Its not just Spam and DDOS anymore (was Re: OT: Re: User negligence?)

Sun Jul 27 15:55:01 UTC 2003

Forgive my typo... here = hear. My brain isn't functioning yet this morning 
and I am just typing what I "hear" in my head. ;) It's a Sunday morning. :P

At 11:45 AM 7/27/2003, Vinny Abello wrote:

>At 11:25 AM 7/27/2003, Rob Thomas wrote:
>
>>Hi, NANOGers.
>>
>>] Folks, its not underground any more.  The criminals are using trojans
>>] to steal real money from real people now.
>>
>>Indeed, and for a while (circa five months by my observation) now.
>>It is no longer, and hasn't been for a while, about technology.
>>The technology - the Internet and the connected devices - has
>>become a conduit for profitable criminal activity on an ubiquitous
>>scale, pure and simple.  Miscreants don't break into databases and
>>steal 8M credit cards at a pop so they can card shells and shoes.
>>
>>] Firewalls can't stop it, ISPs can't stop it.  Its a *HOST* security issue.
>>
>>I'll slightly modify that statement; it is a *PEOPLE* issue.
>>People who write code.  People who use systems and networks.
>>People who abuse all of the above for monetary gain.
>
><babble>
>
>I think people forget that we don't live in a utopian society. Some people 
>expect computers to solve all the problems and expect that they can 
>prevent crime in their own domain. We haven't eliminated physical crime at 
>all so I don't see why people are surprised to find that a computer was 
>used to commit a crime. Bank robberies take place all the time and you 
>don't here much about them. Probably more similar is fraud which has taken 
>place for a countless amount of time without the use of computers. Using 
>computers is just another way to perpetuate it.
>
>I do agree with a lot of people in the fact that users of the tool must be 
>informed of how to use it safely, just like anything the person is not 
>100% familiar with. It's somewhat common knowledge to not leave bank 
>account numbers lying around for anyone to see. It's not as common for 
>people who are unfamiliar with computers to know not to open unknown 
>attachments, run anti-virus software, use a firewall, etc... Would the 
>average driver know how to handle an 18 wheeler? They could probably get 
>it going, but not safely. People must be educated about using computers, 
>ESPECIALLY if it is in a situation where security is elevated because the 
>company has something valuable to protect. A bank teller wouldn't likely 
>let a client behind the counter, yet many would probably open an 
>attachment sent via email without knowing what it is. I know the average 
>end user probably isn't likely as aware about security using their PC in 
>their home, but if banks and other institutions plan on making their 
>services available online in some manner, perhaps they should at least 
>send out occasional best security practices to protect people's 
>information. I can also see that it's not REALLY their problem either so I 
>could also go the other way on this. Just like a bank is not responsible 
>for someone breaking into your house and stealing your checkbook.
>
></babble>
>
>Just my 2¢.
>
>Vinny Abello
>Network Engineer
>Server Management
>vinny at tellurian.com
>(973)300-9211 x 125
>(973)940-6125 (Direct)
>PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A
>
>Tellurian Networks - The Ultimate Internet Connection
>http://www.tellurian.com (888)TELLURIAN
>
>There are 10 kinds of people in the world. Those who understand binary and 
>those that don't.

Vinny Abello
Network Engineer
Server Management
vinny at tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN

There are 10 kinds of people in the world. Those who understand binary and 
those that don't.