[cap-talk] "The Thing from the Internet!" Humorous POLA Motivation

[Jed Donnelley]

On 9/17/2007 2:51 AM, Toby Murray wrote:
> I thought a few on this list might find the following poster amusing:
> http://itpo.iu.edu/media/04_Attachments_SMALL_black.jpg
> 
> "The Thing from the Internet: The Next File You Open Could Be Your Last"
> 
> It's a pretty humorous ad for POLA methinks.

I agree - though as usual some potentially relevant details
seem to get lost in the sound byte (e.g. the details of what
is meant by "open").

> Indiana University produced a series of these 50s horror movie themed
> "security awareness" posters sometime ago for something called National
> Cyber Security Awareness Month (does anyone in the US know whether this
> month of awareness worked? ;)

I had not previously heard of "National Cyber Security Awareness Month".
I asked our security team leader whether he had heard of it and
the answer was the same.  Of course different views will differ
(e.g. it apparently some press at U. of Indiana, perhaps because
of the proximity and name recognition of NCSA - the NCSAM was a
promotion of Microsoft with NCSA apparently:

http://www.microsoft.com/protect/promotions/us/cybersecuritymonth_us.mspx

), but from our perspective I think NCSAM has been a non event.

> Other posters and information are available here, including hi res
> images for printing etc.
> http://itpo.iu.edu/education/ncamkit.html

The one for Viruses and Worms:

http://itpo.iu.edu/media/02_Worms_SMALL_black.jpg

also seems somewhat applicable.

For each poster they list links to:

IU Poster
Blank English Poster
Blank Spanish Poster
Bookmarks
Postcards
Plasma Screens
KB Document

The last is a "Knowledge Base" document.  I find these
somewhat interesting since they provide the user guidance
that is presumably the main point of the posters.

I love how they describe recovering from something like
an AOL IM Trojan with something like:

In Windows, how do I safely rebuild my computer after a system-level compromise?
http://kb.iu.edu/data/anbp.html

where they say:

"To thoroughly clean and rebuild your computer, be sure
to take all of the following steps; failure to do so
can put the entire IU network at risk:"

and then they go on to describe roughly how to rebuild a
Windows system, including the 'simple':

"...back up your personal files to disk. The easiest way
to do this is to burn them to CD." - which they describe.

Sigh.  I don't what the experience is of others on this
list, but when I clone a Unix system (e.g. a RAID clone),
it takes me roughly 30-50 minutes (mostly repartitioning
disks for MD on Linux, rebuilding a gmirror mirror on
FreeBSD), plus the time needed to restore the system
specific file systems (for us restore from HPSS).  All
the software is open source (assumes no Crossover Office
or the like).  However, for me with Windows rebuilding
a system is generally a multi-day affair (mostly due
to dealing with the licensed software), and even after
the multiple days I seldom get back to my initial state
(though sometimes things improve slightly).

I spoke with our workstation folks at NERSC, and for a
'standard' Windows system with only software that is under
volume licenses, they can rebuild systems from disk
images.  Where does that leave home users?

It seems to me that as long as we still require home
users to rebuild their systems after something like
an AOL IM induced compromise, we still have to consider
ourselves in the hobbyist stage of IT evolution.  At this
stage, if you don't know how to look under the hood, you
are doomed.

> This is one of those images that could be a good ice breaker at the
> beginning of any POLA related talk perhaps. No idea what copyright
> restrictions might apply to the images though.

Makes sense to me.

--Jed