Hi all,

One thing that really surprises me these days is the amount of home users who still do not have a clue about security. They are still using WEP and are not formatting SD and other flash media correctly. This seem to make them very easy targets for being attacked.

Companies these days have the money to pay for security experts to come and test their security. But should security begin at home? Should home users have better access to security resources? If home user had better training would they not go to work more aware and think twice about writing password on post it note?

What do you think? Do you think the government should take steps to make home user more aware about security?

The majority of home users will have client side attacks affect them, ie phishing emails etc

My home computer security isn't as tight as I would like it to be, but it still alot better than most

Company's tend to have open ports in the DMZ for emails etc whereas the majority of home users do not

Sacraficing security to send/receive a few emails?

Well that my opinion, security definiately starts at home for sure, but like most its not a priority as they don't think they have anything on the PC worth anything even though they do online banking lol

I agree so far with the comments. And yes there are alot of resources online I think the main problem is understanding them. For example there are repair guides for cars online, does not mean I could repair my car.

I just think many home user are blind to the problems they could face when online or at home. And if they were more aware of the risk and had a way to mittigate that risk they would take advantage of it.

I mean I dont yet work in security so I may not know excatly the process a security expert takes. However I work in PC Technician and when customer come in with a Virus/Malware or they been social engineered over the phone by someone making out there from google or miscrosoft. When I take time to explain what happen, why it might of happen, and what could of happened they are really shocked.

We have an annual check of our IT systems by an external agency at work and one of the things that is always picked up is the number of people with weak passwords only minimally changed from the default password issued with a new account or p/w reset.

As people now start working at our place they get a brief on the do's and don'ts of the works IT which i've expanded to include a few 'good ideas' on PC and internet security, especially on the web.

Have plotted a few graphs for brute force attacks against different lenghts of passwords both simple and complex.  This usually shocks people when they see the figures, especially when I tell them that this is based off one PC doing the cracking and a good hacker could have several hundred bot pc's to assist in the task.

Show them a screen shot of an actual phishing web page I found one day and explained how the code behind it worked. I then ask the $1000 question...
'If I captured your username and password off this page, how many of the following websites could I log into?' 
I bring up a slide showing most of the popular sites that you need to log in to and point out that most of these list your e-mail address within your profile so that could potentially give me access to your mail account as a spam relay.

The brief does make some of them think about what they're doing and i've actually had a few people contact me a few days after the brief to clarify or expand on what i've said.