RE: Super Worm

[Bart.Lansing () kohls com]

"...without those dimwits..." "...stupidity of end users..."

sheesh....ok...show of hands please; how many of us systems wizards can do 
the jobs the "dimwits" are doing?  You infosec guys at hospitals...do any 
heart transplants lately?  Infosec guy at investment bank...you structure 
any billion dollar mergers last week?  No?  Well what not??  Are you some 
kind of dimwit?? Are you stupid???

I could go on ad nauseum but hopefully most of us are bright enough to get 
a clue. 

NO USERS....NO JOBS...THEY ARE WHY WE EXIST.  (For those of you out there 
thinking that you serve no customers, hence this does not apply to 
you...bzzzzzzzzzz...thank you for playing...wrong answer.  Everyone 
ultimately does their work for the end users...who do not want to know 
about how it works and do not care how it works.  This is just a majic box 
to him/her for the most part...not a livlihood or passion.  Even the black 
hats..d00dz...no end users, nothing to sploit...)  Can we please save the 
insults and just focus on what we're doing?  I'm tired of "stoopid luser 
this..." "stoopid luser that"...insulting the reason you have a job 
is...well..."stoopid".

Bart Lansing
Manager, Desktop Services
Kohl's IT


full-disclosure-admin () lists netsys com wrote on 04/19/2004 02:26:10 PM:

> sean01 () accnet com au wrote:
> > > On the other hand....without those dimwits I would be out of
> > > a job...God
> > > bless the dill's..
> >
> > Yeah, but with the problems and the stupidity of end users,
> <snip>
>
> > Make a good list wich people can check for themselves. A
> > knowledge base
> > maybe with good understandable descriptions of threats and
> > info on new
> > things wich might hit them. If they did not obey the list with checks
> > they can be hold for ignorant, unhelpful, dumb, or any names you can
> > think off (still stay polite). Prioritize those people by
> > filtering who
> > is helpful and sticks with the rules, and people who are just simply
> > ignorant and not willing to learn from what you tell them. In
> >  the end
> > it is their own fault and they have to feel how it is to not being
> > helped that quick.
>
> Good points.  I have developed just such a list at our organization.  In
> addition to quickly responding to these individuals when they need help, 
 I
> take the extra time to educate them in security including conducting
> voluntary classes, put them on an email list that I keep updating with 
the
> latest worms and threats and fixes, and even take extra time to do
> one-on-one to make them feel part of the team.  I have even dubbed our 
group
> "the white-hats".
>
> In return, they have taken it to heart and have become my un-official
> deputies, keeping their eyes open for security problems from physical 
(an
> unknown person walking around suspiciously or a co-worker pasting their
> password on a monitor) to informational (notifying me of a virus getting
> through the gateway filter or being able to access something they know 
they
> shouldn't).  I have found that my time spent has paid me back in a user 
base
> (at least part of it) that has become an asset not a liability, as we 
often
> think of them.
>
> Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
> Information Security Engineer
> DP Solutions
>
> ----------------------------------------
>
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
> -- White House cybersecurity adviser Richard Clarke
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html