Here are some quotes about goals from a rather randomly selected, but very fitting, psychology paper (http://www.psych.nyu.edu/gollwitzer/99Goll_ImpInt.pdf):
"...it matters how people frame their good intentions or goals. For instance, better performances are observed when people set themselves challenging, specific goals as compared with challenging but vague goals (so-called "do your best" goals). " "This goal-specificity effect is based on feedback and self-monitoring advantages, as is also true for the goal-proximity effect (proximal goals lead to better performances than distal goals)." "Goal attainment is also more likely... when they frame their intentions as promotion goals (focusing on the presence or absence of positive outcomes) rather than prevention goals (focusing on the presence or absence of negative outcomes)" Specific, visible goals (infosec examples: own the box, exploit that piece of software) are a happy place for anyone, and this is one of the reasons some people like breaking stuff more than making it "unbreakable". This is not all about media whoring or IC's tendencies. This work is addictive in part because humans are wired that way. Regards, Vitaly On Wed, Apr 9, 2014 at 1:09 AM, Michal Zalewski <[email protected]> wrote: >> https://docs.google.com/presentation/d/1Sv8IHkBtBEXjSW7WktEYg4EbAUHtVyXIZBrAGD3WR5Y/edit#slide=id.p > > Interesting. I have argued in favor of this position when it comes to > vulnerability research: people like to paint their motivations in a > variety of ways, but most of the actions they take are best explained > by just wanting to see the world acknowledge your skills. Being in the > headlines or in the limelight at a major conference can give you quite > a powerful fix. And because most journalists struggle to tell good > research from bad one, it also provides a powerful feedback loop that > can prevent you from improving your skills. > > In any case, I agree with you that this applies to attackers. The NSA > / GCHQ materials published to date reminded me more of people bragging > on IRC in the 90s than a self-composed organization focused on > well-defined goals. Of course, we should keep in mind that materials > we see were cherry-picked out of a huge pile: the ones that make them > look ordinary do not make a good story. > > As an aside... in almost any sufficiently large organization, security > teams are involved in internal investigations of criminal activity, > help take down down carder networks, do a night raid or two, and > participate in other things that get your blood pumping. Still, they > show more restraint than the intelligence community; saying things > like "I hunt users" would get them in trouble even if it is > superficially true. I guess that organizational incentives matter, > too. > > /mz > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
