nanog mailing list archives
Re: OT: Re: User negligence?
From: Alex Rubenstein <alex () nac net>
Date: Sun, 27 Jul 2003 01:47:12 -0400 (Eastern Daylight Time)
I think there is confusion here. The banks are making the claim, that, if you the user, has an infected PC, that is compromised by an 3lit3 h4x0r, and your password to your bank account is compromised, then the bank is not responsible. That is what you are saying, Sean? On Sun, 27 Jul 2003, Len Rose wrote:
Sean, I humbly disagree. It is not user negligence, but rather neglgence on behalf of the entity's systems team, or perhaps the entity's failure to support their own systems team by hiring competent staff instead of relying on people who play office politik or look nice in a suit and tie. User's are not expected to be secure their machines, or even barely know more than how to use a handful of applications. In the bank's case hopefully they are supposed to be financial experts. One can also blame the entity for basing their operations on a joke operating system of course (tired argument). Not calling it a breach of security is simply.. ridiculous. It is a most flagrant breach of security if they can't even secure their own internal networks and systems. Host level security should be the easiest thing to accomplish given competent systems staff. The entity should have had a team in place that protected systems, disabled vulnerable services running on the joke operating system, and that stayed on top of any threat no matter what day of the week it happened to be. Nothing like berating the obvious. This is off topic and I'm not going to pursue this further on this list. Len Sean Donelan said:Unfortunately there are a lot, and growing number, of self-infected PCs on the net. As the banks point out, this is not a breach of the bank's security. Nor is it a breach of the ISP's security. The user infects his PC with a trojan and then the criminal uses the PC to transfer money from the user's account, with the user's own password. http://www.iol.co.za/index.php?click_id=13&art_id=qw1059039360281B215&set_id=1 "The fact that hackers got access to bank customer's accounts was not due to inadequate security at the bank, but due to "user negligence", an e-commerce company said on Thursday. [...] "Consumers should be vigilant when opening emails. If they receive strange emails, or emails from people or companies they do not know, it is better not to open the mail - especially attachments. These intrusions were clearly not a result of any vulnerability in Absa's Internet security."
-- Alex Rubenstein, AR97, K2AHR, alex () nac net, latency, Al Reuben -- -- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Current thread:
- User negligence? Sean Donelan (Jul 26)
- OT: Re: User negligence? Len Rose (Jul 26)
- Re: OT: Re: User negligence? Valdis . Kletnieks (Jul 26)
- Re: OT: Re: User negligence? Sean Donelan (Jul 26)
- Re: OT: Re: User negligence? Len Rose (Jul 26)
- Re: OT: Re: User negligence? Alex Rubenstein (Jul 26)
- Its not just Spam and DDOS anymore (was Re: OT: Re: User negligence?) Sean Donelan (Jul 26)
- Re: Its not just Spam and DDOS anymore (was Re: OT: Re: User negligence?) Rob Thomas (Jul 27)
- Re: Its not just Spam and DDOS anymore (was Re: OT: Re: User negligence?) Vinny Abello (Jul 27)
- Re: Its not just Spam and DDOS anymore (was Re: OT: Re: User negligence?) Vinny Abello (Jul 27)
- Re: Its not just Spam and DDOS anymore (was Re: OT: Re: User Paul Vixie (Jul 27)
- Re: Its not just Spam and DDOS anymore (was Re: OT: Re: User Patrick (Jul 27)
- Re: Its not just Spam and DDOS anymore (was Re: OT: Re: User Paul Vixie (Jul 27)
- Re: Its not just Spam and DDOS anymore (was Re: OT: Re: User Patrick (Jul 27)
- OT: Re: User negligence? Len Rose (Jul 26)
- RE: OT: Re: User negligence? David Schwartz (Jul 27)
- Re: OT: Re: User negligence? Simon Lockhart (Jul 27)