Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday October 03 2016, @07:29PM   Printer-friendly
from the inherently-broken dept.

Arthur T Knackerbracket has found the following story from Bruce Schneier's blog:

Every few years, a researcher replicates a security study by littering USB sticks around an organization's grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get to demonstrate their security expertise and use the results as "teachable moments" for others. "If only everyone was more security aware and had more security training," they say, "the Internet would be a much safer place."

Enough of that. The problem isn't the users: it's that we've designed our computer systems' security so badly that we demand the user do all of these counterintuitive things. Why can't users choose easy-to-remember passwords? Why can't they click on links in emails with wild abandon? Why can't they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem?

Traditionally, we've thought about security and usability as a trade-off: a more secure system is less functional and more annoying, and a more capable, flexible, and powerful system is less secure. This "either/or" thinking results in systems that are neither usable nor secure.

[...] We must stop trying to fix the user to achieve security. We'll never get there, and research toward those goals just obscures the real problems. Usable security does not mean "getting people to do what we want." It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users' security goals without­ -- as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it­ -- "stress of mind, or knowledge of a long series of rules."

[...] "Blame the victim" thinking is older than the Internet, of course. But that doesn't make it right. We owe it to our users to make the Information Age a safe place for everyone -- ­not just those with "security awareness."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by The Mighty Buzzard on Monday October 03 2016, @09:18PM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday October 03 2016, @09:18PM (#409663) Homepage Journal

    **hefts his LART and grins**

    --
    My rights don't end where your fear begins.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: -1, Troll) by Anonymous Coward on Monday October 03 2016, @09:26PM

    by Anonymous Coward on Monday October 03 2016, @09:26PM (#409667)

    Micro aggression alert. Stupid people have every right to use the internet to find low-paying jobs and connect with idiot friends and family members. Your elitist attitude has no place in modern society. Prepare to be exterminated in the name of social justice, you backward-thinking anachronism!

  • (Score: 2) by Zz9zZ on Monday October 03 2016, @09:47PM

    by Zz9zZ (1348) on Monday October 03 2016, @09:47PM (#409682)

    Offtopic: your sig is a bit homoerotic, I would expect it in a some stand-up comedy routine but as a sig it is really counterproductive and gives people all sorts of presumptions about TMB. Ya ya I'm sure you could care less what other people think, just FYI.

    --
    ~Tilting at windmills~
    • (Score: 0) by Anonymous Coward on Monday October 03 2016, @09:53PM

      by Anonymous Coward on Monday October 03 2016, @09:53PM (#409689)

      It's only homoerotic when you assume the reader is male. No, the offensive part is the assumption of only three candidates. Now get under my desk and Jill me off, intern.

      • (Score: 2) by Zz9zZ on Monday October 03 2016, @10:21PM

        by Zz9zZ (1348) on Monday October 03 2016, @10:21PM (#409706)

        Never mentioned offensive, but I did imply crude. The point was that if you want to promote a 3rd party choice you shouldn't use crude humor as it will have a larger percentage of negative reactions. I could be wrong given the demographics of this site, but pretty much anyone who laughs at your sig and knows what it is about probably already agrees with you on voting for Johnson. But hey, nice to see a plug for Stein, too bad its wrapped up in more middle school humor.

        --
        ~Tilting at windmills~
    • (Score: 2, Troll) by The Mighty Buzzard on Monday October 03 2016, @11:59PM

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday October 03 2016, @11:59PM (#409740) Homepage Journal

      That's okay, I'm not homophobic. I'm homo-don't-give-a-shit-ic. That's where you get to put whatever you want in your cavities and as long as you're not doing it on the street or coming up in my house I don't give a shit. This is differentiated from the SJW mentality by my utter lack of cheerleading, telling gay folks they're being oppressed, or trying to get them to hate straight, white men.

      --
      My rights don't end where your fear begins.