OT: CryptoWall Alert

[Fairlight]

On Wed, Oct 01, 2014 at 06:55:01PM +0000, Richard Kreiss thus spoke:
> I have one client who avoids this issue; no one has access to the
> internet or get emails or can browse the web.  However, one computer
> links directly to the UPS web-site, and one other person has access to a
> limited number of web-sites.  The one other employee who had access aa
> few years back was fired for downloading games for her son to play when
> he visited her.  She had been forewarned that this would happen if she
> downloaded anything.  No virus infections but she was still fired.
>
> This should happen at more companies when employees spent time browsing
> the web or shopping on line rather than working.  This would have to be
> applied from the top down.

I've seen that backfire.  When my wife was with the state DoT, they fell
victim to a virus from some illicitly installed software.  The instituted a
zero-tolerance policy against it.  Install -anything- not on the "approved"
list, and you were subject to immediate termination.

A month or few later, they upgraded to the latest version of a traffic
modeling software package, and my wife, having picked up a few things
from me, actually was the -only- person to scan the officially sanctioned
floppies from the vendor -before- installing.  They were infected.  She was
the -only- one who noticed.

Even officially trusted channels cannot be flatly trusted.  If someone
says, "Trusted system," to me, I already know they're out of touch with
reality.

mark->
-- 
Audio panton, cogito singularis.