Re: Active X security hole reported

• To: www-security@ns2.rutgers.edu
• Subject: Re: Active X security hole reported
• From: Sean Robert Wilkins <srw134@email.psu.edu>
• Date: Sat, 17 Aug 1996 14:31:22 -0400

>Date: Sat, 17 Aug 1996 14:29:58 -0400
>To: c_dantonio@harvard.edu (Chuck D'Antonio)
>From: Sean Robert Wilkins <srw134@email.psu.edu>
>Subject: Re: Active X security hole reported
>
>>Actually, the supposed computer elite can't usually keep up with everything
>>either.  The tone of many of the messages in this thread has been elitist,
>>but the key points are being lost therein.  I do not expect my users to
>>keep track of all of the latest web developments -- I expect that I'll
>>track security issues and keep them abreast of the potential for danger
>>from Java, Active X, and the next hot technology (connection to Inferno
>>purely coincidental).  I also expect some level of responsibility from the
>>vendors that I frequent with regards to providing safe software.  If a
>>particular browser or paradigm doesn't provide for adequate security, then
>>I'd rather my users not have access to it.  I have to fill the holes after
>>our security is breached, not the office or administrative staff who use
>>their computers to get the job done.  It's right that I should be angry
>>if they ignore a warning and end up creating extra work for me -- there's
>>plenty for me to do from day to day without firefighting!
>
>
>In response to this i do agree it is the responsibility of the net admin to
find out the latest on the web and networks security, and to let the users
know what may happen if you do this or that, Not to know exactly what is
going on but to say "hey, if you get this dialog it is like showing your
hand of cards to the other players in poker..". I do believe that if you let
the users know a BASIC idea of what will happen, they will comply when it
comes to web stuff and pay attention to the messages in IE or in Netscape a
little bit closer..
>
>>I don't click okay to warning boxes until I've become familiar with them.
>>And they can be written in such a way as to get your attention without
>>appearing as something to just click okay to and move on.  My problem
>>isn't with the users who chose to click okay, but rather with a vendor
>>that would make something as important as security seem so trivial.  To
>>draw on your landmine analogy, if my commanding officer said to charge
>>ahead into a field because fields never contain mines (much in the way
>>that Microsoft encourages you to click okay to a security warning since
>>most messages are trivial) then I would hope that his commanding officers
>>and the media and everyone else who felt some responsibility for my
>>well-being would be infuriated.  If however, he warned me that their
>>might be mines ahead in a way that registered, I'd expect a much different
>>reaction -- perhaps for everyone to think I was stupid.
>>
>
>I have to say i agree with this point also if the messgae are to get better
(and they are (SLOWLY)) it will help the less computer literate to weed out
the problem area's..
>
>
Sean Robert Wilkins
Student , Staff, and the intelligent tech guy.
(SRW134@PSU.EDU)
Msg me for Public Key
Key fingerprint =  65 8B 83 06 63 AB B3 CA  55 59 81 1C 27 B3 B1 4C 
LTR
---LTR---

• Previous: Re: Combining authentications
• Next: Re: Getting off
• Index(es):
  • Index
  • Thread