The most insecure part of your network is...

IT World ^ | 11 January 2010 | sjvn

[martin_fierro]

True tech support story from back in the days of 5.25" floppy drives:

A galpal of mine is having trouble with a program on the hard drive. She calls tech support. Looks like she'll have to reinstall the program from floppy disks.

• Tech guy: Take the floppy disk out of the protective envelope. Galpal: Check.
• Tech guy: Put the floppy disk face up in the drive. Galpal: Check.
• Tech guy: OK, now close the door. Galpal: Gets out of her chair, crosses the room, and closes her office door.

[Dead Corpse]

That's one of Murphy's Laws.

"Just when you've made things idiot proof, someone invents a better idiot."

[Future Snake Eater]

Luckily we have a complete idiot working here in my shop, so whenever I create a new database/interface, I turn her loose on it. She finds holes in my security I never would’ve dreamed of! There really are such things as “useful idiots”! lol...

[stuartcr]

That’s the ultimate solution to all our problems.

[Still Thinking]

Every time I figure there’s NO WAY someone could be dumber than that last guy, an even dumber one shows up to prove me wrong.

We have a related rule in engineering. If you think you've finally made something foolproof, the universe will upgrade to a better class of idiots.

[Still Thinking]

Tech guy: Take the floppy disk out of the protective envelope. Galpal: Check.

When I got to this point, I was afraid the plastic jacket on the actual disk was going to be the "protective envelope"!

[willyd]

I would say the Pentagon and the city of Troy as the two most memorable.

[TChris]

...your real security problem is the people sitting between their keyboards and their displays.

If you're sitting between your keyboard and your display, you have WAY more problems than just computer security!

"Doctor, my neck hurts. I always have to look over my shoulder to see my monitor."

[discostu]

Yup, the weakest part for security anywhere and on anything is the people. For computers it’s the dinguses that click on any damn thing that crosses their desktop running in god mode, doesn’t matter what the OS is, or what AV they’re running, the clickity clickities will manage to get every piece of malware available. They’re why trojans are the most successful method of delivering malware.

[paulycy]

HA! Good catch!

[MortMan]

The problem is ALWAYS that nut behind the keyboard...

[valkyry1]

Did she also use the mouse like a gas pedal and the CD-Rom drive as a retractable cup holder ;)

[stylin_geek]

End users I can deal with. At least, the lower level end users. They may complain when I tighten security, but, in the end, they have no choice.

The problem end users are invariably CEO’s, CFO’s, etc.

They tend to think security is for the little people.

[stylin_geek]

One company I worked for had allowed end users to install AOL on their work computers.

Eventually, I won the battle and got that crap removed. I also removed the ability to install software in the process.

The complaints I received when I instituted a password policy that required regular password changes were unreal.

[Future Snake Eater]

It’s the exact same way in the military. Commanders, XOs, Sergeants Major....if they want to do something against security principles, all I can do is advise against it, but, in the end, I make it happen for ‘em.

[Billthedrill]

So we got a user who responded to a phishing email with his login name and password. All of a sudden his account is a spammer to the world. Fine, OK, it happens - we clean his workstation up and change his password, etc, etc. A week later he's a spammer to the world again. What happened? "Oh, I changed my password back to the old one because I can remember it better."

Why isn't murder legal?

[ShadowAce]

I’ve always insisted that computers are complex tools—much like table saws and lathes. Users should be required to go through training to be allowed to use one.