange Commission,
FBI, and other government enforcement agencies are investigating the
crime, in which thieves conducted fraudulent transactions that cost the
brokerage millions of dollars to cover customer losses.

        [snip] 

        
________________________________________________________________________
_____________________ 


        I manage about 50 laptop toting salesmen. My philosophy in the
past has been they are my customers. They are to be good at selling not
computer care or understanding how it works. I am changing. If you
cannot care for the most basic security needs then keep your dam hands
off the laptop!

        How long do you think I can keep my job with that attitude? 




        Thank You
        Randall M  

        ===================== 

        "You too can have your very own Computer!" 

        Note: Side effects include:
        Blue screens; interrupt violation;
        illegal operations; remote code
        exploitations; virus and malware infestations;
        and other unknown vulnerabilities. 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.