Full Disclosure mailing list archives
RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Fri, 1 Aug 2003 09:18:55 +1200
-----Original Message----- From: Ron DuFresne [mailto:dufresne () winternet com] Sent: Thursday, 31 July 2003 10:20 a.m. To: Bojan Zdrnja Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Cool, perimiter security and forcing users to text only based e-mail clients liek e-mail was intended <grin>.
See Paul's post about recommending that to a dean, VP or whatever else.
Eucation works poorly. Educate you users and then 30 minutes later some of thm will go to their everything-AND-the-kitchen-sink desktop OS, click on that same mass mailed exe you just told them not to click on, and reopen the need to once again re-educte your userbase cycle. Of course 9
Then you are a bad teacher. A good teacher will deliver that knowledge to his students in a way that will let it stay in their minds.
out of 10 times it;s going to be one of the upper mgt folks that pushed for the employee education project that does the uncondoned clicking of that exe...
We can fight against that with other layers of security. However, only education will raise security awareness. Regards, Bojan Zdrnja _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c), (continued)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Darren Bennett (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Ron DuFresne (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 30)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) yossarian (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 31)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Scott M. Algatt (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Larry W. Cashdollar (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Michal Zalewski (Jul 30)