On Sep 23, 2008, at 6:15 PM, Sandy Harris wrote:
From Slashdot: Psychologists gave university students phony
popups with various malware warning signs. Many just clicked.
http://arstechnica.com/news.ars/post/20080923-study-confirms-users-are-idiots.html
I think it's got to be said that
Jim Youll [EMAIL PROTECTED] writes:
I think it's got to be said that it's not apparent that the end-users
are the /idiots/ who should be called out for failing this study.
We gave them these interfaces, protocols and technologies that
allow for things to go so badly wrong. Nothing in the
On Sep 24, 2008, at 5:45 PM, Perry E. Metzger wrote:
Jim Youll [EMAIL PROTECTED] writes:
I think it's got to be said that it's not apparent that the end-users
are the /idiots/ who should be called out for failing this study.
We gave them these interfaces, protocols and technologies that
allow
Jim Youll [EMAIL PROTECTED] writes:
I was having a discussion over lunch about a week ago with a couple of
pretty well known security people (one of them might pipe up on the
list). We were considering what would happen in a particular seemingly
foolproof system with a trusted channel if
[EMAIL PROTECTED] (Perry E. Metzger) on Wednesday, September 24, 2008 wrote:
I don't want to claim that there is no place for better human factors
work in security engineering. There clearly is. However, I will
repeat, that is not the only story here, and it is not unreasonable to
note that there
On Sep 24, 2008, at 6:39 PM, Perry E. Metzger wrote:
The whole point of the study (which you feel had an inappropriate
tone) and of such gedankenexperiments is to understand the problem
space better.
Clarification: not the study.
I believe the article had an inappropriate tone. Calling
[EMAIL PROTECTED] (Perry E. Metzger) on Wednesday, September 24, 2008 wrote:
there are clearly people we do not allow to cross
the street on their own (young children, some mentally ill people,
etc), so there is perhaps a class of people who should not be allowed
to do unsupervised banking on the
Jim Youll [EMAIL PROTECTED] writes:
On Sep 24, 2008, at 6:39 PM, Perry E. Metzger wrote:
The whole point of the study (which you feel had an inappropriate
tone) and of such gedankenexperiments is to understand the problem
space better.
Clarification: not the study.
I believe the article
At one time, we believed that with enough crypto, we would be safe,
but we were disabused of that notion -- crypto is a great tool but not
a panacea. Now the notion seems to be that with enough human factors,
we will be safe. It appears this, too, is not a panacea.
What you mean, We?
I said
Steven M. Bellovin [EMAIL PROTECTED] writes:
Human factors haven't received nearly enough attention, and as long as
human factors failings are dismissed as the fault of idiot users,
they never will.
Strong agreement.
I don't disagree that much more needs to be done on human factors. I
just
On Wed, 24 Sep 2008 20:43:53 -0400
Perry E. Metzger [EMAIL PROTECTED] wrote:
Steven M. Bellovin [EMAIL PROTECTED] writes:
Human factors haven't received nearly enough attention, and as
long as human factors failings are dismissed as the fault of
idiot users, they never will.
Strong
11 matches
Mail list logo