[fw-wiz] Speaking of the non-technical and security

From: Gwendolynn ferch Elydyr (gwen_at_reptiles.org)
Date: 05/19/04

  • Next message: Jeff B: "RE: [fw-wiz] Architecture Q - Public access domain integrated pc's" 
    To: firewall-wizards@honor.icsalabs.com
Date: Tue, 18 May 2004 22:34:10 -0400 (EDT)

    In the context of the earlier discussion about how average users are
    unaware of security issues in general. Making Light is the blog of
    a fiction editor at a large publishing house - certainly not the sort
    of person that we'd regularly think of as being a part of the security
    "in crowd".

    It's nice to see that folks outside of infosec understand and communicate
    security issues too ;>

    cheers! 

    ----
http://nielsenhayden.com/makinglight/archives/005217.html
Bleeping huge security hole
If you have a Macintosh running OSX, you have a problem. Deal with it
right now. Tonight. Seriously.
	. . .
Here's how Patrick explained it to me:
It is possible to write a URL that, when invoked from one's default browser,
invokes Apple's Help program, which is itself a mini-browser which uses a
subset of HTML. The trouble is that unlike a well-written, full-fledged,
OSX browser, the Help program is (a.) fully scriptable; and (b.) fully
capable of running any application or command for which the user has
privileges.
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Jeff B: "RE: [fw-wiz] Architecture Q - Public access domain integrated pc's"

    Relevant Pages

    • Security through Obscurity [was RE: [fw-wiz] Using RDP Port 3389]
      ... Speaking of security through obscurity, ... "A cat spends her life conflicted between a deep, passionate and profound ... desire for fish and an equally deep, passionate and profound desire to ...
      (Firewall-Wizards)
    • Re: Fw: Re: [Full-Disclosure] Odd Behavior - Windows Messenger Service
      ... > then average users like my parents and sales people would require a greater ... Many people in the security field think forcing people to have enough of a clue ... prohibited wide-open sharing of C$ and anonymous enumeration of accounts? ... However, I am of the opinion that the Redmond model is a false time-saver, ...
      (Full-Disclosure)
    • Re: Identifying passion for security?
      ... Talking about cons is excellent, and even if they have not been to any, you can tell when someone truly is interested. ... Showing my age I'm finding it increasingly difficult to find security geeks who ... If they are passionate but poor they would reply none but I'd like ... Computer Network Defence Ltd ...
      (Security-Basics)
    • Re: Identifying passion for security?
      ... not trained in school for security. ... Passionate doesn't mean skilled or experienced so ... Books are 3 years out of date. ... Computer Network Defence Ltd ...
      (Security-Basics)
    • Re: Identifying passion for security?
      ... Showing my age I'm finding it increasingly difficult to find security geeks who ... If they are passionate but poor they would reply none but I'd like ... Detect Malicious Web Content and Exploits in Real-Time. ...
      (Security-Basics)