Full Disclosure mailing list archives
Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses
From: "Mike C" <mike.cartall () gmail com>
Date: Sun, 23 Nov 2008 21:22:41 +0530
On Sun, Nov 23, 2008 at 7:20 PM, imipak <imipak () gmail com> wrote:
Exibar wrote:wow, disabling files to run from the root of all drives would never, ever fly in a corporate environment. Although I do like the idea on stopping autorun malware, it would work... but oh the calls to the helpdesk! ;-)Each of those support calls is an opportunity to find out why a user's trying to run unauthorised software and either help them to find a way to do what they want with existing apps, or get a new app reviewed and authorised for use -- if it's a genuine business need. Alternatively, sometimes they need an introduction to Doctor Cluestick, if they're trying play poker online, install dancing hamster screensavers or what have you.
According to the article, lots of important data was lost. Its not hard to conclude what *kind* of data. Such a thing happening inside an intelligence agency is indeed worrying (as n3td3v pointed out)
Of course, blindly thwacking people / dragging them to HR by the hair when they're really just trying to do their jobs is counter-productive. The calls also show us where we, security, are falling down. Perhaps it's poor awareness training (if the user didn't know that they shouldn't run unapproved software, or why we have that rule, or how to get a new app approved); or could be that the official route is being seen as too slow or bureaucratic, in which case it needs fixing. And so on.
All I hope is we can fix the issue. Hopefully in the near future. MC
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses imipak (Nov 23)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Mike C (Nov 23)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 23)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses James Matthews (Nov 23)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 23)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses James Matthews (Nov 23)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 23)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Mike C (Nov 23)
- <Possible follow-ups>
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Elazar Broad (Nov 23)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Salvador III Manaois (Nov 23)