OT: Re: User negligence?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sun Jul 27 05:08:05 UTC 2003
On Sun, 27 Jul 2003 00:56:28 EDT, Len Rose <len at netsys.com> said:
> I humbly disagree. It is not user negligence, but rather neglgence on
> behalf of the entity's systems team, or perhaps the entity's failure
> to support their own systems team by hiring competent staff instead
> of relying on people who play office politik or look nice in a suit
> and tie. User's are not expected to be secure their machines, or
> even barely know more than how to use a handful of applications.
> In the bank's case hopefully they are supposed to be financial experts.
Right. The problem was that it was exactly that clueless *USER* machine that
got trojaned.
So for instance, if you are one of the people who got burned by the recent
Kinko key-sniffer hacks, and the hacker used the info to logon to your bank
account, in what way is the bank liable? What *realistic* steps is the bank
supposed to take? (Hint - what percentage of *security professionals* use an
S/Key or similar for remote logins?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030727/fa643e6a/attachment.sig>
More information about the NANOG
mailing list