Discussion:
Off topic rant to my friends
(too old to reply)
Randall M
2005-06-05 15:32:20 UTC
Permalink
Sorry to rant to this list. This list though has the only people on it who
totally understand this ranting.

Every morning before heading for work I read all my security alert emails
and website collections about possible Trojans, worms and viruses found.
Being a faithful worker I do this on the Weekends too.

Once at work I check my web appliances, gateway, Exchange boxes and data
servers for dat updates and check log files. I spend the first two-three
hours of my work day doing this every day.

Why do I do this? I do it to protect my company's investment. To ensure that
the employee's have a job that day. To make sure that customers will have on
time delivery and so new customers can make orders, etc., etc.

Today I read this article:
http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K0000614

For some reason, maybe the coffee, I sat there thinking what the hell am I
doing all this for? Am I being paid by my company to set up and protect only
for some future use as a botnet for some organized crime boss!!

I continually spend time, money and research on ways to protect. All of my
mechanisms I use are actually as helpless as I am!! It's the blind leading
the blind!!

Then, like a message from God, a memory of a phone call from one of our
users came to me:

"Hey, I received this email about my account being suspended for security
reasons, I immediately deleted it but just wanted to let you know".

My small employee awareness program was slowly paying off. A year ago that
same phone call would have been the "I think I did something bad" type. I
now realize that my investments and my time have been spent MORE in the
wrong place. I'm turning that around and heading back to the user. They are
MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
Anti-Virus dats or the front-end Appliances or the Gateways because a simple
"Click" by the user makes them all useless. And it looks as though I can't
depend on them to keep that "click" opportunity from the user.

Praise be to God for the User! They are powerful! They are trainable! They
are my BEST defense!

There. I fell better now.


thank you
Randall M



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
J.A. Terranson
2005-06-05 16:36:24 UTC
Permalink
You don't have a blogspot account you could have posted this to?
Date: Sun, 5 Jun 2005 10:32:20 -0500
Subject: [Full-disclosure] Off topic rant to my friends
Sorry to rant to this list. This list though has the only people on it who
totally understand this ranting.
Every morning before heading for work I read all my security alert emails
and website collections about possible Trojans, worms and viruses found.
Being a faithful worker I do this on the Weekends too.
Once at work I check my web appliances, gateway, Exchange boxes and data
servers for dat updates and check log files. I spend the first two-three
hours of my work day doing this every day.
Why do I do this? I do it to protect my company's investment. To ensure that
the employee's have a job that day. To make sure that customers will have on
time delivery and so new customers can make orders, etc., etc.
http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K0000614
For some reason, maybe the coffee, I sat there thinking what the hell am I
doing all this for? Am I being paid by my company to set up and protect only
for some future use as a botnet for some organized crime boss!!
I continually spend time, money and research on ways to protect. All of my
mechanisms I use are actually as helpless as I am!! It's the blind leading
the blind!!
Then, like a message from God, a memory of a phone call from one of our
"Hey, I received this email about my account being suspended for security
reasons, I immediately deleted it but just wanted to let you know".
My small employee awareness program was slowly paying off. A year ago that
same phone call would have been the "I think I did something bad" type. I
now realize that my investments and my time have been spent MORE in the
wrong place. I'm turning that around and heading back to the user. They are
MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
Anti-Virus dats or the front-end Appliances or the Gateways because a simple
"Click" by the user makes them all useless. And it looks as though I can't
depend on them to keep that "click" opportunity from the user.
Praise be to God for the User! They are powerful! They are trainable! They
are my BEST defense!
There. I fell better now.
thank you
Randall M
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Yours,

J.A. Terranson
***@mfn.org
0xBD4A95BF


"Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty."

Joseph Pulitzer
1907 Speech
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
John Goh
2005-06-05 19:43:27 UTC
Permalink
lol awesome
Post by J.A. Terranson
You don't have a blogspot account you could have posted this to?
Date: Sun, 5 Jun 2005 10:32:20 -0500
Subject: [Full-disclosure] Off topic rant to my friends
Sorry to rant to this list. This list though has the only people on it who
totally understand this ranting.
Every morning before heading for work I read all my security alert emails
and website collections about possible Trojans, worms and viruses found.
Being a faithful worker I do this on the Weekends too.
Once at work I check my web appliances, gateway, Exchange boxes and data
servers for dat updates and check log files. I spend the first two-three
hours of my work day doing this every day.
Why do I do this? I do it to protect my company's investment. To ensure that
the employee's have a job that day. To make sure that customers will have on
time delivery and so new customers can make orders, etc., etc.
http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K0000614
For some reason, maybe the coffee, I sat there thinking what the hell am I
doing all this for? Am I being paid by my company to set up and protect only
for some future use as a botnet for some organized crime boss!!
I continually spend time, money and research on ways to protect. All of my
mechanisms I use are actually as helpless as I am!! It's the blind leading
the blind!!
Then, like a message from God, a memory of a phone call from one of our
"Hey, I received this email about my account being suspended for security
reasons, I immediately deleted it but just wanted to let you know".
My small employee awareness program was slowly paying off. A year ago that
same phone call would have been the "I think I did something bad" type. I
now realize that my investments and my time have been spent MORE in the
wrong place. I'm turning that around and heading back to the user. They are
MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
Anti-Virus dats or the front-end Appliances or the Gateways because a simple
"Click" by the user makes them all useless. And it looks as though I can't
depend on them to keep that "click" opportunity from the user.
Praise be to God for the User! They are powerful! They are trainable! They
are my BEST defense!
There. I fell better now.
thank you
Randall M
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Send instant messages to your online friends http://asia.messenger.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
James Tucker
2005-06-09 21:01:16 UTC
Permalink
Quite right too, and IMO it is not completely off topic. I might point
out that (certainly on windows platforms) teaching users the F1 key is
also a damn good start, as the modern documentation is now quite
mature.
Post by Randall M
Sorry to rant to this list. This list though has the only people on it who
totally understand this ranting.
Every morning before heading for work I read all my security alert emails
and website collections about possible Trojans, worms and viruses found.
Being a faithful worker I do this on the Weekends too.
Once at work I check my web appliances, gateway, Exchange boxes and data
servers for dat updates and check log files. I spend the first two-three
hours of my work day doing this every day.
Why do I do this? I do it to protect my company's investment. To ensure that
the employee's have a job that day. To make sure that customers will have on
time delivery and so new customers can make orders, etc., etc.
http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K0000614
For some reason, maybe the coffee, I sat there thinking what the hell am I
doing all this for? Am I being paid by my company to set up and protect only
for some future use as a botnet for some organized crime boss!!
I continually spend time, money and research on ways to protect. All of my
mechanisms I use are actually as helpless as I am!! It's the blind leading
the blind!!
Then, like a message from God, a memory of a phone call from one of our
"Hey, I received this email about my account being suspended for security
reasons, I immediately deleted it but just wanted to let you know".
My small employee awareness program was slowly paying off. A year ago that
same phone call would have been the "I think I did something bad" type. I
now realize that my investments and my time have been spent MORE in the
wrong place. I'm turning that around and heading back to the user. They are
MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
Anti-Virus dats or the front-end Appliances or the Gateways because a simple
"Click" by the user makes them all useless. And it looks as though I can't
depend on them to keep that "click" opportunity from the user.
Praise be to God for the User! They are powerful! They are trainable! They
are my BEST defense!
There. I fell better now.
thank you
Randall M
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Cassidy Macfarlane
2005-06-10 10:14:16 UTC
Permalink
Agreed.

In ICT/Security, I commonly encounter an attitude of 'technocracy' - in
that skilled professionals look down upon and patronise the plain
(relatively unskilled) user.

In business, this attitude is immensely counter-productive, as unless
ICT/Security staff are approachable, they are not going to learn of
day-to-day issues encountered by 'their' users.

I am a strong believer in the 'support through training' ideal, as the
users have to learn what it is they are either doing wrong, or just not
in the 'right way' (such as checking a suspect mail from phishing
attributes: incorrect URLS/suspect text, etc). These users cannot be
expected to see through all the varied and nefarious ways malware can be
presented, unless they are shown/trained how to do so.

Not OT at all, imho.

-----Original Message-----
From: full-disclosure-***@lists.grok.org.uk
[mailto:full-disclosure-***@lists.grok.org.uk] On Behalf Of James
Tucker
Sent: 09 June 2005 22:01
To: Randall M
Cc: full-***@lists.grok.org.uk
Subject: Re: [Full-disclosure] Off topic rant to my friends


Quite right too, and IMO it is not completely off topic. I might point
out that (certainly on windows platforms) teaching users the F1 key is
also a damn good start, as the modern documentation is now quite
mature.
Post by Randall M
Sorry to rant to this list. This list though has the only people on it
who
Post by Randall M
totally understand this ranting.
Every morning before heading for work I read all my security alert
emails
Post by Randall M
and website collections about possible Trojans, worms and viruses
found.
Post by Randall M
Being a faithful worker I do this on the Weekends too.
Once at work I check my web appliances, gateway, Exchange boxes and
data
Post by Randall M
servers for dat updates and check log files. I spend the first
two-three
Post by Randall M
hours of my work day doing this every day.
Why do I do this? I do it to protect my company's investment. To
ensure that
Post by Randall M
the employee's have a job that day. To make sure that customers will
have on
Post by Randall M
time delivery and so new customers can make orders, etc., etc.
http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K000
0614
Post by Randall M
For some reason, maybe the coffee, I sat there thinking what the hell
am I
Post by Randall M
doing all this for? Am I being paid by my company to set up and
protect only
Post by Randall M
for some future use as a botnet for some organized crime boss!!
I continually spend time, money and research on ways to protect. All
of my
Post by Randall M
mechanisms I use are actually as helpless as I am!! It's the blind
leading
Post by Randall M
the blind!!
Then, like a message from God, a memory of a phone call from one of
our
Post by Randall M
"Hey, I received this email about my account being suspended for
security
Post by Randall M
reasons, I immediately deleted it but just wanted to let you know".
My small employee awareness program was slowly paying off. A year ago
that
Post by Randall M
same phone call would have been the "I think I did something bad"
type. I
Post by Randall M
now realize that my investments and my time have been spent MORE in
the
Post by Randall M
wrong place. I'm turning that around and heading back to the user.
They are
Post by Randall M
MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the
Anti-Virus dats or the front-end Appliances or the Gateways because a
simple
Post by Randall M
"Click" by the user makes them all useless. And it looks as though I
can't
Post by Randall M
depend on them to keep that "click" opportunity from the user.
Praise be to God for the User! They are powerful! They are trainable!
They
Post by Randall M
are my BEST defense!
There. I fell better now.
thank you
Randall M
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Loading...