Re: Citizen cyber-protectors?

[Drsolly <drsollyp () drsolly com>]

On Thu, 19 Jul 2012, Kyle Creyts wrote:

> Well, of course it isn't. I feel that my message clearly highlights that,
> since I didn't suggest that it was a "so-called" 1%.
>
> I wonder what impact recent, well-known, media-covered events have done to
> augment the general population's interest in security?

Well, the G4S fiasco has increased people's interest in security, as in, 
it's a fiasco.
 
> I know some will be quite quick to suggest that few things shift that
> quantity in any notable way, but that strikes me as the patent and
> premature dismissal of an interesting question by a jaded (perhaps
> "read:experienced?") individual. Some hard data and discussion would be
> interesting to me.
> On Jul 19, 2012 4:34 AM, "Drsolly" <drsollyp () drsolly com> wrote:
>
> > Funsec isn't a representative sample of people.
> >
> > On Thu, 19 Jul 2012, Kyle Creyts wrote:
> >
> > > I am part of the 1%.
> > > On Jul 19, 2012 2:31 AM, "Drsolly" <drsollyp () drsolly com> wrote:
> > >
> > > > If someone can't be bothered to write their thoughts down, and require
> > me
> > > > to spend 20 minutes to watch a video giving views that I could have
> > read
> > > > in one minute, then I'm not going to devote my time to listen to them.
> > > >
> > > > Since I haven't heard what he has to say, I cannot comment on his
> > views.
> > > > Except to point out that 99% of people are as interested in computer
> > > > security as they are in beetle collecting. And anything that depends on
> > > > them being more interested than that, or better informed, is doomed.
> > > >
> > > > On Wed, 18 Jul 2012, Rob, grandpa of Ryan, Trevor, Devon & Hannah
> > wrote:
> > > > > Marc Goodman (who I believe is https://twitter.com/FutureCrimes and
> > > > > http://www.futurecrimes.com/ ) gave a recent TED talk on trends in
> > the
> > > > use of
> > > > > high technology in crime:
> > http://www.ted.com/talks/marc_goodman_a_vision_of_crimes_in_the_future.html
> > > > > The 20 minute talk is frightening, with very little in the way of
> > > > comfort for the
> > > > > protection or security side.  He ends with a call for crowdsourcing
> > of
> > > > protection.
> > > > > Now as a transparent society/open source/full disclosure kind of
> > guy, I
> > > > like the
> > > > > general idea.  But, as someone who has been involved in education,
> > > > security
> > > > > awareness, and professional security training for some time, I see a
> > few
> > > > problems.
> > > > > For crowdsourcing to work, you need a critical mass of at least
> > > > minimally capable
> > > > > people.  When you are talking about a weather reporting app, that
> > minimal
> > > > > capability isn't much. When you are talking about detecting cyberwar
> > or
> > > > > bioweapons, the capability levels are a bit different.
> > > > >
> > > > > Just yesterday the PNWER (Pacific NorthWest Economic Region
> > > > > http://www.pnwer.org/ ) conference became the latest to bemoan the
> > lack
> > > > of
> > > > > trained employees.  I rather suspect these constant complaints,
> > since I
> > > > see lots of
> > > > > people out of work.  But the people who are whining about employees
> > are
> > > > just
> > > > > looking for network admins and such.  We need people with more depth
> > and
> > > > more
> > > > > breadth in their backgrounds.  I get CISSP candidates in my seminars
> > who
> > > > are
> > > > > network admins who simply want to know a few ACLS for firewalls.  I
> > have
> > > > to
> > > > > keep telling them that security professionals need to know more than
> > > > that.
> > > > > Yes, I am privileged to be able to meet a number who *are*
> > interested in
> > > > learning
> > > > > everything possible in order to meet any need or problem.  But,
> > > > relatively
> > > > > speaking, those are few.  And my sample set tends to be abnormal, in
> > > > that these
> > > > > are people who have already shown some interest in training (even if
> > > > only job
> > > > > related).  What Goodman is talking about is the general public.  And
> > > > those of us
> > > > > who have actually tried security awareness know how little conceptual
> > > > awareness
> > > > > we have to build on, let alone advanced technical knowledge.
> > > > >
> > > > > I think awareness, self-protection, and crowdsourcing is probably the
> > > > only good
> > > > > way to approach the problems Goodman outlines.  I just worry that we
> > > > have a long
> > > > > way to go.
> > > > >
> > > > > http://blogs.securiteam.com/index.php/archives/1793
> > > > >
> > > > > ======================  (quote inserted randomly by Pegasus Mailer)
> > > > > rslade () vcn bc ca     slade () victoria tc ca
> > rslade () computercrime org
> > > > > On Friday, January 23rd, 2004, in a speech at the World Economic
> > > > > Forum in Davos, Switzerland, Bill Gates stated `Two years from
> > > > > now, spam will be solved.'
> > > > > victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> > > > > http://blogs.securiteam.com/index.php/archives/author/p1/
> > > > > http://twitter.com/rslade
> > > > > _______________________________________________
> > > > > Fun and Misc security discussion for OT posts.
> > > > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > > > > Note: funsec is a public and open mailing list.
> > > >
> > > > _______________________________________________
> > > > Fun and Misc security discussion for OT posts.
> > > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > > > Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.