Stuff 3/21/13

Posted: March 21, 2013 by chad98036 in Uncategorized

SlashdotSecurity Awareness Training is a Waste of Time

Good practices might protect me from a theoretical attack at some time in the future, but they’re a bother right now, and I have more fun things to think about. This is the same trick Facebook uses to get people to give away their privacy.

the author makes a couple good points about the necessity of good design, but you can have the best design in the world and users will still find a way to break it.  To quote the bard –

“Programming is a race between engineers, who strive to produce idiot-proof programs, and the universe which strives to produce bigger idiots. So far the Universe is winning. “

Ars TechnicaDecade-old espionage malware found targeting government computers

Essentially making both Schneier’s point about the ineffectiveness of training and mine about building better idiots:

Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.

the operators infected their victims through a series of "watering hole" attacks that plant malware on websites frequented by the intended victims (ed. Porn!). When the targets visit the booby-trapped sites, they also become infected.

What’s most disturbing is it apparently took a decade to discover this.  We are well and truly fucked.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s