Re: Need Horror Stories

Or u can just do a pentest type report, hack the shit out of them, then end the presentation with a ".. Told you"

Sent from my hacked iPhone :-)

On Jun 4, 2008, at 2:38 PM, "Matt" <mbuyukozer@xxxxxxxxx> wrote:

Hi Donovan,

I’m hoping getting your question right. Things that I could think on top of my head:

-For Virus protection: I would illustrate an virus attack (changing the contents of word documents or other types of files that are widely used) on a vmware machine live. One scenario would be, you receive an email from Outlook on a computer without antivirus and it happened to be .exe, .scr file and it starts destroying the contents of hard drive.

-For Firewall protection: I would use a windows box with default shares open and you put some family pictures or other private documents under My Documents and you can connect to that laptop wirelessly and show them how easily you can access to those files.

-For Wireless and Router protection: I would use a simple Linksys router without any security configuration on it and show them you can access to internet using their internet service and you can even access to their shared resources. I would do some data capturing on wireless but it would be very technical for them and they would reject to listen.

I don’t think these are very scary stories but hopefully it will be enough to horrify them ☺

Security Systems Products and Services

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx ] On Behalf Of donovan@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: Wednesday, May 28, 2008 5:19 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Need Horror Stories

Hi Jan,

Wow! After 19 years in the human services field and six years in IT I
think I DO "have a clue" what I'm really talking about. The last 10 of
these years was spent running one organization and on the boards of
three others. I've managed non-profits with budgets ranging from $0 to

My challenge is that these folks are incredibly busy at the same time as
most are incredibly intimidated by technology. My goal here is to get
anecdotes that will enhance their buy-in on security. I have plenty of
solutions to offer; my challenge is to convince them to put the time
into implementing them.

While I'm here, this is a public service workshop, not a "sales pitch".
The solutions I'm offering are free; they just take work. This is what
creates my challenge. These folks are BUSY doing work that they enjoy.
To ask them to invest time into something (IT security) that they don't
understand, and don't like, is a tough sell.


Hi Donovan,

I would suggest that you start to analiyze your customers needs by
previous understanding in which field are they operating and how they
work. I dont think that its a good idea to ask here for "entertaining
horror-stories", they wont help you in your workshop if you have no
what are you really talking about.