<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly </TITLE>
</HEAD>
<BODY>
<BR>
<BR>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Valdis.Kletnieks@vt.edu [<A HREF="mailto:Valdis.Kletnieks@vt.edu">mailto:Valdis.Kletnieks@vt.edu</A>]</FONT>
<BR><FONT SIZE=2>Sent: Tuesday, 30 September 2003 11:49 PM</FONT>
<BR><FONT SIZE=2>To: Chris Cozad</FONT>
<BR><FONT SIZE=2>Cc: 'Paul Schmehl'; 'full-disclosure@lists.netsys.com'</FONT>
<BR><FONT SIZE=2>Subject: Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of</FONT>
<BR><FONT SIZE=2>Mo nopoly </FONT>
</P>
<BR>
<P><FONT SIZE=2>On Tuesday, 30 September 2003 11:49 PM, Valdis.Kletnieks said:</FONT>
</P>
<P><FONT SIZE=2>>> Do you really think you could convince the average user that they need to</FONT>
<BR><FONT SIZE=2>>> know this much about security? I mean, most users see their computers (and</FONT>
<BR><FONT SIZE=2>>> the network, servers, phones, faxes, etc...) as a tool to do business with.</FONT>
<BR><FONT SIZE=2>>> Nothing else. The computers are there to do a job, or help get a job done,</FONT>
<BR><FONT SIZE=2>>> and nothing else. It is not so much that they don't know, it is that they</FONT>
<BR><FONT SIZE=2>>> don't need to know.</FONT>
</P>
<P><FONT SIZE=2>>This argument is a total crock. Most people manage to drive cars that</FONT>
<BR><FONT SIZE=2>>remain operational, because they either learn how to do the maintenance</FONT>
<BR><FONT SIZE=2>>themselves, or they outsource it to a guy called a "mechanic".</FONT>
</P>
<P><FONT SIZE=2>>Here.. let's do a s/computer/cars/ on that paragraph:</FONT>
</P>
<P><FONT SIZE=2>You are just re-wording my point. Security Personel are the mechanics in your example. There are two types of people user) in the computer world. There are those that have an interest in how things work, and those that don't care, or don't want to know. Our problem is that the vast majority of users out there don't care about security. And these people probably don't need to know. They are accountants, sales people, managers, trainers, etc... They are employed for their abilities in other areas.</FONT></P>
<P><FONT SIZE=2>I suppose I could follow your example, and come up with a different analogy. These same people that use our computers also use photocopiers. They don't necessarily know all the functions that are available on that machine, nor do they know how to fix it when it breaks. They may just know how to put a piece of paper in the top, and make 10 copies come out the bottom. But that is fine. Thats all they need to know to sell their product, or do their accounts, or whatever.</FONT></P>
<P><FONT SIZE=2>I could keep going with coffee machines, printers, calculators, etc..., but you get the point.</FONT>
</P>
<P><FONT SIZE=2>>> Do you really think you could convince the average person that they need to</FONT>
<BR><FONT SIZE=2>>> know this much about fuel injectors? I mean, most people see their cars (and</FONT>
<BR><FONT SIZE=2>>> the network, servers, phones, faxes, etc...) as a tool to do business with.</FONT>
<BR><FONT SIZE=2>>> Nothing else. The cars are there to do a job, or help get a job done,</FONT>
<BR><FONT SIZE=2>>> and nothing else. It is not so much that they don't know, it is that they</FONT>
<BR><FONT SIZE=2>>> don't need to know.</FONT>
</P>
<P><FONT SIZE=2>>I'll point out that the average car no longer comes with a crank to start it,</FONT>
<BR><FONT SIZE=2>>or a manual choke button that you have to remember to push back in. The</FONT>
<BR><FONT SIZE=2>>average car no longer needs major maintenance every few hundred miles.</FONT>
</P>
<P><FONT SIZE=2>>So why are we tolerating computers that have cranks and choke buttons and</FONT>
<BR><FONT SIZE=2>>need major maintenance every few hundred hours?</FONT>
</P>
<P><FONT SIZE=2>We definitely shouldn't tolerate this, but until there is a viable solution.......</FONT>
</P>
<P><FONT SIZE=2>Chris</FONT>
<BR><FONT SIZE=2>--------------------------------------------------------------------------------------------------------------------</FONT>
<BR><FONT SIZE=2>This email and any files transmitted with it are confidential and</FONT>
<BR><FONT SIZE=2>intended solely for the use of the individual or entity to whom</FONT>
<BR><FONT SIZE=2>they are addressed.</FONT>
<BR><FONT SIZE=2>If you have received this email in error please notify the</FONT>
<BR><FONT SIZE=2>originator of the message. This footer also confirms that this</FONT>
<BR><FONT SIZE=2>email message has been scanned for the presence of computer viruses.</FONT>
</P>
<P><FONT SIZE=2>Any views expressed in this message are those of the individual</FONT>
<BR><FONT SIZE=2>sender, except where the sender specifies and with authority,</FONT>
<BR><FONT SIZE=2>states them to be the views of Service Corporation International Australia.</FONT>
</P>
<P><FONT SIZE=2>Scanning of this message and addition of this footer is performed</FONT>
<BR><FONT SIZE=2>by SurfControl SuperScout Email Filter software in conjunction with </FONT>
<BR><FONT SIZE=2>virus detection software.</FONT>
</P>
<br>--------------------------------------------------------------------------------------------------------------------<br>This email and any files transmitted with it are confidential and<br>intended solely for the use of the individual or entity to whom<br>they are addressed.<br>If you have received this email in error please notify the<br>originator of the message. This footer also confirms that this<br>email message has been scanned for the presence of computer viruses.<br><br>Any views expressed in this message are those of the individual<br>sender, except where the sender specifies and with authority,<br>states them to be the views of Service Corporation International Australia.<br><br>Scanning of this message and addition of this footer is performed<br>by SurfControl SuperScout Email Filter software in conjunction with <br>virus detection software.<br></BODY>
</HTML>