Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bruce Schneier Talks Brain Heuristics and Security

Posted by CowboyNeal on from the just-because-you're-paranoid dept.

ancientribe writes "Bruce Schneier is at it again: the security icon shares his latest research and insight on the interplay between psychology and security in this article in Dark Reading. The focus of Schneier's latest research is on brain heuristics and perceptions of security, which may be the basis for the best-selling author's next book. His goal for the topic, which he'll be presenting at the RSA Conference next week, is to focus on how people think, and feel, about security, and how neuroscience can help explain how our perception of risk doesn't always match reality."

3 of 83 comments (clear)

  1. Bruce Schneier is my homeboy by bigredradio · · Score: 5, Funny

    More facts about Bruce. http://geekz.co.uk/schneierfacts/

    --
    Flexible bare-metal recovery for Linux/UNIX
  2. Perception by bwthomas · · Score: 5, Interesting

    Part of the problem is with our perception of probability. We see it mathematically, but we still expect cause and effect rather than randomosity. Most users will say things like "why would someone monitor me," not realizing that there's usually no direct causal relation between who they are and interest others might have in their information, and the question is better put, "how probable is it that someone like me might be monitored."

    In other words, we feel relatively safe in a crowd. We are completely visible, but because we cannot see why someone would single us out as unique, we feel obfuscated. All the while not realizing that it's more opportunity than it is causality.

    This is why we feel safe sharing information on websites like myspace, or using our credit cards over insecure wireless connections, because we believe that because everyone else is engaging in this fundamentally insecure behavior, we have safety in numbers. No one will read our blog for information about our identity, no one will try to use our amazon account to buy electronics.

    But they will, with a probabilistically determined frequency.

  3. 5 tough user-space factors by G4from128k · · Score: 5, Insightful

    I see five factors that make the user-space side of security so hard.

    1. Incentives: Most people, especially employees, don't face personal consequences when their PC is infected or the company database gets pwned.
    2. Rarity: Most people see security problems as something that happens to someone else. That so few breaches are publicized only enhances the belief in the low likelihood of problems.
    3. Hubris: Most people believe they know what they are doing.
    4. Boredom: Ask a person to be careful too many times in the face of a relatively low-probability event and they become trained to click "Yes, Install."
    5. Sociality: Most people are nice and assume that other people are nice too. They hold the door open for the social engineering intruder, they click on the "cool link", they open email that looks like it might be from someone important. Malware creators prey on our desire to "do the right thing."

    Some of these five are easier to address but some reflect deeper realities about being human.

    --
    Two wrongs don't make a right, but three lefts do.