lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040319183919.GJ4016@hyper>
From: gadgeteer at elegantinnovations.org (gadgeteer@...gantinnovations.org)
Subject: Re: User Insecurity

On Thu, Mar 18, 2004 at 11:48:45AM -0600, Earl Keyser (Earl.Keyser@...zata.k12.mn.us) wrote:
> I think you folks miss the point.
> 
> My VISA card doesn't have any bells and whistles to turn on or off -just
> a PIN to remember.  My car is serviced by my mechanic. I don't know
> what's under the hood except where to put washer fluid. To ask me to
> make my own Visa card or tune my engine is an impossibility.  My Dad is
> an MD - but he can't set the time on the VCR.
> 
> Until the whole paradigm changes, we will live in an insecure world. 
> Most home users are clueless - they want to remain that way.  It's up to
> our industry (PC makers, OS makers, techies and researchers to build a
> better, safer mousetrap.
> 
> Railing at the "clueless lusers" is both stupid and counter-productive.

What you describe regarding you and your mechanic is "blind trust".  
You are trusting his abilities as a mechanic based on you preception 
of him as a person.

OTOH, I learned the theory behind the design of the various systems that 
comprise an automobile and got some hands on experience rebuilding 
engines in high school auto shop.  While I do not pretend to have the 
working skills and knowledge to actually diagnose and repair a modern 
auto I do have domain-specific knowledge which allows me to make informed
judgements of my mechanic's abilities by engaging him in conversation 
regarding mechanics.

Likewise I have some interest in biology and expect the MD to explain 
sufficiently so that I can fit what she is saying into my knowledge-base 
without conflict.

Knowing proper food handling I can make reasonable judgement regarding a 
restaurant and chances of food poisoning.

Just as "folk physics" and "folk psychology" can lead to erroneous 
conclusions so too can limited knowledge-based judgements.  However,
willful ignorance is simply a "kick me" sign hung on one's forehead 
to a malicious social engineering attack.

Willful ignorance is "both stupid and counter-productive".  Demands 
for protection of the "clueless lusers" is merely shifting the burden 
from those too f*****g lazy to be curious to the rest of us.

"Making something safe for idiots means only idiots will use it."  
(It also makes it much more costly.)
-- 
Chief Gadgeteer
Elegant Innovations


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ