SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story from Bruce Schneier's blog:
Every few years, a researcher replicates a security study by littering USB sticks around an organization's grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get to demonstrate their security expertise and use the results as "teachable moments" for others. "If only everyone was more security aware and had more security training," they say, "the Internet would be a much safer place."
Enough of that. The problem isn't the users: it's that we've designed our computer systems' security so badly that we demand the user do all of these counterintuitive things. Why can't users choose easy-to-remember passwords? Why can't they click on links in emails with wild abandon? Why can't they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem?
Traditionally, we've thought about security and usability as a trade-off: a more secure system is less functional and more annoying, and a more capable, flexible, and powerful system is less secure. This "either/or" thinking results in systems that are neither usable nor secure.
[...] We must stop trying to fix the user to achieve security. We'll never get there, and research toward those goals just obscures the real problems. Usable security does not mean "getting people to do what we want." It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users' security goals without -- as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it -- "stress of mind, or knowledge of a long series of rules."
[...] "Blame the victim" thinking is older than the Internet, of course. But that doesn't make it right. We owe it to our users to make the Information Age a safe place for everyone -- not just those with "security awareness."
(Score: 2) by tangomargarine on Tuesday October 04 2016, @02:12PM
Protip: Windows hasn't had autorun since it was patched out of Windows XP.
The way they infect the system, which just FYI works just as well on Linux and MacOS
Large citation needed. The couple times you've actually given me a link to stuff like this before, you've turned out to be full of shit, too.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by Hairyfeet on Thursday October 06 2016, @03:32AM
Want me to wallpaper the page with Linux malware links? I don't think the mods here would like me very much if I did that, but I will be more than happy to show that major exploits are adding Linux support [zdnet.com] because hey guess what kernel Android runs on? You know, that OS that now has passed the number of Windows laptops infected per year as of 2014 [bgr.com] and which now accounts for more than 56% of infections on mobile networks [wirelessdesignmag.com] and beats Windows by a country mile in that category? Yeah I hate to break the news to ya Sparky but its Linux.
Which just FYI proves what I've been saying for over a decade, that Linux much vaunted "security", which just FYI is 15 years behind with R/W/X compared to the much finer grained ACLs, is nothing but security by obscurity and once someone actually popular used Linux it would get pwned. But hey, all those malware ridden systems are running a Linux kernel right? If that isn't worth a Linux party! [ytmnd.com] then nothing is, right?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by tangomargarine on Thursday October 06 2016, @02:11PM
In other news, computers in general suck. Welcome to Sturgeon's Law.
zdnet>
However, the Linux malware is based on an old and publicly available proof-of-concept backdoor known as 'cd00r.c', developed by hackers at phenoelit.org to solve the visibility 'problem' of standard backdoors.
Half points on that one. Admittedly apparently the problem still hasn't been fixed.
bgr>
The company says the malware infection rate is at 0.68% for mobile devices, which comes to around 16 million devices worldwide. Downplaying malware infections at its annual Google I/O developers even last year, Google hinted that just 0.5% of total active Android devices might have a malware problem, a percentage that amounted to about 5 million gadgets, according to Google’s own stats at the time.
So it's still a miniscule fraction of the devices out there. What percentage of Windows PCs are infected with something?
The report says that in the second half of 2014 alone, there were as many Android devices infected with malware as Windows laptops.
Notice the quote is laptops only.
wirelessdesignmag>
Nokia Security Center Berlin, powered by Nokia Threat Intelligence Lab, today released research findings showing that in the mobile networks, smartphones pulled ahead of Windows-based computers and laptops, now accounting for 60% of the malware activity observed in the mobile space.
I'm a little curious what exactly they mean by "mobile" in this context. Smartphones, tablets, iTouches, and laptops?
Due to a decrease in adware activity, the overall infection rate in mobile networks declined from 0.75% to 0.49% on Windows-based PCs connected to the Internet via a mobile network
I've been connected to the Internet via a WiFi dongle on my desktop before. Does that count as "mobile"? If laptops count, can they really be referring to cell networks?
In the same time period, smartphone infection rates increased and now account for 60% of infections detected in the mobile networks.
Android continues to be the main mobile platform targeted
For the first time since the report began, iOS-based malware – including XcodeGhost and FlexiSpy – is on the top 20 list. In October 2015 alone, iPhone malware represented 6% of total infections.
So iOS infections are included in that 60%. Sorry to disrupt your Linux-hate hardon there, Skippy.
I guess your links aren't quite as badly full of bullshit as usual. Congrats I guess.
And I know you know that Windows security is more or less just as bad, so you just like bitching about Linux. Can't stand to see people enthusiastic about something I guess.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by tangomargarine on Thursday October 06 2016, @02:13PM
Also, from your previous comment, you seem to be implying that autorun infections "work just as well on Linux and MacOS," which you didn't cover in this reply.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"