Eric's point about social components and social engineering is major. Getting credulous users to hand over the keys to the treasure is far and away the easiest game in town, and the most profitable. Check out Bruce Schneier's Crypto-Gram all along for lots and lots of examples. The main reasons why crypto fails is that its users give away the keys. When I built a little crypto package for Xerox in the 1970s, the managers posted the keys on the bulletin board. And not much has changed since then.
It makes software exploits look like a total waste of the crooks' time. Dave Henn wrote: > [big snip] > > Every account I've read has indicated that the "compromise" required > user assistance of one form or another. OS X is basically a > Unix/Linux, which is why I was trying not to set it apart too much. > Again, I'll read up on Storm and look into what Dana's talking about. > But this just gets us to your other, more important points about the > social/cultural components to malware. And the application/plug-in > based exploits vs. OS based exploits - as you say, that's going to be > huge. Still, it would be nice to get rid of thousands of risks we > already know about. > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "R-SPEC: The Rochester Speculative Literature Association" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/r-spec?hl=en -~----------~----~----~----~------~----~------~--~---
