 |
 |
You seem to be implying (and I may be reading this wrong) that it is difficult to lure users to do something silly, and that our users are smarter than the average bear. I'm not sure either of these are true. I have seen many well-crafted spear phishing attacks targeted at University users, and we have had to deal with fallout of at least successful attempt. Of course, that's anecdotal. I don't think there's a way to answer your question without performing a study of our user base, which is unlikely. Then again, maybe some of the spear phishing attempts we've all seen were secretly pen-tests in progress :) -Tony -----Original Message----- From: David McFarlane [mailto:[log in to unmask]] Sent: Tuesday, February 05, 2013 5:30 PM To: [log in to unmask] Subject: Re: [MSUNAG] JRE 6 Extended Support At 2/5/2013 04:02 PM Tuesday, Cooke, Tony wrote: >Since the University recommends/requires out of date/unsupported >software, which has known vulnerabilities, are we not being required >to put ourselves at risk? If so, is it an acceptable risk? My question exactly. Just how dangerous is this JRE to our users? Doesn't one have to be lured to a malicious website to trigger this sort of attack? How likely are our users to do this? -- dkm