April 7th, 2004, 12:50 AM
Testing the depth of user stupidity
Was just thinking - am sure most people in charge of security for any size of network have warned the networks users not to download any attachment they were not expecting or that they havn't checked with the sender to ensure they did indeed send the attachment.
But how many people can be sure that their users are following these guidelines?
I have also warned people at work about the ways in which some virus writers will try and trick users into running attachments.....spoofing the from address (maybe something like firstname.lastname@example.org) so that they think it is from a trusted source.
Well I have decided to put it to the test
Have just constructed a small package to email out tomorrow - it contains an installation file which simply copies a .bat file to the HD runs it and then pops up a message saying "Your Tech dept is currently testing users security awareness. You have failed! This could have been a virus"
the .bat file is set to send a net send msg to the IT computer - lets see how many wee pop-up boxes I get tomorrow
April 7th, 2004, 12:59 AM
I would like a copy of this file. Was it done in C++ or is it just some script you attached to a txt file? anyways if you could show the code on this site I would apperciate it. thanks Ghost_25inf
April 7th, 2004, 01:05 AM
is not coded is just a simple .bat file placed inside a custom instal package made in paquet builder.
April 7th, 2004, 01:25 AM
Hah I am curious how this will turn out.
April 7th, 2004, 02:21 AM
Yeah you gotta defiantly post the updates to this little experiment..
Seems like a brilliant idea Val, but how are you configuring it so that it sends you an email saying whether someone passed or failed?
It sorta sounds some what like how a keylogger would work, but it's not..
April 7th, 2004, 02:37 AM
Hey Val I would like to see the results of your experiment. But we already know what you are going to find out. Trust me, it's worse then you are going to guess.
End Users will often just open things not really caring what they are or who they are from. I swear if I had a nickle for everytime someone at my job did, I would have enought nickles to buy a keyboard that sends an electrical shock to the person that opens just anyfile.
Let me see your results I am going to have to look this over.
April 7th, 2004, 12:07 PM
Good Idea! Although I shudder at the thought of the sheer amount of pop-up boxes you are going to receive. I look forward to seeing the results.
The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!
April 7th, 2004, 12:25 PM
User stupidity, don't even get me started on this one.........
If your company is large enough then there will always be a small percentage that's just so incredibly stupid, you just can't believe some of the things they do or try.
luser: "I have a problem with my computer"
me: "Ah. Ok. Are you sitting behind it?"
luser: "Yes. I am"
me: "Ok. What do you see?"
luser: "Lots of cables..."
somenewguy: "Is this network operations?"
me: "Yes, it is."
somenewguy: "My boss wanted to get something and the guys downstairs said I should ask here"
me: "Well, what do you need?"
somenewguy: "My boss told me to get a box of landscape paper."
This is also the reason why we have huge content-scanners and a really strict policy. This means nobody is allowed to download and/or email any "dangerous" files.
Experience is something you don't get until just after you need it.
April 7th, 2004, 02:12 PM
To parody an old adage: A user can only be as stupid as the admin lets them.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
April 7th, 2004, 03:19 PM
I would love to see the results of your experiment. I reckon that for every 20 users you will get at least 25 popups as some users will open it twice just to make sure they understood.
Hate to say chsh but that is not always true. example :
To parody an old adage: A user can only be as stupid as the admin lets them
my direct line rings.
Hello this is Mr. XXX (director of the acconting departement). I have been told by the head accountant in our fraud section that there is a bad smell of something burning coming from one of our printers .
Ok I said I would go and look rather than send one of my techs.
I took the stairs armed with a pliers to pull the half melted transparency from the laser printer. The week before we had someone on the same floor wipe out five laser printers with transparencys he brought from home. The first printer melted the transparency so he tried the second printer.That one melted it also but it seem be almost printed so he tried the third printer. He then decided the first three must have been too small so he went for our 2 group printers.
anyway got to the office where the printer was and there was in effect a heavy oily smell but no smoke. All the accountants were waiting outside at the coffe machine just in case. Called in the head accountant and explained that to solve the problem all he had to do was keep the windows shut while the workmen were resurfacing the road in front of our building. Tarmac stinks while it is still hot.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"