David Walker linux_user at grax.com
Wed Aug 22 17:07:05 UTC 2001

Which is why I think we need to orient/educate them.  A friend of mine
kept saying that until his machine was compromised and I could show him
what they were doing.  (They {a person or a script} came in through an
open printer daemon and set up a listener to capture any plain text
passwords on the local network as well as modifying system commands to
cloak their presence.)

People need to realize that their computer can be used in denial of
service attacks or to cloak the source of a criminal infiltration into
all sorts of networks from department of defense to Aunt Millie's
E-commerce Cookie Store.

They also need to realize that their computer is targeted purely because
it has a security opening and that people just scan for that
specifically.  Most computers are compromised purely because they have
easy to exploit security holes.

Even if they don't care about the person being attacked I would think
people might object to being a puppet or having their quality of service
reduced because most of their bandwidth is being hogged running a ping
command for a DOS attack.

I have done end user tech support (Windoze network).  Speak slowly,
repeat yourself often, and stall by saying "gee.  that should work" or
typing "dir" a few times so they see the screen keep moving and don't
realize you're still trying to think.  Seriously though, I found that my
users were all capable of understanding.  Some of them were just lazy.
"just make it work", they'd say.  If it was something basic I'd make
them do it and after a while my job got much easier.

On Wednesday 22 August 2001 11:40, you wrote:
> A long time ago, in a galaxy far, far way, someone said...
> > A basic security orientation (booklet or something) for new cable
> > modem/dsl users would be great to see also.
> Perhaps.
> I don't know if you've ever done end-user tech support but even the
> simplest things confuses the hell out of John Q Public.  And that includes
> trying to convince them *why* security is important.
> All too often I've heard "But why should I care if my computer gets
> hacked?  There's nothing important on it."
> Phil

More information about the OLUG mailing list