funsec mailing list archives
Re: BBC Crosses The Line Again
From: Rich Kulawiec <rsk () gsp org>
Date: Sat, 21 Mar 2009 09:42:32 -0400
On Fri, Mar 20, 2009 at 11:28:15AM -0700, Paul M. Moriarty wrote:
OK, I'll play devil's advocate. What's the right way to educate the public? Because security companies have done a piss-poor job to date.
I strongly concur with the latter statement, but note in passing that it's against the financial interests of most of them to do so...so we should be very surprised if they did. However, to answer the question: "none". The public has proven itself to be completely ineducable. As Marcus Ranum correctly pointed out in "The Six Dumbest Ideas in Computer Security", where he identified "user education" as one of them: If it was going to work, it would have worked by now. For example, we (for various values of "we") have been telling users for a very, very long time that they should never respond to a request for their password(s). Yet they do -- constantly. As another example, we have been telling users never to respond to spam. But they do. In large numbers. Consistently. (This, at least, can be mitigated by applying blacklist rules to outbound email traffic.) User education is a fine and noble endeavor. I've done a lot of it, as I'm sure many other people here have. But collectively, we have almost nothing to show for it. I think it's (past) time to get on board with Ranum and stop wasting our time with an approach that's failed. Oh, not that *other* approaches might turn out to be equally fruitless -- they might -- but let's give them their chance to fail. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- BBC Crosses The Line Again Paul Ferguson (Mar 19)
- Re: BBC Crosses The Line Again Larry Seltzer (Mar 20)
- Re: BBC Crosses The Line Again Paul Ferguson (Mar 20)
- Re: BBC Crosses The Line Again Larry Seltzer (Mar 20)
- Re: BBC Crosses The Line Again Paul M. Moriarty (Mar 20)
- Re: BBC Crosses The Line Again nick hatch (Mar 20)
- Re: BBC Crosses The Line Again Paul Ferguson (Mar 20)
- Re: BBC Crosses The Line Again Larry Seltzer (Mar 20)
- Re: BBC Crosses The Line Again Paul M. Moriarty (Mar 20)
- Re: BBC Crosses The Line Again Valdis . Kletnieks (Mar 20)
- Re: BBC Crosses The Line Again Rich Kulawiec (Mar 21)
- <Possible follow-ups>
- Re: BBC Crosses The Line Again Daniel H. Renner (Mar 21)