<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE></TITLE>
<META content="MSHTML 6.00.2900.2627" name=GENERATOR></HEAD>
<BODY>
<DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=951060815-16052005>> </SPAN>What about power users? Should those of us
with more computer literacy than the average user be more responsible
for </FONT></FONT></FONT></DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=951060815-16052005>> </SPAN>securing our systems?
</FONT></FONT></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=951060815-16052005>How
could we tell if someone is computer literate enough to be responsible. I know
of people who have more than average skill in on area of IT with little or no
idea of security besides not using there dog's name as a password. In my opinion
the only place where responsibility can be placed with any hope of a provable
accountability is at the provider level. That is probably as granular as
accountability can go on an individual basis.</SPAN></FONT></DIV><BR></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
wplug-bounces+joseph.petrucci=ddiworld.com@wplug.org
[mailto:wplug-bounces+joseph.petrucci=ddiworld.com@wplug.org]<B>On Behalf Of
</B>Michael Smith<BR><B>Sent:</B> Monday, May 16, 2005 7:50 AM<BR><B>To:</B>
General user list<BR><B>Subject:</B> [wplug] OT: "Enough"
security<BR><BR></FONT></DIV><!-- Converted from text/enriched format -->
<DIV>The HT Security notice that's been circulating recently brings to mind...
</DIV><BR>
<DIV>I've been interested for some time in the <I>personal responsibility</I>
ramifications of I.T. security. Should a home user be held responsible for
attacks launched from his zombie computer based on the fact that he didn't
(know to) secure it properly? </DIV><BR>
<DIV>What about power users? Should those of us with more computer literacy
than the average user be more responsible for securing our systems? </DIV><BR>
<DIV>I think the answer to both of these questions is "yes," as a matter of
degrees. Given, however, that no connected computer can ever be 100% secure,
how much is enough? If my mom leaves windows automatic updater running, and
antispyware and antivirus active and UTD, is she then fulfilling her
responsibilities as a member of the Internet community? </DIV><BR>
<DIV>What about me? Does the fact that I run a highly customized Gentoo box
leave me with more responsibility, or does keeping it up-to-date and keeping
my overall network secure fulfil that? </DIV><BR>
<DIV>What are your thoughts? If anyone knows the legal ramifications, that'd
be interesting, and I'd also like to know your positions on the morality of
the matter. </DIV><BR>
<DIV>Peace, </DIV>
<DIV>Michael A. Smith</DIV></BLOCKQUOTE></BODY></HTML>