Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday October 03 2016, @07:29PM   Printer-friendly
from the inherently-broken dept.

Arthur T Knackerbracket has found the following story from Bruce Schneier's blog:

Every few years, a researcher replicates a security study by littering USB sticks around an organization's grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get to demonstrate their security expertise and use the results as "teachable moments" for others. "If only everyone was more security aware and had more security training," they say, "the Internet would be a much safer place."

Enough of that. The problem isn't the users: it's that we've designed our computer systems' security so badly that we demand the user do all of these counterintuitive things. Why can't users choose easy-to-remember passwords? Why can't they click on links in emails with wild abandon? Why can't they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem?

Traditionally, we've thought about security and usability as a trade-off: a more secure system is less functional and more annoying, and a more capable, flexible, and powerful system is less secure. This "either/or" thinking results in systems that are neither usable nor secure.

[...] We must stop trying to fix the user to achieve security. We'll never get there, and research toward those goals just obscures the real problems. Usable security does not mean "getting people to do what we want." It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users' security goals without­ -- as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it­ -- "stress of mind, or knowledge of a long series of rules."

[...] "Blame the victim" thinking is older than the Internet, of course. But that doesn't make it right. We owe it to our users to make the Information Age a safe place for everyone -- ­not just those with "security awareness."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by The Mighty Buzzard on Tuesday October 04 2016, @12:02AM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday October 04 2016, @12:02AM (#409742) Homepage Journal

    Good luck with that post-scarcity thing. I keep hearing it but I highly doubt it will ever materialize. Human ingenuity will always be a scarce commodity.

    --
    My rights don't end where your fear begins.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Zz9zZ on Tuesday October 04 2016, @12:21AM

    by Zz9zZ (1348) on Tuesday October 04 2016, @12:21AM (#409750)

    We are already in a post scarcity world for most countries, or could be if we made decisions along that vein. However, greed has kept us locked into a class system. The people at the top don't want anything to change, and the people that want to BE at the top don't want it to change either. They dream of being the king.

    Energy is the last big hurdle, and if we had actually invested in solar and other renewables a long time ago we would be done with that problem too. But again, the oil barons wanted to keep their empire rolling... Your last sentence is actually quite the kicker, in the post scarcity world human ingenuity will be much more available (fewer people ticking boxes and sleeping through meetings) and also more valuable.

    Its not a simple change, but I think its one worth striving for instead of going round and round the already sold out Monopoly board.

    --
    ~Tilting at windmills~
    • (Score: 2) by The Mighty Buzzard on Tuesday October 04 2016, @12:41AM

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday October 04 2016, @12:41AM (#409756) Homepage Journal

      Nah, as long as human ingenuity is valuable there will be no post-scarcity world. Nothing will change. Since the first currency was invented, it was never about the resources and always about human ingenuity.

      --
      My rights don't end where your fear begins.
    • (Score: 2) by Scruffy Beard 2 on Tuesday October 04 2016, @01:22AM

      by Scruffy Beard 2 (6030) on Tuesday October 04 2016, @01:22AM (#409763)

      Solar and renewables are chump change compared to nuclear power.

      It just sucks that our current nuke plants use so little of their fuel. (If 95% of the fuel was used up, there would be no waste problem).