Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: User Insecurity
From: gadgeteer () elegantinnovations org
Date: Fri, 19 Mar 2004 11:39:19 -0700

On Thu, Mar 18, 2004 at 11:48:45AM -0600, Earl Keyser (Earl.Keyser () wayzata k12 mn us) wrote:
I think you folks miss the point.

My VISA card doesn't have any bells and whistles to turn on or off -just
a PIN to remember.  My car is serviced by my mechanic. I don't know
what's under the hood except where to put washer fluid. To ask me to
make my own Visa card or tune my engine is an impossibility.  My Dad is
an MD - but he can't set the time on the VCR.

Until the whole paradigm changes, we will live in an insecure world. 
Most home users are clueless - they want to remain that way.  It's up to
our industry (PC makers, OS makers, techies and researchers to build a
better, safer mousetrap.

Railing at the "clueless lusers" is both stupid and counter-productive.

What you describe regarding you and your mechanic is "blind trust".  
You are trusting his abilities as a mechanic based on you preception 
of him as a person.

OTOH, I learned the theory behind the design of the various systems that 
comprise an automobile and got some hands on experience rebuilding 
engines in high school auto shop.  While I do not pretend to have the 
working skills and knowledge to actually diagnose and repair a modern 
auto I do have domain-specific knowledge which allows me to make informed
judgements of my mechanic's abilities by engaging him in conversation 
regarding mechanics.

Likewise I have some interest in biology and expect the MD to explain 
sufficiently so that I can fit what she is saying into my knowledge-base 
without conflict.

Knowing proper food handling I can make reasonable judgement regarding a 
restaurant and chances of food poisoning.

Just as "folk physics" and "folk psychology" can lead to erroneous 
conclusions so too can limited knowledge-based judgements.  However,
willful ignorance is simply a "kick me" sign hung on one's forehead 
to a malicious social engineering attack.

Willful ignorance is "both stupid and counter-productive".  Demands 
for protection of the "clueless lusers" is merely shifting the burden 
from those too f*****g lazy to be curious to the rest of us.

"Making something safe for idiots means only idiots will use it."  
(It also makes it much more costly.)
Chief Gadgeteer
Elegant Innovations

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]