Can't help jumping in, because I caught my own 8 year old daughter hacking my computer several months ago. It was a function of my failing to recognize her potential (and so failing to take sufficient precautions when I let her play a game on it) and her curiosity; once she got a sense of what she was playing with the logic of the systems just seemed to engage her. So for now Dad has set up better controls and checks up on her activities regularly; probably for her next birthday she gets her own PC; and she gets to do 2 sessions of computer camp next summer. Seriously, though, one recurring type of material security concern is shared use of home PCs with remote access capabilities - it's one way MS got hacked big time - and one of my recommendations is therefore that policies should prohibit teleworkers from sharing such PCs. John R. Christiansen Preston | Gates | Ellis LLP 701 Fifth Avenue, Seattle, Washington 98104 *Direct: 206.613.7118 - *Cell: 206.683.9125 * johnc@private -----Original Message----- From: Andrew Plato [mailto:aplato@private] Sent: Friday, January 03, 2003 11:09 AM To: crime@private Cc: Rosenquist, Matthew Subject: RE: CRIME Microsoft Windows XP question You could argue that this is a classic case where a "security policy" was needed. The father could easily teach his daughter that the PC is not for her use and that tampering with the machine would have consequences (i.e. no drivers license, grounded, etc.) However, its seems to me Dad should be happy his daughter is hacking PCs. She could be rotting her brain out on reality television and Britney Spears. ------------------------------------ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com ------------------------------------ -----Original Message----- From: Rosenquist, Matthew [mailto:matthew.rosenquist@private] Sent: Friday, January 03, 2003 8:42 AM To: 'crime@private' Cc: 'emetzler@private' Subject: RE: CRIME Microsoft Windows XP question Following this thread has been quite entertaining. I have witnessed a group of technologists attempting to derive technical solutions, essentially barriers, to help one father protect his PC from his daughter. Very creative, complex, and expensive ideas have surfaced, been torpedoed, and subsequently raised again in a different incarnation. Yet, we miss the obvious. In this case, as in others we rarely speak of, it is most efficient to interdict the attacker. No complex configurations, hardware upgrades, or additional locking mechanisms necessary. She has physical access to the PC, and could rebuild the system, soak it in the bathtub, put refrigerator magnets on the hard drive, etc. Practically, she will always have access to the PC. The answer: Remove the threat through behavior modification. Tell the daughter, if she does it again, she will not be allowed to obtain a drivers license until she is 18 years of age (or substitute deterrent message of fathers choosing). If given the choice of being able to deter an attack or hardening the system, I choose effective deterrence every time. My humble opinion. (and yes, I realize the various side threads of this discussion scales beyond the original issue, but so does what I am saying) M.Rosenquist
This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:55:02 PST