On 2011-03-23 00:57, Andy Steingruebl wrote:
On Tue, Mar 22, 2011 at 8:41 AM, Gary McGraw<g...@cigital.com> wrote:
[...]
malware" as the AT&T guys sometimes think…you use it to find the kinds of bugs
that malware exploits to get a toehold on target servers. One level removed, but a
clear causal effect.
Interestingly, your article only covers malware that gets installed by
exploiting a technical vulnerability, not malware that gets installed
by exploiting a human vulnerability (social engineering). I've been
[...]
As someone once said: Idiot-proofing is difficult because the idiots are
so ingenious...
I'm not sure if we really can protect ourselves against "stupid users"
through secure coding. Marcus Ranum opined 5 years ago that even
educating users is pointless, opting for some way of punishing them
instead:
http://www.ranum.com/security/computer_security/editorials/point-counterpoint/users.html
Can we idiot-proof computer systems without crippling them for the rest
of us?
-Martin
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
