The worst security advice

["Randy Abrams" <abrams () eset com>]

So I'm sitting in an airport lounge trying to connect to the wireless
provider. I won't mention Boingo's name though. After lots of problems I
call their tech support who tell me that it doesn't often work with
Firefox. So I try IE, in SandboxIE of course, and it doesn't work.

I end up rebooting and even tried IE outside of the sandbox. No dice. I
call their support line several more times and after being told my call
would be answered in 1 minute I hang up (after 15 minutes. I finally
press the button to indicate I am a regular subscriber and after another
10 minutes on hold a person answers and tries to help, even though I am
not a regular subscriber. I give Boingo lots of extra points for that.

We talk and try a few things that don't work and then I am told to turn
off my firewall. Now, I'm only using the XPSP2 firewall in a default
configuration.

I tell the person that I'm not turning off the firewall, it's not an
option. She puts me on hold, comes back a few minutes later and tells me
that all she can do is tell me to lower my security settings. 

Didn't happen.

20 Minutes later I try again, using Firefox, running under SandboxIE,
and it works.

The clincher was when I said that running without a firewall would get
the machine infected and she said she had never got any calls from
someone who did so and got infected. Well Duh, if they followed that
advice they obviously  wouldn't know why they got infected.

Somehow TSA looks way smarter now.

Cheers,

Randy (from a Boingo Connection via SandboxIE and a VPN for the email)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.