RE: CRIME Microsoft Windows XP question

From: Christiansen, John (SEA) (JohnC@private)
Date: Fri Jan 03 2003 - 11:25:27 PST

  • Next message: George Heuston: "CRIME FW: [Cyber_threats] Daily News 01/03/03"

    Can't help jumping in, because I caught my own 8 year old daughter hacking
    my computer several months ago. It was a function of my failing to recognize
    her potential (and so failing to take sufficient precautions when I let her
    play a game on it) and her curiosity; once she got a sense of what she was
    playing with the logic of the systems just seemed to engage her. So for now
    Dad has set up better controls and checks up on her activities regularly;
    probably for her next birthday she gets her own PC; and she gets to do 2
    sessions of computer camp next summer. 
    
    Seriously, though, one recurring type of material security concern is shared
    use of home PCs with remote access capabilities - it's one way MS got hacked
    big time - and one of my recommendations is therefore that policies should
    prohibit teleworkers from sharing such PCs. 
    
    John R. Christiansen
    Preston | Gates | Ellis LLP
    701 Fifth Avenue, Seattle, Washington 98104
    *Direct: 206.613.7118 - *Cell: 206.683.9125
    * johnc@private
    
    
    -----Original Message-----
    From: Andrew Plato [mailto:aplato@private]
    Sent: Friday, January 03, 2003 11:09 AM
    To: crime@private
    Cc: Rosenquist, Matthew
    Subject: RE: CRIME Microsoft Windows XP question
    
    
    You could argue that this is a classic case where a "security policy"
    was needed. The father could easily teach his daughter that the PC is
    not for her use and that tampering with the machine would have
    consequences (i.e. no drivers license, grounded, etc.) 
    
    However, its seems to me Dad should be happy his daughter is hacking
    PCs. She could be rotting her brain out on reality television and
    Britney Spears. 
    
    ------------------------------------
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    (503) 644-5656 office
    (503) 201-0821 cell
    http://www.anitian.com
    ------------------------------------ 
    
    
    
    -----Original Message-----
    From: Rosenquist, Matthew [mailto:matthew.rosenquist@private] 
    Sent: Friday, January 03, 2003 8:42 AM
    To: 'crime@private'
    Cc: 'emetzler@private'
    Subject: RE: CRIME Microsoft Windows XP question
    
    
    Following this thread has been quite entertaining.  I have witnessed a
    group of technologists attempting to derive technical solutions,
    essentially barriers, to help one father protect his PC from his
    daughter.  Very creative, complex, and expensive ideas have surfaced,
    been torpedoed, and subsequently raised again in a different
    incarnation.  Yet, we miss the obvious.  
    
    In this case, as in others we rarely speak of, it is most efficient to
    interdict the attacker.  No complex configurations, hardware upgrades,
    or additional locking mechanisms necessary.  She has physical access to
    the PC, and could rebuild the system, soak it in the bathtub, put
    refrigerator magnets on the hard drive, etc.  Practically, she will
    always have access to the PC. 
    
    The answer:  Remove the threat through behavior modification.  Tell the
    daughter, if she does it again, she will not be allowed to obtain a
    drivers license until she is 18 years of age (or substitute deterrent
    message of fathers choosing).  If given the choice of being able to
    deter an attack or hardening the system, I choose effective deterrence
    every time.
    
    My humble opinion.  (and yes, I realize the various side threads of this
    discussion scales beyond the original issue, but so does what I am
    saying)
    
    M.Rosenquist
    



    This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:55:02 PST