Slashdot Mirror
Impressing Security Upon End-Users Visually?
get quad writes "I continually have to remind our end-users to be vigilant about the usual web security hazards, such as not clicking links in the occasional spam email that passes through our filters, avoiding suspicious websites, why some websites aren't entirely safe or appropriate for the work environment (Facebook apps, MySpace, remote access apps, proxies, etc), and the myriad other things an end-user can do to get into trouble. What I'm hoping to find are video or flash examples (mind you, in layman's terms) of what Web-based exploits/zero-day threats are capable of, how they can happen, and the harm they can ultimately cause — rather than posting links to technical docs the users will never bother to read. Getting the point across in a purely visual and less technical manner seems much more effective. Does anyone have any suggestions or experience with this type of training?"
Make a video where the user clicks "Run File" in Internet Explorer and then the building explodes.
Some users will "get it" with just a simple explanation. They're the easy ones to deal with. Give them an example, explain how it'll harm them, and they won't fuck up again.
Other users, however, should probably be treated like children, or in some cases, dogs. It doesn't matter how many times you tell or show them what not to do. They won't understand the harm it's causing.
Your only option is to yell at those idiots. Yell and yell and yell and yell. Make them feel like the shit that they are. They still won't understand why they shouldn't do the things you tell them not to do. They just won't do it to avoid your angry reaction.
Why cant users choose their own level of security - idiots be dammed. But I bet you find a whole bunch of people wise-up really fast. :P
How about just saying that we can't do our jobs right, so you need to be very careful instead, to cover our asses for us.
Even easier with better impact, just give a simple security message that any wrong action on their part can open a security hole - then flash the g'tse image.
Your users will not dare to violate your security rules after that, and probably not ever again for the rest of their lives.
...about computer security? Those work so well.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I was spending some time with some friends of mine a few months back when the inevitable malware conversation came up. These friends happened to all be quite computer illiterate. What I did instead of giving the usual spiel about malware was show them a better experience.
I sat them down and showed them how to use firefox with noscript. I showed them their favorite sites without all the baggage and they were amazed at the improved experience. I made sure I showed them how to use noscript with sites like facebook and still get what they wanted.
All of this was done in less than 15 minutes, and they now use this combination on a daily basis, not because of the improved security, but because of the improved experience. The fact that their security is improved is entirely incidental.
Note to firefox dev's, improve your enterprise management tools so that I can justify rolling out firefox to the enterprise after proving to management that it can be managed at the enterprise level. Enterprises need ways to consistently enforce policies with firefox using AD! Until this can be done firefox will never take over Internet Explorer in the Enterprise.
here is a great video that shows how to detect a phishing scam using examples http://www.youtube.com/watch?v=bzfPUmQcfDs
Symantec Security Response has an excellent video about Backdoor.Ghostnet on their youtube channel.
I think the message here is that if you don't practice safe computing, the tools exist that empower just about anyone to pwn you
You know what would be really cool? If you had a rewriting-proxy that would occasionally insert a cartoon spy in pages that could be unsafe, reminding/warning them about what could have happened. For example if they submitted a form with a password, and it wasn't encrypted, the spy could pop up and say "This password is unprotected, and could be snooped. Be sure not to use the same password for anything important!", and then have buttons the users could click to submit the form anyway or cancel. If they arrived on a form from a link (refer is set) you could insert the spy, reminding them to check that the URL is correct and not a phishing site, and to always type the URL for important sites, like banks.
Situational reminders like this (if not overdone) would do more to create an atmosphere of caution and thoughtfulness then a yearly presentation would.
http://www.scientificamerican.com/article.cfm?id=how-to-foil-phishing-scams
This is a good start and I'd recommend investigating the author's other published material.
Check out Cisco's website. Really. Most of the time, they have some videos geared towards marketing and business types. They even have some cute superhero thing about threats. It drives me crazy because usually I go there for technical purposes, I want to see configuration commands and tech docs. But every once in a while I'll find a good diagram or video which gets my point across to non-techie types.
FLR
Probably a better example would be looking for a "Taken" about computer security... At least, the start of the movie, no matter how much we would like to hit, shot, stab, and put a spammer/botnet hoarder under electric shocks until the light gets cut for no payment.
it doesn't matter how you explain it to them, whether it's pretty pictures or text, they won't understand or care.
http://cisr.nps.edu/cyberciege/ is a video game designed to teach computer security concepts. In addition to its more advanced scenarios, it includes a few simple "awareness" scenarios, the first of which directly addresses your topic. Further, this animated movie: http://cisr.nps.edu/cyberciege/movies/02CIEGE.html helps the layman understand why the problem of malicious software is so hard to solve. The link includes a free evaluation version of the game.
Redtail
I figured that most people would treat videos on computer security like the videos that teachers would show at school. Their reaction?
"NO WORK!!!"
I think that what's most effective is just enforcing your security policies using Group Policy or other management tools on the network. That way, you KNOW that most people won't violate any policies set forth, and those that do are the ones that didn't need the training in the first place.
If you're really adamant about educating your employees with videos and such, find REALLY GOOD videos that will hold their attention for their entire run. Remember, at the end of the day, those computers don't belong to them and most of them simply wish to get work done. Any teaching method which can exploit these two truths for educational value is probably worth watching.
My company's solution is to lock down the systems so tightly as to turn network systems into standalone systems.
Yes, they do, on a mass scale. When applied "properly" to things like smut, terrorism, gay marriage, etc, the "Reefer Madness" tactic works very well. In fact it's still working on the drug situation also. Otherwise prohibition would have been abolished a long time ago. Do not underestimate the power of "madness".
For justice, we must go to Don Corleone
Unfortunately, there should be another article titled "study confirms that computer system administrators are also mostly idiots"... but, of course, that wouldn't win any awards on a site like arstechnica, which caters to the computer geek set, which likes to pretend that they are not idiots.
Nor on a site like slashdot, for that matter. (Moderation: troll, here it comes.... guess I'd better click that "post anonymously" box, or else I'm gonna burn through karma...)
So why should they go to the inconvenience of not clicking on links that they want to, or not visiting any website that takes their fancy? By appealing to their "professionalism" or "humanity" or "team spirit" you're probably on a loser. While these might get them gee-d up for a short time, you can bet that unless there's some personal pain involved in doing it, they'll be back to their old habits in a few weeks time.
Once you can put security in terms a normal user will understand: i.e. If you click on a bad website, these bad things will happen TO YOU, they'll pay attention. Until then you haven't got a chance.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Nobody learns to avoid fire by being told. You have to get near and feel the heat to know you better not do it. So my advice is: make traps. Send them emails signed by other coworker asking for their password. Send them executable files that block their computer and flash a sign telling them that all their files are being erased, just because they executed a file from a unknown origin. All kind of traps, with nasty consequences if possible, you don't want them to click into everything because it can be another amusing idea of you. You want them scared of your ideas so that they look askance to every email or web page to see if it could be a trap. As they might be, so that's the right attitude.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
Boy, I thought you were going to avoid dangerous and annoying plugins ...
It is pretty simple really. You have to set policy and communicate it. Then, if policy is broken the company must actually follow up with the repercussions stated in the policy. People are pretty smart - they understand repercussions. If the company doesn't back up the policy then it's not a policy, and there's no real reason for users to follow it.
1) Download and install http://camstudio.org/
2) Start CamStudio.
3) Turn javascript OFF.
4) Stop CamStudio.
5) Post the video somewhere.
6) Send out general announcement e-mail with link to above video. Include sentence explaining that websites which don't work without javascript are inherently unsafe and unnecessary.
7) Relax and do something more interesting.
oh - i don't think anyone would argue that sysadmins aren't idiots - just in different spheres of knowledge or influence.
i certainly couldn't cope in finance or psycology, but I'm not put into situations where I am expected to have a full working knowledge of the minutae of those fields and then left to my own devices to function - 'idiot be dammed'
That's basically what lawnboy was apparently suggesting - and that's a theory alot of sysadmins would reject in practice (i would love it if everyone could function in that way) but most won't and so it is left to us to safeguard them from themselves as well as others as much as possible. That's all it's about - it's not disdain for the person as a human, just a recognition of their skillset and the expectation that we should realisticlly have for them.
ReaLemon is yummy
Make yourself a laptop with a deep freeze image. this way you can infect the system at will, reboot and it's clean.
Show the people using your system just how badly a zero-day exploit can hose a system.
Reboot, show the next group. Rinse, repeat.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Joe User: Passwords do vex me - lets kill them now!
IS Dept: But that will mean anyone could copy our data.
Joe User: So? I could get my job done.
IS Dept: Even our most hated competitors would know everything/
Joe User: So? I could get my job done.
IS Dept: ???
Or,
Joe: "This new security protocol makes it impossible for me to do my job!"
IT Guy: "So? That makes the system more secure."
Joe: "Who can I talk to to modify some of the problems here? I need a workaround so I can do my job."
IT Guy: "Send it to /dev/null. We don't listen to lusers."
Joe: "But you've made it so I can't do my job!"
IT Guy: "Not my problem. Go away, luser."
The whole bloody mess is mis-engineered... The secure settings in IE are a bear to browse with, and are still vulnerable to some zero day exploits. Windows itself is a mess, how many areas are there to check for programs that load at boot?
the legacy dos files...
the run and run-once lines in the registry (all of them)
runservices
load
userinit
the startup menu
the startup menu for the user
lots of the code doesnt work unless it gets full rein to jack your system. Turn on the windows based security and programs like xfire throw a fit as they are constantly requesting to break security for legit reasons.. The security breaks usability and the idiots want to be able to just see the video from a friend without all this hassle of loading flash. Or download a file without a freak-out.
While you can limit what sites you visit. mistype google or microsoft, and theres no telling what your pc will contract.
...that of a pissed off sysadmin charging down the corridor wielding a sizable rubber mallet.
http://www.virtualforge.de/vmovie.php
the XSS and CSRF videos are very good visualizations for the common user using simple examples.
Blessed are the pessimists, for they have made backups.
Deny internet access to repeat offenders. They soon get the message that way.
Excellent question but, unfortunately, it hit the main /. page on a Saturday. Let's just say that the percentage of readers who are IT professionals drops off significantly over the weekend. Go figure.
Most of your responses so far are along the lines of, "You NAZI! Leave your users alone and let the one's who don't learn get what they deserve." Obviously, not the response of an IT type who has to deal with regulatory requirements and wants to keep his job. You might try the same question again but on a weekday on a computer and network security related site.
Good luck with your search.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
Hi, I'm Troy McClure. You may remember me from such IT security videos as "Microsoft Explorer: Ubiquitous but Unsecure" or "Passwords: The Road to Ruin".
Just because you are paranoid does not mean that no-one is out to get you.
A demostration of the "Customer Appreciation Bat" works wonders.
Although since it's a corporate institution, the "Security Empowerment Bat" might be more effective.
In Soviet Russia, Trojan exploits YOU!
A simple solution: redirect known dangerous sites to "n i m p . o r g" (with spaces on purpose - if you delete them and go there, you'll know why, but DON'T). I guarantee that the first time they click on a bad link will be their last...
I suggest you emphasize the possibilities of what the Chinese government hackers, Russian mafia, and US Customs & Border Patrol will do to them if they don't practice proper security procedures. A scene from "Deliverance" that will get the point across. You know what I'm talking about.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
such as not clicking links in the occasional spam email which passes through filters
Here's a good example of why people shouldn't click random links. http://www.youtube.com/watch?v=Yu_moia-oVI
Sunbelt Security had a video posted of what occurs when you got hit by the old WMF bug awhile back. You could see software being installed, icons appearing on the desktop, and the desktop background being modified as this thing went to town and began popping fake AV warnings. It was one of THE most extreme and informative examples I can think of for this.
Here's a copy of it I found on Youtube. A search for "WMF exploit" on YouTube will get you plenty of hits :-)
http://www.youtube.com/watch?v=WTBcDJ9kJH4
IMO, I think this answers your question!
Build it, Drive it, Improve it! Hybridz.org
The director stood up
You found the holy grail of successful IT endeavors, (including educating end users) - executive buy-in and support. I know at least a dozen companies in which the executives pay lip service to lots of things, such as IT security, but don't actually actively support them. As a result, nothing really gets done in those areas.
Show me a company that hires good IT folks, makes them feel valued, and supports them, and you will find a company with a rock solid IT infrastructure.
I prefer rogues to imbeciles because they sometimes take a rest.
I teach computer classes to seniors and other people who have (usually) never turned one on before. When I cover the security section, I try to use analogies to help them understand the threat level and some ways to avoid most of it.
For virus protection, I equate it to a body guard - If you're in a small town, or walking around downtown, you're fine, and the body guard probably won't even be needed. If something did come up, you'd be fine since it would probably be a mugger or a rabid dog, and the body guard would be able to take care of that. Now, if you start wandering around in a mine field, or in the middle of a battle (analogous to visiting warez sites or downloading and running a file someone you didn't know sent you, etc.) no amount of body guards will keep you from dying.
This has really helped impress in my student's minds that it's really still up to them to not do anything stupid, and their anti-virus can't always keep them safe - especially if they are doing something dangerous on purpose.
I'm not a bird, I'm a super-advanced flying stealth dinosaur!
How about "Napster Baaaaad"?
-- You are in a maze of little, twisty passages, all different... --
A reminder/warning that user should click on to make it go away?
How much time do you suppose would pass before:
a) users completely ignore it, madly clicking [ OK ] without even looking at the text?
b) it is spoofed and/or copied by malware sites, cartoon spy and all?
Answer should be calculated in minutes and seconds, but feel free to use larger time units like hours and days.
Mit der Dummheit kämpfen Götter selbst vergebens
So it just sort of happens all on its own?
Nerd rage is the funniest rage.
why not block access to anything non-approved?
More accurately, only allow specific site.
Yes some people will get around it, but most people capable enough to get around aren't high risk. How many people who know how to tunnel would also download smileys?
The Kruger Dunning explains most post on
Maybe create some internal XSS that resides on your corporate proxy server. So when someone runs (say) a Facebook app, your XSS runs some Javascript off of an internal server that does something moderately annoying like continual pop-ups. Then if they click on one of the popups, disable their external web access completely.
We are the 198 proof..
I say we just stick our foot up your arse.
Terry Tate, IT security Linebacker. "Woo-woo!"
Okay, I'll bite. Do facebook and myspace fall in the unsafe category, or are they just inappropriate? Obviously you don't want employees spending all their time at their desks screwing around with facebook, because you want them to be doing useful work. But if there's some actual security vulnerability that is opened up when a user simply goes to a web page with a certain flash or javascript app on it, then that sounds to me more like a problem with the browser you've chosen or the way you've chosen to configure it.
One of the thing that makes me tune out IT's messages at my workplace is that their pronouncements often don't demonstrate an appropriate sense of proportion. For example, they were trying to get a rule instituted that would make it a firing offense to do a variety of things with your computer -- one of which was plugging in a flash drive. (No, I don't work at the CIA. I work at a community college.) If you tell people that their computer can get a virus if they do any of a long list of things, then probably (a) they're not going to believe you, or (b) they're going to decide the list is so long that it's not practical to comply with it. It's like telling kids that beer, marijuana, and heroin are all in the same category. Once they find out you lied about marijuana, they'll just go ahead and try heroin as well.
Find free books.
If you need to map it visually try doing it by something they understand and feel could affect them. Most people these day's are using a lot of services. Most of these services allow the password to be changed and sent to the users email address. Generally people will use the same password for all services, meaning that any one of them is broken into, and all of them can be accessed. Usually the email address will also tell you a lot of the services if uncertain. Drawing this out in a logical way explains to users why they should use separate passwords for different services, and why they should use separate passwords for work and personal services. Taking this further you can explain that a lot of trojans can steal their password making access even easier for an attacker might make them feel they have something personal to lose. Explaining how their machine could be part of a botnet might not...
A normal brown-box Fedex-like package. When they open it, a balloon bursts and glitter goes everywhere.
Maybe they'll learn not to open random packages when it means maybe cleaning glitter for six days.
People respond to their actual incentives, not what you pretend the incentives are.
If people were held personally liable for damages caused by security breaches that they enabled, they would get smarter about security.
I'm not arguing that they should be held liable, just that it's going to be hard to make them care when they aren't.
This game will waste your life. Don't clicky!
Send some "test" links yourself. When you manage to break into the user's machine, e-mail the user his own confidential document, password, etc. Then tell him _how_ he exposed himself and that you _could_ have been the bad guy.
I learned how to use chmod properly this way a LONG time ago -- the teaching method was highly effective... :)
(You will, of course, get the careless users ticked off -- so make sure you have management approval for this. But seeing _proof_ of what _will_ happen will get the message across for good).
No sensible person or company puts those things in an email any more, anyway. If you need to go do something with your account at your bank, the email just says, "Please go to your account and check your status." Anything further is probably spam, mal-something, or straight-up clueless.
I've fallen off your lawn, and I can't get up.
It sounds like you want to send an email to all your co-workers with a link to something cool online. The cool link will then teach them not to click on links in emails containing suposedly cool things. Your delivery mechanism is exactly that which you wish your users to avoid. I'm starting to come around to the school of thought stating there will never be enough motivation for corporate users to learn this stuff, so it is futile to try.
My post was in reply to "lets let the users decide how much security they want" my point was that the users would probably opt for "none". A properly designed security policy will protect the assets and let Joe do his job.
1. "If someone can do something wrong, someone will."
There's no way to circumvent this. Ever. Period. You have to accept, that humans make errors. But it's ok if they learn from it.
The problem is:
2. "To get people to learn from something, they have to have an interest in it."
So if it does not hurt them, and does not give them a advantage, then why should they learn anything? Humans are all about efficiency. In fact all competing life-forms ever, are. In all of the universe.
So what do you do? You follow basic rules of creating a motivating gradient. By offering advantages for those who learn, and disadvantages for those who don't.
Here, remember, that positive gradients (relative to the person's state) are always better, than negative ones (like punishment).
So I recommend this: At the next raise of salaries, raise them a bit less. But offer the remaining part as a bonus for those who can prove their security-awareness.
The amount is pretty easy to choose: It's the amount that you'd lose (e.g. the money to recover from loss or destruction), multiplied by the factor of likeliness (e.g. one in a million = 0.000001), divided by the number of people in the company (optional, depending on your p.o.v.).
You could check their security-awareness, by testing them every year on a random day. Like a fire drill. But with a security drill. (Without announcing anything. Without any alarm going off.)
And by filling out a question form at the end of the day (one that takes a negligible amount of time, and is also there, to refresh the knowledge. One more reason to make it a random day [= better learning])
You can bet your mother on the fact that they will be much better at caring for security! ^^
Only remember, to make all those drills, bonuses and tests proportional to the actual real amount of damage. Don't be surprised, if it then will be less than you thought.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
A while back a slashdot comment had a link to security cartoon. The cartoons are cute and pretty thorough, though the may be a bit simple and are somewhat outdated. It's visual and pretty straightforward.
open source modern art: laser taggi
Yes, they do, on a mass scale. When applied "properly" to things like smut, terrorism, gay marriage, etc, the "Reefer Madness" tactic works very well. In fact it's still working on the drug situation also. Otherwise prohibition would have been abolished a long time ago. Do not underestimate the power of "madness".
I was just going to mod you up, but this requires an actual, verbal (textual?) daps.
It's sad what mass media does to the general public's capacity for rational thought.
You did manage to save them a bunch of money, though. Now that your users aren't fucking up their machines any more, there's little reason to keep paying you to do nothing. Cost of your services, and all that.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Call a meeting. Get an old box running the company standard stuff. Tell them its no different from their box and that if it were connected to the company network it could infect everyone EVEN THEIR BOSS. Then DISCONNECT IT FROM ANY NETWORK ACCESS. And infect it with a virus that torches the drive. Not many people have actually seen a virus turn a perfectly good machine into a basket case.
Every rule has more than one consequence.
Usually, when something "bad" happens, you get to see the result. You lose your wallet, you can't pay next time you have to. Someone breaks into your house, everything's turned upside down. With malware, there just ain't anything to see.
To make things worse, people have been told by Hollywood that there is something to see. Computer screens "melting" or outright explosions (those dreaded 220kV lines in those flatscreens ... you know...), or at least some nifty CGI (honestly, every time someone searches fingerprints on CSI .... I'd have broken the programmer's fingers if he really showed a ton of "wrong" fingerprints while searching and wasting a lot of time for pointless eye candy... but I ramble). But there just is nothing to see. Why? Because that's the whole point of infecting someone: To have a spy in his computer without the person knowing it. You double click the infector and you don't see anything. Maybe, if you're using a slow maching, you get the "busy" mouse icon for a split second.
My solution usually is to show them what happens behind the scenes. First of all, it's interesting because it's kinda-sorta-maybe illegal, since you're doing what the bad boys are doing (with the difference that you're not really infecting anything but your own presentation machines). And they get to see what they usually don't get to see. It's not even a problem that it's way over their head because nmap output looks impressive, even if you don't get a thing. But even a monitoring proxy output is usually enough (you just have to point to the information that you want to stress). Set up Alice, Bob and Dave and give them a show of "what if you're infected".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Well, you might have two problems, not just one. Is all the bad security coming from the lower level users, or does it extend as far as the boardroom? (I bet it is both).
So, this solution doesn't even need to be visual perhaps, here is one scenario that might work. You send around an email with all the security rules they have already agreed to. Now, the new company policy, anyone screws up, and it can be traced back to them, whatever it costs to fix the problem..well..hope they have not only a good but a great team of lawyers, because they will be sued for the cost$.
In this economy, that will sink it. There's no reason for any company to eat the damages when an employee violates what they know are the security rules. And stick to it, take 'em to court, estimate the damages, show the proof you have, if someone screws up deliberately after that memo goes around.
So you just tell them, it is up to them as "responsible adults" whether or not they think they have enough savings to risk to justify clicking on any random thing or surfing to places outside of work related sites, or sticking their USB device into the secure internal network, or anything like that at all that violates the rules they agreed to when they got hired.
If this is a recurrent problem, you and your company just aren't being professional enough, and like I said, in this economy, I don't think you'll need to look very far for replacement employees either, even the alleged prima donnas. Thousands of replacement prima donnas are out there right now cashing unemployment checks. In other words, there are no special little snowflakes anymore.
If they need a refresher on what the security rules are, add that in to the company wide memo. As an added incentive, in the case this is a publicly traded corporation, any shareholder or group of shareholders can also "suggest" as a friendly little reminder that this applies all the way to top management as well, just specify "all employees,inclusive", or an additional lawsuit might be in the offing, and that attached letter can be signed by the outside shareholders attorneys as well.
I see people here say they can't rock the boat upstream, and that is BS in most cases, you approach recalcitrant and stupid and dangerous bosses from a shareholder and lawyer perspective if they are the ones who are the most guilty of destroying corporate security. Remember, they work for the shareholders and are accountable for their actions, especially if they are risking the company's profits, market share, customer relations because perhaps THEIR data gets compromised, and PR image and exposing them to outside lawsuits for bad practices.
Outside law firms are not the least bit afraid of any CEO and if it looks like they have a slamdunk, if YOU have done your security professional homework and have the proof of high level malfeasance like deliberately violating security best practices that are written down, over and over again, they will take the case most likely. They love that stuff. There are numerous law firms that specialize in such cases, get details from them of course, IANAL, etc, but whistleblowers and especially whistleblowers who are also shareholders have some pretty decent rights today in most places, even in "right to work-at will" areas where you risk getting fired for just being honest and doing your job. So what, if they say they have a slamdunk, you might come out of it with a lot of cash anyway, especially if fired.
In other words, you don't have to put up with childish stupidity downstream, nor do you have to take illegal and stupid shit from upstream, as long as you approach this logically and look at the laws first. Security is a real concern nowadays, it is no longer a joke subject or something to trivialize.
Send out a fake spam email. Anyone who clicks on the link gets a security warning letter and a "You are subject to termination for clicking on the link in an email. Contact HR immediately"
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Have you posted this over at mozilla.com?
Bug 267888.
WZZ
Owen aion gold
metin2 yang will be
wow gold cheap
aion gold possible
world of warcraft gold to
aion4gold return to
cheap aion gold the national
team Aion Kina
Owen aion gold
metin2 yang will be
wow gold cheap
aion gold possible
world of warcraft gold to
aion4gold return to
cheap aion gold the national
team Aion Kina
Owen aion gold
metin2 yang will be
wow gold cheap
aion gold possible
world of warcraft gold to
aion4gold return to
cheap aion gold the national
team Aion Kina
FTC has site on Phishing that may help. We have been getting the Outlook update link in an fake email here for a while, have had to send many reminders that we will not send links to people for updates on their computer since we manage patches and updates automatically. http://www.ftc.gov/bcp/menus/consumer/tech/privacy.shtm
(1)We accept paypal.
(2)We supply all brand shoes, clothing, fashion
accessory and electronic products. Sneakers, tshirts,
jeans, hats, mobile,MP4
(3)Shipping time: 5-7 working days.
Size : 7 7 1/2 7 1/4 7 3/8 7 5/8
Assortment :
Payment : T/T, PAYPAL, Money Gram
Shipment : EMS,DHL,UPS,SODEX,FED. Which carrier
we used just depends on customer? order quantity.
OUR WEBSITE:
YAHOO:shoppertrade@yahoo.com.cn
MSN:shoppertrade@hotmail.com
HTTP://www.tntshoes.com
You idiot proof problem user's computers. If you're using Active Directory reduce their privileges, if you're not, give them only limited accounts - only you will have the admin password to their computers (if that isn't already the case) then Install firefox, adblock plus with malware filters and high security settings, and disable IE. If you need IE for certain websites, whitelist those sites, then don't allow any cookies, scripting, or anything else from internet zone in IE. User's can't click stupid executables if they don't have permission to run executable files. If none of that works give them a computer with Linux on it, but only you have the root password; show them how to use thunderbird, firefox, and openoffice, and only other things they need for work.
Just show a few screenshots of limewire using the search terms "password" or "credit card".
That should scare the sh*t out of anybody...
sorry - no time to create your account so I'll post as a coward.
http://www.tntshoes.com