Educause Security Discussion mailing list archives
Re: Peeling off desktop Administrator Rights
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 8 Dec 2009 13:00:13 -0500
On Mon, 07 Dec 2009 15:08:59 EST, randy marchany said:
Easy for us to enforce. I think you mean "would we be WILLING to enforce this?". If the action causes disruption of service, data access, etc., it seems everyone would be willing to enforce it. That's a mgt issue not a security issue.
So a few years ago, Randy was driving to work and heard about a high-profile computer hack on the NPR news, and thought to himself "Man, somebody is about to have a really bad day..". Little did he know that he was the somebody :) Basic summary - a DNS server elsewhere got whacked and the A record for a highly visible website got pointed at a pwned Linux box on our campus. The FBI shows up, and the disk drive left in an evidence bag. The professor goes to his department chair and asks for department money for a new drive, and the chair says "Nope - your screw-up it got pwned because it wasn't patched, it's coming out of *your* pocket, not mine". News of this confrontation leaks around the campus, and for the next month, Randy was beseiged by departments wanting to raise their security clue... When the costs are pushed onto somebody else (like the professor was trying to do), economists call it an 'externality'. Since it's somebody else's cost, we usually don't work hard to minimize it, unless we're feeling more altruistic than usual. When the cost is born by the people who's behavior is causing the cost, the behavior usually changes rather rapidly...
Attachment:
_bin
Description:
Current thread:
- Re: Peeling off desktop Administrator Rights, (continued)
- Re: Peeling off desktop Administrator Rights Flynn, Gerald (Dec 07)
- Re: Peeling off desktop Administrator Rights Flynn, Gerald (Dec 07)
- Re: Peeling off desktop Administrator Rights Flynn, Gerald (Dec 07)
- Re: Peeling off desktop Administrator Rights Eric Case (Dec 07)
- Re: Peeling off desktop Administrator Rights randy marchany (Dec 07)
- Re: Peeling off desktop Administrator Rights Flynn, Gerald (Dec 07)
- Re: Peeling off desktop Administrator Rights Eric Case (Dec 07)
- Re: Peeling off desktop Administrator Rights randy marchany (Dec 07)
- Re: Peeling off desktop Administrator Rights Stanclift, Michael (Dec 08)
- Re: Peeling off desktop Administrator Rights Stanclift, Michael (Dec 08)
- Re: Peeling off desktop Administrator Rights Valdis Kletnieks (Dec 08)
- Re: Peeling off desktop Administrator Rights John Hoffoss (Dec 08)
- Re: Peeling off desktop Administrator Rights Kreider, Randall G (Dec 10)
- Re: Peeling off desktop Administrator Rights Flynn, Gerald (Dec 10)