Just read the EULA.

I was talking with a co-worker the other day about EULAs. I was wondering what would happen if a piece of software were to format your computer after one week of use and it was stated in EULA? How long would it take for someone to notice that it was stated there? Even if it was stated could or would you even know that this would happen? I think there needs to be two EULAs. One for the lawyers and one for the Common folk. (Sadly I think the lawyers would need to approve our version too.)

Apathy or Stupidity?

If you go to a restaurant and get bad service do you go back again? For most of us “No!” So why do people still go on Facebook or shop at Sears? These places have done terrible things with our data but it doesn’t seem to matter. Look at TJX’s stock after all that happened. The general public has to make a stand that their personal information is important to them and the best way to do this is to stop using companies that take you for granted. I don’t use Facebook and I’m not going to shop at Sears anymore. Why should I trust them? Just read the EULA.

Babysitting

It’s NOT babysitting if its your own kid!  — Wives’ everywhere

Phishing

Phishing

*Update Looks like someone is doing this check out: http://ntcanuck.com/

So everyone knows that Phishing is Bad. The problem is that people click a link or mistype a link. So why not have a program that mimics a DNS server locally. Or rather a nice interface to the hosts file. Currently many people and products route adware to 127.0.0.1. Why not add commonly used sites to that list. I guess the thought is more of a white list for known sites.

CSO Explains Security

A group of people from Company X where having a meeting about security and most of the people didn’t understand why they needed to change the way things were being done. So the CSO asked everyone to “Please put your wallets and purses on the table.” Then he proceeded to explain how he didn’t like the room and felt that the group should move to different room. He asked that everyone leave their wallets and purses on the table while they were gone. Everyone objected to this because the wallets and purses are very personal.

The question that was then asked is “How is this different than confidential materials of the Company?”

Informal Reviews

This idea to promote Awareness has two parts:

Part 1:
Setup a company webpage with the “best practices” for office security. This might need to be approved by HR.

The webpage would have things like:

Ctrl, Alt, Delete, When not in your seat!
Lock your door when you leave.
Don’t leave confidential papers on your desk.
Lock your desk.

Part 2:
If while performing our other duties we notice that a person is not doing these things then we pop into their office and leave a Special Business card. (I’d say wait 1 minute in the office before leaving the card.)

The front of the card would have the Company logo and the Words “Security Awareness is everyone’s job’ and a link to the “best practices” page.
The back of the card would have boxes to check what was wrong. It’s an informal Security Audit.
 

The keyword is “Informal.” The fact that they are not getting written up for violations and not getting lectured about what is wrong gives them a chance to change on there own.

Tag Lines

Here are some cute and simple tag lines to add to your e-mails to quietly remind people about security. As always if you have some suggestions please e-mail me.

Sample Tag Lines or Signature files

  • Ctrl, Alt, Delete, When not in your seat!
  • You lock up your wallet or purse when you leave your desk. Why not your computer?
  • Security is everyone’s job.
  • Did you lock your car today? Why not your office?
  • “Sec rity” is not complete without U.
  • Have you been Phished today? Let us know…

Education

I’ve listened and read lots of reports about security, I’ve noticed that one common theme is that our users need to be educated. The education needs to be presented in a non-confrontational, but memorable manner. If the presentation needs to be confrontational then remember that there needs to be a way for the user to “Save Face.” If you don’t they will not learn anything and they will resent you even more.

So with that I’m collecting and creating some simple training material to promote Security Awareness.

Welcome

Hi,

I’m Dave. This site is dedicated to things relating to Computer Security. Mostly it is going to be for the discussion of funny computer related security stories. It works like this. You e-mail me the story, I make sure the content doesn’t give away any vital corporate type information and then I post a web page with your story. Removing all header info (cut and paste into a blank form.) This lets me control the content of what is posted.

For now please e-mail d @ securi-d .com. Please put the words “Securi-D Story Submission” in the subject line.