|
|
|
|
|
|
by NegativeK
651 days ago
|
|
|
I hear this advice from other infosec people constantly, and it's starting to grate. In one breath we tell users "attackers are professionals who are doing this eight hours a day; they're probably going to trick you", and in another we're trying to get users -- who are busy doing their jobs -- to recognize the difference between an I or an l, or maybe go do a domain history lookup to see if businessandsons.com is some new knockoff of businessllc.com, or maybe figure out how to parse whatever the email reputation filter mangled the domain into. I know perfect is the enemy of good and defense in depth and etc, etc, but this advice just seems crap. |
|
|