[67406] in North American Network Operators' Group
Re: Network and security experts (was Re: Dumb users spread viruses)
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Feb 9 13:50:13 2004
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Wayne E. Bouchard" <web@typo.org>
Cc: Sean Donelan <sean@donelan.com>, John Payne <john@sackheads.org>,
nanog@merit.edu
In-Reply-To: Your message of "Mon, 09 Feb 2004 11:12:58 MST."
<20040209181258.GA34537@typo.org>
Date: Mon, 09 Feb 2004 13:39:33 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <20040209181258.GA34537@typo.org>, "Wayne E. Bouchard" writes:
>
>On Mon, Feb 09, 2004 at 12:41:26PM -0500, Sean Donelan wrote:
>>
>> On Mon, 9 Feb 2004, John Payne wrote:
>> > --On Sunday, February 8, 2004 10:46 PM +0000 Paul Vixie <vixie@vix.com>
>> > wrote:
>> > > There is nothing wrong with a user who thinks they should not have to kn
>ow
>> > > how to protect their computer from virus infections.
>> > However, someone attending NANOG should at least have cleaned up slammer
>> > before connecting to the wireless...
>>
>> I have never seen any evidence that security experts or network operators
>> are any better at practicing security than any other user group. In every
>> forum I've been at, the infection rates have been similar regardless of
>> the attendees security experience.
>
>This is dramatically demonstrated by the number of NANOG attendees
>that do not utilize encrypted paths to communicate back to their
>offices and who do not maintain at least passable password standards
>for their own accounts. It always astonishes me to see passwords such
>as "asdfg", "microsoft", and "password" come up on that list.
>
Yah -- and you see that on telnets and snmp queries to live routers,
on the nanog wireless net. That's *after* the demonstration that a few
of us did last time...
--Steve Bellovin, http://www.research.att.com/~smb
