Network and security experts (was Re: Dumb users spread viruses)

Steven M. Bellovin smb at research.att.com
Mon Feb 9 18:39:33 UTC 2004


In message <20040209181258.GA34537 at typo.org>, "Wayne E. Bouchard" writes:
>
>On Mon, Feb 09, 2004 at 12:41:26PM -0500, Sean Donelan wrote:
>> 
>> On Mon, 9 Feb 2004, John Payne wrote:
>> > --On Sunday, February 8, 2004 10:46 PM +0000 Paul Vixie <vixie at vix.com>
>> > wrote:
>> > > There is nothing wrong with a user who thinks they should not have to kn
>ow
>> > > how to protect their computer from virus infections.
>> > However, someone attending NANOG should at least have cleaned up slammer
>> > before connecting to the wireless...
>> 
>> I have never seen any evidence that security experts or network operators
>> are any better at practicing security than any other user group.  In every
>> forum I've been at, the infection rates have been similar regardless of
>> the attendees security experience.
>
>This is dramatically demonstrated by the number of NANOG attendees
>that do not utilize encrypted paths to communicate back to their
>offices and who do not maintain at least passable password standards
>for their own accounts. It always astonishes me to see passwords such
>as "asdfg", "microsoft", and "password" come up on that list.
>

Yah -- and you see that on telnets and snmp queries to live routers, 
on the nanog wireless net.  That's *after* the demonstration that a few 
of us did last time...

		--Steve Bellovin, http://www.research.att.com/~smb





More information about the NANOG mailing list