On Tue, 2008-09-23 at 00:09 -0700, Jon Callas wrote:
A cheap USB camera would make a good source.
The cheaper the better, too. Pull a frame off,
hash it, and it's got entropy, even against a
white background. No lava lamp needed.
I sort of agree, but I feel cautious about recommending
Peter Gutmann wrote:
For existing apps with habituated users, so am I. So how about the following
strawman: Take an existing browser (say Firefox), brand it as some special-
case secure online banking browser, and use the new developments solution
above, i.e. it only talks mutual-auth
Combining several replies into one...
Nicolas Williams [EMAIL PROTECTED] writes:
On Mon, Sep 22, 2008 at 08:59:25PM -1000, James A. Donald wrote:
The major obstacle is that the government would want a strong binding
between sim cards and true names, which is no more practical than a
strong
Perry E. Metzger [EMAIL PROTECTED] writes:
(I saw this on another mailing list -- a follow-on to earlier
discussions about Blackberry in India. No idea how believable any of
it is because there is a great deal of difference between the way
Blackberries work in a corporate and non-corporate
On Sep 23, 2008, at 6:15 PM, Sandy Harris wrote:
From Slashdot: Psychologists gave university students phony
popups with various malware warning signs. Many just clicked.
http://arstechnica.com/news.ars/post/20080923-study-confirms-users-are-idiots.html
I think it's got to be said that
Jim Youll [EMAIL PROTECTED] writes:
I think it's got to be said that it's not apparent that the end-users
are the /idiots/ who should be called out for failing this study.
We gave them these interfaces, protocols and technologies that
allow for things to go so badly wrong. Nothing in the
On Sep 24, 2008, at 5:45 PM, Perry E. Metzger wrote:
Jim Youll [EMAIL PROTECTED] writes:
I think it's got to be said that it's not apparent that the end-users
are the /idiots/ who should be called out for failing this study.
We gave them these interfaces, protocols and technologies that
allow
Jim Youll [EMAIL PROTECTED] writes:
I was having a discussion over lunch about a week ago with a couple of
pretty well known security people (one of them might pipe up on the
list). We were considering what would happen in a particular seemingly
foolproof system with a trusted channel if
[EMAIL PROTECTED] (Perry E. Metzger) on Wednesday, September 24, 2008 wrote:
I don't want to claim that there is no place for better human factors
work in security engineering. There clearly is. However, I will
repeat, that is not the only story here, and it is not unreasonable to
note that there
On Sep 24, 2008, at 6:39 PM, Perry E. Metzger wrote:
The whole point of the study (which you feel had an inappropriate
tone) and of such gedankenexperiments is to understand the problem
space better.
Clarification: not the study.
I believe the article had an inappropriate tone. Calling
[EMAIL PROTECTED] (Perry E. Metzger) on Wednesday, September 24, 2008 wrote:
there are clearly people we do not allow to cross
the street on their own (young children, some mentally ill people,
etc), so there is perhaps a class of people who should not be allowed
to do unsupervised banking on the
Jim Youll [EMAIL PROTECTED] writes:
On Sep 24, 2008, at 6:39 PM, Perry E. Metzger wrote:
The whole point of the study (which you feel had an inappropriate
tone) and of such gedankenexperiments is to understand the problem
space better.
Clarification: not the study.
I believe the article
At one time, we believed that with enough crypto, we would be safe,
but we were disabused of that notion -- crypto is a great tool but not
a panacea. Now the notion seems to be that with enough human factors,
we will be safe. It appears this, too, is not a panacea.
What you mean, We?
I said
Steven M. Bellovin [EMAIL PROTECTED] writes:
Human factors haven't received nearly enough attention, and as long as
human factors failings are dismissed as the fault of idiot users,
they never will.
Strong agreement.
I don't disagree that much more needs to be done on human factors. I
just
On Wed, 24 Sep 2008 20:43:53 -0400
Perry E. Metzger [EMAIL PROTECTED] wrote:
Steven M. Bellovin [EMAIL PROTECTED] writes:
Human factors haven't received nearly enough attention, and as
long as human factors failings are dismissed as the fault of
idiot users, they never will.
Strong
15 matches
Mail list logo