Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Surprise? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Surprise?

"The nice thing about being a pessimist," as the old saying goes, "is that every surprise is a good one."
In our industry, it's easy to be pessimistic for any one of a hundred reason that don't need listing here.  (Disclaimer - yes, I'm a pessimist) 

Whether your glass is half empty, half full, or as one friend recently told me, broken, what is it that surprised you so far this year?
Give us your comments on what surprised you and what you learned from it.  Just maybe you can save someone else (less pessimistic) from a painful surprise.

 

Christopher Carboni - Handler On Duty

Chris

140 Posts
I'm an engineer. That glass is twice as large as it needs to be. ;-)
Moriah

133 Posts
There are people who won't set root passwords if it doesn't specifically say to do so in the security plan.
No Love.

37 Posts
Some users (especially engineers) seem to think that they're smarter than people in IT and set up their own WiFi equipment in remote offices even though it's expressly forbidden in company policy.

That management won't punish users who compromise the security of the company by "doing their own thing" in violation of company policy... provided the user is an important enough person. Apparently some users really are above trivial things like "rules".
Brent

120 Posts
I'm jaded. The glass is half full, but it's the wrong damned half.

What surprised me this year was an Albanian being arrested at a nearby motel a couple of weeks ago. His kit consisted of a backpack with a solar cell on top, and a (cellular) netbook. He used dating sites to find / sucker in new mules in whatever region he was in. His "circuit" consisted of about six states and part of Canada. While mules and dating sites are nothing new, the risk of actually meeting to create confidence took me quite by surprise.
Steven

42 Posts
What has surprised me is the number of Federal agencies that are still getting the cheapest, most simple checkbox-check security assessment they can get, and may not even hire an actual security company to get it done.. more interested in having the right documents over protecting their systems.
Steven
5 Posts
I like turtles.
@Miss_Sudo

12 Posts

Sign Up for Free or Log In to start participating in the conversation!