RE: Security and the Under 30 User

[<G_Z_Gupta () Dell com>]

To be straight: The under 30 generation don't like rules and policies, don't
want to abide by them and always want to do everything differently. For them
security is management's headache and not theirs because they live in 3rd
world and does not belong to this earth. The term Multitasking has been very
well exploited by people all around the world. Multitasking with friends is
the primary reason for staying late in the offices and working over the
weekends for fixing issues that should not have been there in the first
place if the brain would have been applied properly in focusing at one task
at a time rather than all tasks all the time.

Exceptions are always there...................

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Mngadi, Simphiwe (SS)
Sent: Tuesday, February 12, 2008 12:32 PM
To: Timmothy Lester; Lauren.Malhoit () tylertech com;
security-basics () securityfocus com
Subject: RE: Security and the Under 30 User

There is a very thin line between security and paranoia. You say that
facebook is insecure, SO WHAT?

The level of security is influenced by human behaviour, unless we
"security-focused community" soon realise that, we might as well look
for something else to do.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Timmothy Lester
Sent: 08 February 2008 22:19 PM
To: Lauren.Malhoit () tylertech com; security-basics () securityfocus com
Subject: Re: Security and the Under 30 User

If you think facebook is secure, you are crazy.  Read the latest issue
of 2600.

----- Original Message -----
From: listbounce () securityfocus com <listbounce () securityfocus com>
To: security-basics () securityfocus com
<security-basics () securityfocus com>
Sent: Fri Feb 08 05:34:57 2008
Subject: RE: Security and the Under 30 User

I have the opposite problem...I'm 26 and would like to implement more
security at work.  The older users are resistant to the change, though,
because older users don't like change and have trouble understanding all
the reasons behind it.  
Also Facebook is not that insecure...I can see your point with Myspace,
though.  Even the military allows Facebook.  My generation is better at
multi-tasking, which is why we can remain in constant contact with our
friends while we're doing our work.  It's no different than every other
middle-aged person I hear on the phone for a half an hour with one of
their children.  There are all sorts of articles on why the twenty-some
things are like this.  It's not bad, it's just different.  I suggest
everyone stop worrying about it so much and just try to find away to
work with everyone else.  
So, perhaps users need even more training and hand-holding as to why
security is important.  Maybe have some sort of presentation showing
them what has happened to other companies that did not have their
security policies in check.  Show them how easy it is to crack weak
passwords.  Make them feel like their role is important and you would
hate to have anything happen to their information.  People are
essentially selfish, so make it about them and you'll be more likely to
get the point across.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Brian Altenhofel
Sent: Thursday, February 07, 2008 3:02 PM
To: security-basics () securityfocus com
Subject: Re: Security and the Under 30 User

I fall into the Under 30 category (I'm 21), but I don't belong in the
group.  I've been into IT security since I was 12.  There's a reason
that I haven't been a victim yet: security.

I have friends about my age that have had their bank information
intercepted by someone multiple times.  The reason they give: "the bank
got hacked and my information was stolen."  It's impossible to get them
to understand that using the school's WiFi (or any other open access
network) for sensitive transactions such as those dealing with
financials, e-Bay, MySpace (for some people, they feel worse about their
page being changed than they do losing a few grand), etc. is not a good
idea.  They say "who's gonna listen in?"  Even if I show them that all I
have to do is sit down with my laptop and pick up everything that is
being transmitted across the network, they still think that out of the
12,000 students on campus that no one will listen in.  It's hard to
explain that certain people are bored and enjoy doing that (plus, you
can make money at it.)

I've even put on my MySpace page (which has not been updated in forever)
a CSS script where you normally put your templates that people use.  It
changes the "Home" link to NASCAR.com (I'm a big fan).  I show them that
99% of the time when their MySpace page has a bunch of crap added to it,
its their template.

They say that someone bought a bunch of stuff on eBay with their
account.  I first ask them if they pissed anyone off, and then if they
used public internet somewhere.  Usually, if they pissed someone off,
they also have a password of abc123 or (this one made me laugh)
1234567890qwertyuiopasdfghjklzxcvbnm.  If they used public internet
access somewhere, I tell them "it's your own damn fault."

People are stupid.  That explains every bit of it.  Have you seen
"Idiocracy"?  Yeah, I know, it's a Mike Judge movie (Beavis & Butthead),
but it's my generation.  You know, what eventually happens in that movie
might be an exageration, but it's what is happening.  It'sa fact of
life: idiots reproduce faster and more frequently than people who use
the head which is on their shoulders.  Look at the couple with 9 kids
within 8 years.  They generally fall into that category.

Where am I going with this?  The answer to your question about under
30's is that people are stupid, naive, and just plain dumb.  Any more
with the education system we have, we are taught that it is never our
fault and the government will always make it right.  We're also taught
that you do not have to do anything to succeed.  That's why I skipped my
junior year of high school (graduated in only 3 years rather than 4...
and only had to take one class outside of 3 years worth to do it) and
quit college after a semester.  School was loaded with BS about not
going to fast for the other students, and college had even more of it.

People read what is on the box and assume it is right.  "This is
supposed to remove spyware..." Why does Spybot find 14437 infections
that the box you paid $39.95 for doesn't????

People assume that if it is available, there must be nothing wrong with
it because the government as already taken care of it, right?  Its along
the same lines as having children to increase your disposable income.

If it came in an email, it must be true.  Most of my peers are basing
their votes on email rumors.  I told a friend of mine that I voted Obama
in the primaries.  He forwarded me an email about how Obama is a member
of al-Qaeda and said that was why I should not vote, the proof is in the
email.

We are taught to believe that if it is in print of some kind (whether it
be newspaper, email, junk mail) it is true - just don't believe
everything you see on the 10 o'clock news.

(We are also taught that if we do our own research, it can't be right.
I need to cite a reputable source that shows that I did my own research.
That's a whole 'nother deal there.)

I've never understood why people can be so dumb.  I can tell someone the
password to their email account, and they ask how I knew, and I tell
them "it's your girlfriend's name" or "it's your car" or even show them
that I can sniff it on the network, and they say that I must of hacked
it somehow.  To me, that's not hacking... that's just playing around.

I wouldn't mind if we took warning labels off of everything.  It might
rid us of many of our problems.  Then again, we might end up in a world
of radioactive idiots reproducing asexually.  (Think crystal-meth
trailer trash crossed with John Cusack's character near the end of "Fat
Man and Little Boy" dividing randomly in public.)  Not a good visual.

--Brian Altenhofel

On Thu, 2008-02-07 at 09:25 -0800, net sec consule wrote:
> Hi,
>
> First, the disclaimer: I am over 40, have never been
> 'cool' and I have always been considered 'the tall,
> lanky, four-eyed geek.'  But I don't get the under-30
> crowd's attitude towards IT security. Can someone
> please give me a clue? I am at a loss how to respond
> to the attitude I hear, and it impacts my client's
> security and my credibility.
>
> I have been doing network security consulting for over
> 15 years. I also do several public service IT security
> presentations to community and professional groups
> each month. In either environment, I consistently get
> a hostile reception from those under 30. The attitude
> I get is "IT security is a bunch of moronic bull
> (expletive deleted) dreamed up by paranoid moronic
> geezers to justify their existence." 
>
> I my consulting practice, I often find where under 30
> users either don't have anti-virus or anti-spyware
> installed. Or, if their company has installed it, they
> have disabled it. They label the AV concept 'stupid'
> and believe that malware is just a fact of life and
> you should 'get over it', and that it really isn't as
> bad as 'people like me' claim it is. I also find that
> the majority of the younger crowd has either disabled
> the anti-virus that came with their personal computer
> or did not renew the subscription when it expired.
>
> You mention key stoke loggers and other spyware, the
> attitude I get is "If you don't have anything to hide,
> then you have nothing to worry about."  Or, "Why
> should I worry about privacy? Every aspect of my life
> is already out there for anyone to read in my blog on
> MySpace."
>
> If you bring up all the malware slowing down their
> computer, you get arguments that AV software slows it
> down worse. I also get the attitude that "Everything I
> need to keep is on my flash drive, so what whenever my
> performance starts to (expletive deleted), I just blow
> away the hard drive and reinstall."
>
> Mention Joe Lopez and his loss of bank funds, and the
> attitude is that his case is an anomaly; "Why haven't
> other cases made the news? He must have done something
> to p-o BoA." And it never fails that someone claims to
> have a friend that had money stolen from their bank
> account or credit card, and the bank put the money
> back. I bring up that we are all paying for such
> losses by lower interest rates on savings and higher
> credit card and bank free rates, they could care less.
>
>
> (A couple of side note to banks: 
>    1) I have had many people claim that they would be
> willing to pay $5 to $25 per transaction just to be
> able to continue to use online banking if that was
> what was required to offset the fraud costs. When
> probing deeper, the per transaction cost appears to be
> about one-half hour's pay. Just for the convenience of
> not having to write a check or use snail mail.
>    2) I have heard several of the younger crowd claim
> that it is common practice that when you get mad at
> your bank, just post your credit card information
> on-line so that the bank gets a bunch of fraudulent
> charges against the card and cancels it. They see it
> as a way to punish the bank for upping their interest
> rate or imposing late fees.)
>
> In the corporate world, the attitude is even worse. I
> have a client that recently implemented web content
> filtering that blocks the social networking sites,
> blogs, chat rooms, and other non-business content.
> That resulted in the mass resignation of under 30
> staff, because "I can't work here if I can't keep in
> contact with my friends while I work." Some are even
> screaming "age discrimination" because sites like
> FoxNews or CNN 'that the old geezers use' were not
> blocked.
>
> Can someone please explain this attitude? Why the
> fierce resistance to anything relating to security?
> Why the "I don't care about privacy" attitude? Why do
> they have to be in constant communication with their
> friends, to the point they would rather be unemployed
> than out of contact?
>
> I do not understand and cannot comprehend these
> attitudes!
>
> Please enlighten me!
>
> Thanks.
________________________________________________________________________
____________
> Looking for last minute shopping deals?  
> Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
>


----------------------------------------------------------------------------
NOTICE: Please note that this eMail, and the contents thereof, 
is subject to the standard Sasol eMail legal notice which may be found at: 
http://www.sasol.com/legalnotices


If you cannot access the legal notice through the URL attached and you wish 
to receive a copy thereof please send an eMail to 
legalnotice () sasol com
----------------------------------------------------------------------------

Attachment: smime.p7s
Description: