North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network and security experts (was Re: Dumb users spread viruses)

  • From: Steven M. Bellovin
  • Date: Mon Feb 09 13:52:31 2004

In message <[email protected]>, "Wayne E. Bouchard" writes:
>On Mon, Feb 09, 2004 at 12:41:26PM -0500, Sean Donelan wrote:
>> On Mon, 9 Feb 2004, John Payne wrote:
>> > --On Sunday, February 8, 2004 10:46 PM +0000 Paul Vixie <[email protected]>
>> > wrote:
>> > > There is nothing wrong with a user who thinks they should not have to kn
>> > > how to protect their computer from virus infections.
>> > However, someone attending NANOG should at least have cleaned up slammer
>> > before connecting to the wireless...
>> I have never seen any evidence that security experts or network operators
>> are any better at practicing security than any other user group.  In every
>> forum I've been at, the infection rates have been similar regardless of
>> the attendees security experience.
>This is dramatically demonstrated by the number of NANOG attendees
>that do not utilize encrypted paths to communicate back to their
>offices and who do not maintain at least passable password standards
>for their own accounts. It always astonishes me to see passwords such
>as "asdfg", "microsoft", and "password" come up on that list.

Yah -- and you see that on telnets and snmp queries to live routers, 
on the nanog wireless net.  That's *after* the demonstration that a few 
of us did last time...

		--Steve Bellovin,