North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
OT: Re: User negligence?
Sean, I humbly disagree. It is not user negligence, but rather neglgence on behalf of the entity's systems team, or perhaps the entity's failure to support their own systems team by hiring competent staff instead of relying on people who play office politik or look nice in a suit and tie. User's are not expected to be secure their machines, or even barely know more than how to use a handful of applications. In the bank's case hopefully they are supposed to be financial experts. One can also blame the entity for basing their operations on a joke operating system of course (tired argument). Not calling it a breach of security is simply.. ridiculous. It is a most flagrant breach of security if they can't even secure their own internal networks and systems. Host level security should be the easiest thing to accomplish given competent systems staff. The entity should have had a team in place that protected systems, disabled vulnerable services running on the joke operating system, and that stayed on top of any threat no matter what day of the week it happened to be. Nothing like berating the obvious. This is off topic and I'm not going to pursue this further on this list. Len Sean Donelan said: > Unfortunately there are a lot, and growing number, of self-infected PCs > on the net. As the banks point out, this is not a breach of the bank's > security. Nor is it a breach of the ISP's security. The user infects > his PC with a trojan and then the criminal uses the PC to transfer money > from the user's account, with the user's own password. > http://www.iol.co.za/index.php?click_id=13&art_id=qw1059039360281B215&set_id=1 > "The fact that hackers got access to bank customer's accounts was not due > to inadequate security at the bank, but due to "user negligence", an > e-commerce company said on Thursday. > [...] > "Consumers should be vigilant when opening emails. If they receive strange > emails, or emails from people or companies they do not know, it is better > not to open the mail - especially attachments. These intrusions were > clearly not a result of any vulnerability in Absa's Internet security."