EBAY and AMAZON

Hal Murray hmurray at megapathdsl.net
Tue Jun 12 03:31:36 UTC 2012


[Snip good collection of security setting suggestions.  Does anybody have 
others or a URL?]

> I could never quite understand how anyone could get "phished" by e-mail
> since I have never ever seen a "phishing" or other malicious message that
> was not obviously so, even when I don't have me spectacles on!

Your imagination needs serious recalibration.

  You are a geek, not a naive, dumb, or unfortunately, typical user. 

  Windows security sucks.

  Most users will pick convenience over security.  What fraction of users 
(customers) would be happy with your suggested settings?

  Phishers are smart.  They are willing to work for high value targets.

Google for >spear phishing<.  After you have read a few of those, google for >
spear phishing RSA<.

>From the comments section of an Arstechnica article on the RSA event:
>> So why do any workplace computers in sensitive environments
>> have Flash in the first place?
> Because the training materials are no doubt flash based. 

:)

If you are interested in security, the whole comments section may be worth 
scanning.

My probably naive view is that this type of problem could easily be solved by 
having the serious work done on a special class of well locked down machines 
and making a pool of more open systems available for checking mail or 
facebook or whatever.

I've heard stories of people filling USB slots with epoxy so idiots can't 
insert thumb drives found in the parking lot or brought from home.  I forget 
the context.


-- 
These are my opinions.  I hate spam.







More information about the NANOG mailing list