Fake popup study

Perry E. Metzger perry at piermont.com
Wed Sep 24 18:39:44 EDT 2008


Jim Youll <jim at cr-labs.com> writes:
>> I was having a discussion over lunch about a week ago with a couple of
>> pretty well known security people (one of them might pipe up on the
>> list). We were considering what would happen in a particular seemingly
>> foolproof system with a trusted channel if someone got a message via
>> an untrusted channel saying...
>>
>>  "Now, to complete your book purchase, the trusted system is going to
>>   say "If you press "YES", you're going to send all the money you
>>   have in the world to a con man in Nigeria" -- this is
>>   normal. Please press yes when it says that."
>>
>> ...a large fraction of users would just press "YES".
>
> Straw man.

Hardly. In fact, it is a very important thing to bear in mind, as is
the output of that study.

The whole point of the study (which you feel had an "inappropriate
tone") and of such gedankenexperiments is to understand the problem
space better.

At one time, we believed that with enough crypto, we would be safe,
but we were disabused of that notion -- crypto is a great tool but not
a panacea. Now the notion seems to be that with enough human factors,
we will be safe. It appears this, too, is not a panacea.

> Considering the magnitude and frequency of losses that apparently
> occur through these technologies, and the fact that the crypto and
> security technologies are pretty far evolved and seem to work well
> if used well, I would counter that human factors are just about all
> we should be worrying about right now, if we hope to ever make
> online activities as safe as they should be.

There are all sorts of things to worry about. Human factors are
clearly an important component, but I think that the study (yes, the
one which you feel had an "inappropriate tone") is important -- some
people are too stupid to trust.

Clearly, by eliminating decisions people have to make (such as by
removing non-secure modes of operation), eliminating means by which
people can leak valuable information (such as by eliminating passwords
that they can give to fake "customer service representatives" and the
like), cleaning up the human factors, etc., we can make things much
better.

However, the lesson of this sort of study is that we may never be able
to fix the problem. You contend the engineers are at fault, but
clearly they are only partially at fault -- there are (as I said) some
people who are too stupid to protect. We probably should not be
surprised by this -- there are clearly people we do not allow to cross
the street on their own (young children, some mentally ill people,
etc), so there is perhaps a class of people who should not be allowed
to do unsupervised banking on the basis that they cannot be trusted to
protect themselves adequately.

Perry
-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list