[Dshield] Phish the Feds

Kevin Shaw kevin.lee.shaw at gmail.com
Fri Jun 24 18:48:44 GMT 2005


Having worked as a contractor at a couple of Federal agencies; my
biggest observation was a serious lack of **qualified** Federal
employees.  When you have 1-year-out-of-internship and 1-week-of-SANS
class FTEs managing the security; particularly managing the
contractors, you are setting yourself up for failure.  It doesn't
matter how competent the Federal employee may be (and personally; my
observation is NONE of them were where I worked) in other areas if
they don't have any security experience.  It doesn't even matter how
competent your contractors are if they are busy compensating for lack
in other areas.

On 6/23/05, David Cary Hart <DShield at tqmcube.com> wrote:
> http://www.spamroll.com/blogarch/2005/06/phish_the_feds_1.php
> 
> "The US Government is far away from getting its act together regarding
> network security. Some branches of government have been making some
> choices regarding battening down the hatches, but the general consensus
> is that federal agencies have no clue as to how to stop computer
> security threats.
> 
> Now, from the same GAO report that found agencies woefully unprepared,
> we find that a lot of government workers are falling victim to phishing
> exploits. Furthermore, a big part of the solution needs to revolve
> around reporting threats internally, and government workers fail in that
> regard as well.
> 
> If I was still getting beaten up by Nigerian 419 scams, I'd be too
> embarrassed to report it too!"
> --
>       * Eliminate Spam:         http://www.TQMcube.com/spam_trap.htm
>       * RBLDNSD HowTo:          http://www.TQMcube.com/rbldnsd.htm
>       * Multi-RBL Check:        http://www.TQMcube.com/rblcheck.htm
> 
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>



More information about the list mailing list