OT: Re: User negligence?

• Previous message (by thread): OT: Re: User negligence?
• Next message (by thread): OT: Re: User negligence?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 27 Jul 2003 00:56:28 EDT, Len Rose <len at netsys.com>  said:

> I humbly disagree. It is not user negligence, but rather neglgence on 
> behalf of the entity's systems team, or perhaps the entity's failure 
> to support their own systems team by hiring competent staff instead
> of relying on people who play office politik or look nice in a suit 
> and tie. User's are not expected to be secure their machines, or
> even barely know more than how to use a handful of applications. 
> In the bank's case hopefully they are supposed to be financial experts.

Right.  The problem was that it was exactly that clueless *USER* machine that
got trojaned.

So for instance, if you are one of the people who got burned by the recent
Kinko key-sniffer hacks, and the hacker used the info to logon to your bank
account, in what way is the bank liable?  What *realistic* steps is the bank
supposed to take? (Hint - what percentage of *security professionals* use an
S/Key or similar for remote logins?)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030727/fa643e6a/attachment.sig>

• Previous message (by thread): OT: Re: User negligence?
• Next message (by thread): OT: Re: User negligence?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]