nCircle.com >> 360 Security

« Decision Making | Main | SCADAGard SIG To Be Established »

Trains

I take the train to and from work every day. I like taking the train because it gives me the opportunity to relax and catch up on any reading that I want to do. Other people on the train either read, sleep, stare blankly out the window or do work on their laptops. Since the ride is very quiet, it allows people to do any of the above things easily.

The setup of the train itself is in groups of four seaters, with two people facing two others. This morning I just happened to be sitting beside a gentleman working on his laptop. He was a well dressed, older gentleman who could only type with his two index fingers (i.e. He typed very slowly). The scary part, at least coming from my skewed security point of view, is that he was not aware of anything around him. I, in the process of twenty minutes, could tell you the following information:

His full name
His title
His username
His password (Which was written on a post-it note on his laptop)

Plus a whole lot of additional information about him that I won't mention here.

The real kicker of it all is that he left his laptop (RUNNING !!!!) on the seat as he went to the washroom. How does an admin stop something like this? It really scares me that people still don't understand (or ignore) the possible consequences of doing things like leaving your password on a post-it. Security professionals and admins have been trying to train users to follow basic security steps for years, and there are still people out there who don't follow them.

I could just imagine the frustration of an admin who tries to convince a user repeatedly about following best security practices. It's frustrating me right now just thinking about it and I don't do it on a daily basis.

(As a sidebar: I wonder how many "average" users really understand the basics of security. As an example, does the average user realy know what SpyWare is, other than the fact that it's mentioned in the news all the time and that it is bad? I think buzzwords can be useful sometimes, but do people really get what SpyWare (or any other security buzzwords) means?)

Posted by Ryan Poppa on May 25, 2005 9:36 AM |

Search


About

This page contains a single entry from the blog posted on May 25, 2005 9:36 AM.

The previous post in this blog was Decision Making.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]