Apparently, though unproven, at 00:15 on Friday 04 February 2011, walt did
> On 02/02/2011 09:15 PM, Alan McKinnon wrote:
> > Apparently, though unproven, at 00:00 on Thursday 03 February 2011, walt
> > did
> > opine thusly:
> >> As much as I like the convenience of automounting as a luser, all of
> >> my bofh instincts cry out that lusers shouldn't be allowed to
> > mount a filesystem!
> >> This is one of those Windows/convenience versus unix/security things,
> >> I think, but I'm just an amateur bofh.
> >> What do you professional bofhs think?
> > Depends on what the machine is used for.
> > For a multiuser box, you probably want user to not shutdown/reboot,
> Yes, even I thought of that. As an amateur, though, I have no idea how
> many multi-user machines still exist.
I have more than 120 of them....
> When I was a lad, the campus computer(s) still ran batch jobs submitted on
> punch cards. We had to wait for hours or even the next day to discover a
> stupid typo.
Piffle. We used *paper tape* :-)
> Actually, the profs didn't use punchcards, just us peons. The profs had
> dumb terminals so they could log in to the central server -- and sit for
> as long as five minutes to discover if the server had crashed, or was
> just busy serving the needs of the department chairman's secretary.
> Over the years, the frustrations have merely morphed, not vanished
> > be able to mount removeable media...
> That was really what I was asking. I hear horror stories about employees
> plugging usb thumb drives into corporate workstations to steal files, or
> maybe infecting the whole network with malware from a "lost" thumb drive
> found at a bus stop or a car park.
Here's a funny story. It's true, and it's sad, but also macabrely funny.
A penetration testing firm that I know well was commissioned to test the
external security of a certain enterprise that was obliged to comply with
stiff legal requirements. This firm does our pentesting too, and they are
pretty thorough. If you ask them to throw the book at something for testing,
and pay them enough, they will gladly oblige, and not care too much if this
Try as they might, they could not get past this enterprise's border firewalls.
Nothing showed up as a weakness. They tried and tried and tried and tried ....
Until one day one of their bright spark techies had a brilliant idea. They
hired a bunch of pretty girls wearing tight skimpy "New! Improved! Check Our
Promotion!" outfits to stand outside the front door handing out free
Yes, you guessed it. Within the hour the perimeter firewalls had more holes
than a Swiss cheese. Somebody paid dearly for that.
alan dot mckinnon at gmail dot com