#018: Security, pt. 3: The Social Engineering Game
Computer security is hard. You can click links, except when it’s not safe to do so. You can open downloaded files or email attachments, unless they’re not safe. You can insert USB drives into your computer, unless they’re infected with something nasty. Doing the right thing is hard.
And computers themselves don’t make it any easier. They’ll just ask you what you’d like to do, showering you with warning dialogs and popups. Except you might not really have a clue either. Even tech-savvy users have difficulty navigating todays forest of warnings and security dialogs. Most of them are badly designed, making the job even harder.
The often-touted solution is training, to teach what you should and shouldn’t, can and must not do, in order to be able to protect yourself. But this ignores the fact that todays software is the reason this training is required in the first place. Instead, Bruce Schneier argues to stop trying to fix the user, fix the environment that allows such things to happen in the first place.
The flip side is that no technological solution will ever solve all security problems. As Lance Spitzner points out in Why Bruce is Wrong About “Fixing” the User, humans are often the weakest link in security, regardless how good the software is or could be. Social engineering is a way to break into systems that no computer can defend against. As such, training will always be a necessity. On the upside, a well-trained user can notice attacks and threats well before any technological solution ever could.
Both views are correct, of course. There’s a lot of technology around today and in future that needs to have good technological security, but ignoring the human element would mean leaving humans open as an attack vector. As such, you, dear reader, will have to contend with making sure your online accounts are safe, and live with the fact that right now, computer security sucks for everyone involved.
Next week, I’ll write about a few steps you can take to protect yourself online.
Other interesting links from around the web:
- How Apple Is Putting Voices in Users’ Heads — Literally – Hearing aids are becoming more and more powerful, in part thanks to Apple’s support for accessibility.
- Substituting Beans for Beef Would Help the U.S. Meet Climate Goals – Eating less meat and more vegetables might be a viable way to reduce our Carbondioxide output.
- The strange and righteous history of the equals sign – Only 500 years ago, the equals sign was introduced with a campaign to introduce mathematics to a wider (read: non-latin, english-speaking) audience.