Re: Some slides for a keynote

[Vitaly Osipov <vitaly.osipov () gmail com>]

Here are some quotes about goals from a rather randomly selected, but
very fitting, psychology paper
(http://www.psych.nyu.edu/gollwitzer/99Goll_ImpInt.pdf):

"...it matters how people frame their good intentions or goals.  For
instance, better performances are observed when people set themselves
challenging, specific goals as compared with challenging but vague
goals (so-called "do your best" goals). "

"This goal-specificity effect is based on feedback and self-monitoring
advantages, as is also true for the goal-proximity effect (proximal
goals lead to better performances than distal goals)."

"Goal attainment is also more likely... when they frame their intentions
as promotion goals (focusing on the presence or absence of positive
outcomes) rather than prevention goals (focusing on the presence or
absence of negative outcomes)"

Specific, visible goals (infosec examples: own the box, exploit that
piece of software) are a happy place for anyone, and this is one of
the reasons some people like breaking stuff more than making it
"unbreakable". This is not all about media whoring or IC's tendencies.
This work is addictive in part because humans are wired that way.
Regards,
Vitaly


On Wed, Apr 9, 2014 at 1:09 AM, Michal Zalewski <lcamtuf () coredump cx> wrote:
> > https://docs.google.com/presentation/d/1Sv8IHkBtBEXjSW7WktEYg4EbAUHtVyXIZBrAGD3WR5Y/edit#slide=id.p
>
> Interesting. I have argued in favor of this position when it comes to
> vulnerability research: people like to paint their motivations in a
> variety of ways, but most of the actions they take are best explained
> by just wanting to see the world acknowledge your skills. Being in the
> headlines or in the limelight at a major conference can give you quite
> a powerful fix. And because most journalists struggle to tell good
> research from bad one, it also provides a powerful feedback loop that
> can prevent you from improving your skills.
>
> In any case, I agree with you that this applies to attackers. The NSA
> / GCHQ materials published to date reminded me more of people bragging
> on IRC in the 90s than a self-composed organization focused on
> well-defined goals. Of course, we should keep in mind that materials
> we see were cherry-picked out of a huge pile: the ones that make them
> look ordinary do not make a good story.
>
> As an aside... in almost any sufficiently large organization, security
> teams are involved in internal investigations of criminal activity,
> help take down down carder networks, do a night raid or two, and
> participate in other things that get your blood pumping. Still, they
> show more restraint than the intelligence community; saying things
> like "I hunt users" would get them in trouble even if it is
> superficially true. I guess that organizational incentives matter,
> too.
>
> /mz
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave