[kwlug-disc] OT: Hotmail/Yahoo account breakins
unsolicited
unsolicited at swiz.ca
Sat Feb 16 19:16:42 EST 2013
It's hard to explain / get acceptance / effect with users. Especially
for Paul given the extreme wide variety of users he faces. e.g. Homeless
wandering into his computer lab for a few hours at a time, people buying
windows machines from computer recycling, etc.
Very time consuming, and limited success.
Arguably, for those environments he can control, ip restrictions /
packet inspection may be the most effective, but given his EASL
environments, merely blocking Russia and China may not be acceptable.
Or auto-installation via scripts to his own organization's supplied
computers logging in to his own domain - but very time consuming. Much
like auto-updating windows / security updates.
And he is only one, or a very few, guys. I suspect Paul has the widest
range of users, and user capabilities, of anyone I know. Offering both
public and internal facilities, doing what he can for the former, and
trying to protect the latter.
There are only so many hours in a day, and many claims on his time.
On 13-02-16 01:43 PM, Bob Jonkman wrote:
>
> Using the NoScript plugin to block Javascript, XSS and CSRF is probably
> *the* one most effective form of protection. I'm surprised (and
> dismayed) that you're not going to recommend NoScript.
More information about the kwlug-disc
mailing list