News: Followup on user security
Published: 2005-11-29 20:52:54 . Categories: Security
Follow up to a rebutt on my blog entry on user security.
Brad rebutted to my article www.kfwebs.net in his post braddoro.com
One of the things he claim is that "Email encryption should be built right into the email client so that a non technical user never has to even see or know about it. Everything piece of out there should be built with secure encryption built into it."
The problem is, as stated in www.secure-my-internet.com that men is the security-chain's weakest link. If the user isn't aware of it being encrypted, it could as might as well not be, because you would easily obtain the information trough traditional social engineering techniques. Users has to be aware of the seemingly trivial information, like the name of a computer server can be used to convince a third party that you are in fact an employee of that company and gain access to security credentials.
For those who want to read more on the subject, Kevin Mitnick's book The Art of Deception is superb.
Human behaviour often understate the threat in order to satisfy their own safety needs. However, often falsely. One example is purchasing an expensive pick-proof lock at your home door, and thereby feeling comfortable that you have made the home safer for your family and yourself. However, the windows are still just as easy to break through.
As Albert Einstein is quoted "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.". Until the users are made aware of the importance of the information, and opt to protect it themselves, it will be insecure one way or another.
Brad also make a point "What is the next step? Users should demand that software makers produce a higher quality and more secure product. Software vendors should do everything they can, including rebuilding the software from the ground up, to entice users to use their product with security as a selling point."
I agree to this point, if the users demand it, and act rationally while searching for new product, instead of boundary reasonable, as most actually do, only searching for a satisfactory product and stop looking once one alternative is found, the software vendors has to get their act together.
I am a firm believer in free market economy, which depend on the user gaining information. To help users I've created two websites on the topic of security: www.secure-my-internet.com dealing with everyday computer use and www.secure-my-email.com dealing with digitally signing and encrypting emails. I urge everyone that hasn't already done so to consider their practice in computer use, because the number of compromised computers that spew spam-emails increase every day, every minute, yes every second.
One of the things he claim is that "Email encryption should be built right into the email client so that a non technical user never has to even see or know about it. Everything piece of out there should be built with secure encryption built into it."
The problem is, as stated in www.secure-my-internet.com that men is the security-chain's weakest link. If the user isn't aware of it being encrypted, it could as might as well not be, because you would easily obtain the information trough traditional social engineering techniques. Users has to be aware of the seemingly trivial information, like the name of a computer server can be used to convince a third party that you are in fact an employee of that company and gain access to security credentials.
For those who want to read more on the subject, Kevin Mitnick's book The Art of Deception is superb.
Human behaviour often understate the threat in order to satisfy their own safety needs. However, often falsely. One example is purchasing an expensive pick-proof lock at your home door, and thereby feeling comfortable that you have made the home safer for your family and yourself. However, the windows are still just as easy to break through.
As Albert Einstein is quoted "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.". Until the users are made aware of the importance of the information, and opt to protect it themselves, it will be insecure one way or another.
Brad also make a point "What is the next step? Users should demand that software makers produce a higher quality and more secure product. Software vendors should do everything they can, including rebuilding the software from the ground up, to entice users to use their product with security as a selling point."
I agree to this point, if the users demand it, and act rationally while searching for new product, instead of boundary reasonable, as most actually do, only searching for a satisfactory product and stop looking once one alternative is found, the software vendors has to get their act together.
I am a firm believer in free market economy, which depend on the user gaining information. To help users I've created two websites on the topic of security: www.secure-my-internet.com dealing with everyday computer use and www.secure-my-email.com dealing with digitally signing and encrypting emails. I urge everyone that hasn't already done so to consider their practice in computer use, because the number of compromised computers that spew spam-emails increase every day, every minute, yes every second.
Comments
| No comment posted at this time |
[Sitemap]
