Re: Need Horror Stories



Or u can just do a pentest type report, hack the shit out of them, then end the presentation with a ".. Told you"


Sent from my hacked iPhone :-)

On Jun 4, 2008, at 2:38 PM, "Matt" <mbuyukozer@xxxxxxxxx> wrote:

Hi Donovan,

I’m hoping getting your question right. Things that I could think on top of my head:

-For Virus protection: I would illustrate an virus attack (changing the contents of word documents or other types of files that are widely used) on a vmware machine live. One scenario would be, you receive an email from Outlook on a computer without antivirus and it happened to be .exe, .scr file and it starts destroying the contents of hard drive.

-For Firewall protection: I would use a windows box with default shares open and you put some family pictures or other private documents under My Documents and you can connect to that laptop wirelessly and show them how easily you can access to those files.

-For Wireless and Router protection: I would use a simple Linksys router without any security configuration on it and show them you can access to internet using their internet service and you can even access to their shared resources. I would do some data capturing on wireless but it would be very technical for them and they would reject to listen.

I don’t think these are very scary stories but hopefully it will be enough to horrify them ☺
Matt

Security Systems Products and Services
http://www.a1securitycameras.com


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx ] On Behalf Of donovan@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: Wednesday, May 28, 2008 5:19 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Need Horror Stories


Hi Jan,

Wow! After 19 years in the human services field and six years in IT I
think I DO "have a clue" what I'm really talking about. The last 10 of
these years was spent running one organization and on the boards of
three others. I've managed non-profits with budgets ranging from $0 to
$250k.

My challenge is that these folks are incredibly busy at the same time as
most are incredibly intimidated by technology. My goal here is to get
anecdotes that will enhance their buy-in on security. I have plenty of
solutions to offer; my challenge is to convince them to put the time
into implementing them.

While I'm here, this is a public service workshop, not a "sales pitch".
The solutions I'm offering are free; they just take work. This is what
creates my challenge. These folks are BUSY doing work that they enjoy.
To ask them to invest time into something (IT security) that they don't
understand, and don't like, is a tough sell.

Donovan


Hi Donovan,

I would suggest that you start to analiyze your customers needs by
previous understanding in which field are they operating and how they
work. I dont think that its a good idea to ask here for "entertaining
horror-stories", they wont help you in your workshop if you have no
clue
what are you really talking about.

Regards,
Jan







Relevant Pages

  • Re: A home computer is a forensic evidence room
    ... A security plan that first covers recovery, and data protection is key. ... Anyone within range of your wireless transmission could connect to your network and use it or capture your computing sessions. ... reset the wireless router to factory: press and hold reset 20 seconds. ...
    (alt.2600)
  • Re: Warning to all WiFi users: Evil twin WiFi access points proliferate
    ... wireless connections really don't care about the display name. ... Always use security on your computer, ... Add encryption for another layer of protection. ... That's the term for a Wi-Fi access point that appears to be a ...
    (rec.outdoors.rv-travel)
  • Re: Two wireless routers one network
    ... neighborhood kids trying to use my wireless than from any books or web ... I don't expect my customers to ... My level of security and paranoia largely depends on the risks and ... >>I notice you didn't say anything about my comments about monitoring ...
    (alt.internet.wireless)
  • MTIndia Newsletter - Proactive provisions to protect PHI
    ... on India's Information Security Environment. ... Security orientation of the Indian IT services and ITES-BPO market. ... Protection is through implication and therefore damages ... transcription and information management services to University of Michigan ...
    (sci.med.transcription)
  • Re: Wi-Fi question
    ... Wireless internet has been a security hole from day one. ... Both sides must have the same WEP key, which is usually a total of 64 ... The Auditor security collection is a GPL-licensed live CD based on ...
    (rec.outdoors.rv-travel)