North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: OT: Re: User negligence?
On Sun, 27 Jul 2003 00:56:28 EDT, Len Rose <firstname.lastname@example.org> said: > I humbly disagree. It is not user negligence, but rather neglgence on > behalf of the entity's systems team, or perhaps the entity's failure > to support their own systems team by hiring competent staff instead > of relying on people who play office politik or look nice in a suit > and tie. User's are not expected to be secure their machines, or > even barely know more than how to use a handful of applications. > In the bank's case hopefully they are supposed to be financial experts. Right. The problem was that it was exactly that clueless *USER* machine that got trojaned. So for instance, if you are one of the people who got burned by the recent Kinko key-sniffer hacks, and the hacker used the info to logon to your bank account, in what way is the bank liable? What *realistic* steps is the bank supposed to take? (Hint - what percentage of *security professionals* use an S/Key or similar for remote logins?)