[kwlug-disc] OT: Hotmail/Yahoo account breakins

unsolicited unsolicited at swiz.ca
Sat Feb 16 19:16:42 EST 2013

It's hard to explain / get acceptance / effect with users. Especially 
for Paul given the extreme wide variety of users he faces. e.g. Homeless 
wandering into his computer lab for a few hours at a time, people buying 
windows machines from computer recycling, etc.

Very time consuming, and limited success.

Arguably, for those environments he can control, ip restrictions / 
packet inspection may be the most effective, but given his EASL 
environments, merely blocking Russia and China may not be acceptable.

Or auto-installation via scripts to his own organization's supplied 
computers logging in to his own domain - but very time consuming. Much 
like auto-updating windows / security updates.

And he is only one, or a very few, guys. I suspect Paul has the widest 
range of users, and user capabilities, of anyone I know. Offering both 
public and internal facilities, doing what he can for the former, and 
trying to protect the latter.

There are only so many hours in a day, and many claims on his time.

On 13-02-16 01:43 PM, Bob Jonkman wrote:
> Using the NoScript plugin to block Javascript, XSS and CSRF is probably
> *the* one most effective form of protection. I'm surprised (and
> dismayed) that you're not going to recommend NoScript.

More information about the kwlug-disc mailing list