Slashdot – Security Awareness Training is a Waste of Time
Good practices might protect me from a theoretical attack at some time in the future, but they’re a bother right now, and I have more fun things to think about. This is the same trick Facebook uses to get people to give away their privacy.
the author makes a couple good points about the necessity of good design, but you can have the best design in the world and users will still find a way to break it. To quote the bard –
“Programming is a race between engineers, who strive to produce idiot-proof programs, and the universe which strives to produce bigger idiots. So far the Universe is winning. “
Ars Technica – Decade-old espionage malware found targeting government computers
Essentially making both Schneier’s point about the ineffectiveness of training and mine about building better idiots:
Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.
the operators infected their victims through a series of "watering hole" attacks that plant malware on websites frequented by the intended victims (ed. Porn!). When the targets visit the booby-trapped sites, they also become infected.
What’s most disturbing is it apparently took a decade to discover this. We are well and truly fucked.