The Core Dump

A strong conviction that something must be done is the parent of many bad measures

[By Nic Lindh on Thursday, 29 January 2004]

The Feds on computer security

Scott Granneman has written a couple of interesting columns for SecurityFocus. In one of them, he discusses the scary ignorance Joe User has when it comes to security. The column shouldn’t come as a surprise to anybody doing end-user support, but judging from the still-abysmal state of user interfaces for security tools, it’s a big surprise to the makers of anti-virus software and firewalls. And Microsoft’s Windows Update tool is still a living manifesto of how not to design end-user software.

You’d think that enlightened self-interest would convince a lot of people to learn enough about this stuff to lock down their own machines, but all the evidence says no. There’s a small percentage of nerds and geeks who spend the time on this stuff, and the rest of the user population, for whatever reasons, can’t be bothered. So their boxes get hacked, they keep clicking on dangerous attachments, fall for phishing scams, and in general have a thoroughly unpleasant experience on the Internet.

After Granneman published the column linked above, he was contacted by an FBI agent, who volunteered to give a lecture. The account of that lecture is fascinating reading. There’s a lot of nastiness out there.

Turns out that security is not so much a matter of technology. Granted, base levels of technological security, like firewalls and strong passwords, have to be in place to prevent abuses, but in the end “social engineering, coupled with greed, is the easiest way to subvert any security.”

Music: “Mary’s in India” by Dido [Opens in iTunes]

« The horrors of IE

 »


Enjoy the ten latest posts!

Any sufficiently advanced incompetence is indistinguishable from malice

Impressions moving from an Apple Watch Series 3 to Series 5

Is there reason to upgrade from a 3 to a 5?

Plans are worthless, but planning is everything

Often injustice lies in what you aren’t doing, not only in what you are doing

Die in a ditch

After all these years, Nic still can’t understand the American attitude to healthcare.

The big thieves hang the little ones

Book roundup, part 29

A sci-fi and fantasy heavy installment that includes The Valedictorian of Being Dead, The Mastermind, Broadsword Calling Danny Boy, Tiamat’s Wrath, The Raven Tower, The Liberation, The Light Brigade and Cryptonomicon.

Politics is not the art of the possible. It consists in choosing between the disastrous and the unpalatable

Book roundup, part 28

Includes The Incomplete Book of Running, Aching God, The Murderbot Diaries, Lies Sleeping, The Consuming Fire, and Rendezvous with Rama.

Las Vegas trip report

Did you know Las Vegas is kind of nutty?