[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Linux - and security

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Linux - and security
From: Martijn Grooten <sweetwatergeek@xxxxxxxxx>
Date: Fri, 2 Nov 2012 11:58:43 +0000
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=ODr9q5WJSwpFOD+xzCbgxxF3Mm2B6yi91ZNEn2NOk6E=; b=JboNH3b3XuLMbumNho/cUEW7YWE6NLnie+EX1jO9bglapsxmhxGOcAkwIXxtiRlodJ n46fUpTcweK3dP7+7QkyXcOhkyGowTYbbXc+d5hCjRbDwcnLTevR8FpCPYNPO2RFqyi3 8fRIQqZzpA3zaBHXComkOTws5uvfR708FYypMGygUn1AFuG2X9E5HrDo63mCF1ZYwprP At6zqGzZjcDBpko5ulDtfof86+kqKn6dy3wn9GU3Xmue1p6uNlf+dafpuL88E9apcz7X AtBoUdN2YvJmS+OBeNYwj7IiM0XeeztL+oC65whAO9OXBhoJSFLbaSsPNjIp9uqbH1K2 5xGg==

On Fri, Nov 2, 2012 at 11:32 AM, paul sutton wrote:
> Can we perhaps come up with something that can be used to teach computer
> security to school children perhaps

I have to say I'm always a little sceptical about the effects of
education, especially when it is seen as a silver bullet.

A lot of education is focused on existing problems. It's good that
people are made aware of them, but the malware authors tend to react
and change their tactics. For instance, after years of us warning
people about how phishing emails can lead to account compromises, a
lot of today's phishing emails actually warn you about account
compromises (and then tell you to "take action" to regain access).

Or to take your example of a links URL showing in your browsers:
that's true, but a lot of good and bad sites use redirection. So links
in Twitter show as t.co (which, though not necessarily a great idea,
actually adds an extra protection layer), but recent spam campaigns
used a lot of .gov URLs to redirect to malware/spam sites. So even
though in general I would say URLs from the US government are more
secure than those registered in Colombia, it's not always the case and
believing you're more secure because you know where the link goes may
actually do more harm than good.

Last month was Cyber Security Awareness Month (in the US and, I
believe, also in the EU). Its slogan was/is "Stop. Think. Connect.",
so Stop before you're about to do something, Think about whether it is
genuine and then Connect to the site if it is. It's a nice idea of
course and it isn't too specific. It should still apply in ten or
twenty years.

But when presented with a link to (or on) say Facebook or Twitter,
many people don't follow this advice, because they 'know' it is
genuine. I do the same. Except that I may have a slightly better
(though not perfect) sense of 'knowing' when a link is genuine, but
it's hard to make that distinction.

> perhaps as a group we can look in to helping draw something up

I applaud your efforts, but a lot of effort (and money) has been spent
on this by governments, security companies and volunteers. I'd be
surprised if we could come up with something better than what others
have come up with.

(I don't know very much about actual programs that are available. If
there's interest I'd happily have a look at them.)

Martijn.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] Linux - and security
  - From: Neil Winchurst
- Re: [LUG] Linux - and security
  - From: Gordon Henderson
- Re: [LUG] Linux - and security
  - From: paul sutton

Prev by Date: Re: [LUG] Linux - and security
Next by Date: Re: [LUG] Linux - and security
Previous by thread: Re: [LUG] Linux - and security
Next by thread: Re: [LUG] Linux - and security
Index(es):
- Date
- Thread