* Posts by Grecs

4 publicly visible posts • joined 8 Apr 2009

Loudmouth workers leaking data through social networking sites

Thumb Down

@Anonymous Coward

Cool down Anonymous Coward. I'm in the trenches like most everyone else - no manager here.

I just see time and time again that people just don't get it unless you slap them over the head with it again and again in a number of different ways.

You can't go at this in a willy-nilly way because it can quickly become a big waste of $$$. You need to put together some ongoing training plan to evolve the organization from being clueless into security-aware. That way you minimizing your changes of getting 0wned.

By the way, I hate you too. :)


It All Comes Down to User Awareness Training

Although this article brings up a lot of good points, I think one thing they are missing is continual user awareness training. Many security lapses, including blabbing sensitive information on social networking sites, are caused by unwitting users that just don't know any better. After major security events, most organizations take "diet" approach where everybody is trained and brought up to speed on the latest ways to avoid problems. Organizations need to instead make a lifestyle change and learn to "eat right" by investing in and managing a comprehensive security awareness program.

Security researchers fret over Adobe PDF flaw


No Scripting for You

Like I said on another post reporting the same thing ... "Scripting just needs to be off by default with a whitelist of known good sites. Users can then customize the whitelist to their own needs ... sort of like NoScript ... except I don't think NoScript works for Adobe products." I'd like to add that maybe alternative readers could also help - e.g., FoxIt. A little bit of variety makes it a little harder to get mass 0wnage at least.

MS blames non-Redmond apps for security woes


Agree but More Is Needed

To some degree this is true however MS does need to make the system more secure by default. Also you have to consider users due to the prominence of social engineering attacks.