Slashdot Mirror

← Back to Stories (view on slashdot.org)

Humans Not Evolved for IT Security

Posted by ScuttleMonkey on from the wait-it-guys-have-emotions? dept.

Stony Stevenson writes to tell us that at the recent RSA Conference security expert Bruce Schneier told delegates that human beings are not evolved for security in the modern world, especially when it comes to IT. "He told delegates at the 2007 RSA Conference that there is a gap between the reality of security and the emotional feel of security due to the way our brains have evolved. This leads to people making bad choices. 'As a species we got really good at estimating risk in an East African village 100,000 years ago. But in 2007 London? Modern times are harder.'"

23 of 302 comments (clear)

  1. really by snarkh · · Score: 5, Funny

    As a species we got really good at estimating risk in an East African village 100,000 years ago.

    I wonder how many days would that guy last in an East African village 100,000 years ago.

    1. Re:really by Gabest · · Score: 3, Funny

      depends... raw, smoked or cooked?

    2. Re:really by apparently · · Score: 4, Funny
      Last time I walked through Harlem, the hoodz said I had to fucking PROVE my wealth and whitenses before they would even consider robbing me. I showed them paystubs, my Discover card, even an ATM receipt, and still they doubted how rich I was! And don't get me started on the "white" thing, apparently they don't go by complexion any more, you gotta keep a DNA sample on you with a notarized letter from a scientist stating that he confirms your race.

      Us white, rich folk never had it so tough.

      Also, you really ought to be awarded with some sort of "waste of a condom" trophy.

    3. Re:really by mstahl · · Score: 4, Funny

      Come on. Bruce Schneier is like the Chuck Norris of the IT industry. He'd outlast us all!

      Remember. There are no prime numbers, only numbers that Bruce Schneier doesn't want you to factor!

  2. Ms Abacha? by Mr_Icon · · Score: 5, Funny

    Looking at the number of people falling for Nigerian scammers, I'd say that our ability to "estimate risk in an East African village" is not so hot either. :)

    --
    If you open yourself to the foo, You and foo become one.
    1. Re:Ms Abacha? by nelsonal · · Score: 3, Funny

      But that's a west African villiage, totally different risk profile. Well played.

      --
      Degaussing scares the bad magnetism out of the monitor and fills it with good karma.
    2. Re:Ms Abacha? by SterlingSylver · · Score: 3, Funny

      As a celebration for his victory, we are established for your beneficiary a large bank account in a small East African village. Effect payment of charge processing to the bank account to be listed later in order to receive your monies.

  3. Humans Not Evolved for IT Security by Daimanta · · Score: 5, Funny

    Thank God I was intelligently designed for this kind of thing ;)

    --
    Knowledge is power. Knowledge shared is power lost.
    1. Re:Humans Not Evolved for IT Security by gammygator · · Score: 5, Funny

      That's because in Soviet Kansas, nothing evolves...

      --

      No Nyarlathotep, No Chaos
      Know Nyarlathotep, Know Chaos
    2. Re:Humans Not Evolved for IT Security by sm62704 · · Score: 1, Funny

      Thank God I was intelligently designed for this kind of thing ;)

      Too bad Windows isn't.

      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  4. Smith by pete-classic · · Score: 5, Funny

    "Only human."
    --Agent Smith on IT security

    1. Re:Smith by Anonymous Coward · · Score: 1, Funny

      "Dodge this."
      --Trinity on the ability of software security to defeat a determined human attacker

  5. Re:What a pile of carp by Frozen+Void · · Score: 3, Funny

    You forgot :
    5.Building an insecure system from the ground up and expecting the users to fix it.

  6. Re:His arguments are logical, but... by Jasin+Natael · · Score: 2, Funny

    There is no possible way to "evolve" computer security.

    Then, it sounds like we need a lethal, compulsory video game with a computer security theme.

    --
    True science means that when you re-evaluate the evidence, you re-evaluate your faith.
  7. Re:so what? by apparently · · Score: 2, Funny
    Go down you local street corner and see how many people can solve the simplest of equations


    Well, for any equations where the solution is "go fuck yourself!", "I got somethin' you can solve, sugah!", or "no seriously, go fuck yourself" the subjects in my test study pass with flying colors.

  8. Re:No I'm not by NeutronCowboy · · Score: 3, Funny

    Wow. You truly are entertaining. Here, have some more rope. I'm sure you can find an entertaining way of hanging yourself again.

    --
    Those who can, do. Those who can't, sue.
  9. Open letter to God by EmbeddedJanitor · · Score: 4, Funny
    Better luck with Humans V2.0.

    Anyway you should only trust Humans V1.0 after SP1 has been released.

    --
    Engineering is the art of compromise.
    1. Re:Open letter to God by comradeeroid · · Score: 2, Funny

      Early reports from beta testing of Humans Longhorn indicate that the increased security features mainly consist of nagpop's and blocking of almost every function. Before a patch was released to allow it to be shut down several beta testers suffocated due to a function that prompted "It seem's like lungs.exe is trying to access oxygen, if this is correct press 'Yes'"

      --
      If you see a rock violating the law of gravity, then the law is wrong, not the rock!
  10. Re:Stupid Crap by Sax+Maniac · · Score: 4, Funny
    What I usually see is this:

    IT GUY: Your PC is insecure.
    CEO: It's your job to secure it, dumbfuck. Give me a secure computer.
    IT GUY: Yes sir.

    --
    I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
  11. Re:Lets think about this. by CompMD · · Score: 2, Funny

    > You are alone in a dark room and cannot see. You are likely to be eaten by a grue.

    Actually, sounds like what you can't see WILL in fact eat you.

  12. Re:Probably by maxwell+demon · · Score: 2, Funny

    No, those were South African villages. :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.
  13. Re:because people want the easy way by blhack · · Score: 2, Funny

    And that is why it SUCKS to be the person in charge of security for a domain. Make the security too harsh and the users complain (with good reason) that they can't get anything done. Make things too lax, and you turn into an alcoholic schitzophrenic who does nothing but sit at home in the dark murmering about exploits and unencrypted telnet sessions that your entire company runs on, and how even the software providers out in north carolina won't implement SSL into their software because all of their programmers are from the 1970s even the guy who supposedly "knows-linux" and wants to run gentoo on the soekris box that you sent them to use as a firewall; you sit there alone, and paranoid that some russian script kid, or 14 year old digg user wanna-be l33t-sausage hack-zore is gonna come accross a username/pass and burn your precious servers to the ground!

    The relation between beer/security can most properly be illustrated by this graph

    --
    NewslilySocial News. No lolcats allowed.
  14. Re:so what? by Chris+Burke · · Score: 2, Funny

    They believe that having rolled many sixes recently, they are "due for a 1 or a 2" even though the probability of rolling a particular number on a die is independent of previous rolls.

    My goodness, this is simply untruth! While it may be so in the white halls of academia, where such things as "fair dice" and "independent events" are bandied about as though they actually exist in their perfect mathematical forms, it isn't so in the harsh reality of the craps table! Allow me to explain. You see, when you roll a die and it lands as a six, this means that the one side is facing down. While bouncing and rolling each side of the die will contact the table only momentarily, but just prior to stopping the die will have one side contacting the table and will move ever so slightly until friction eliminates its remaining kinetic energy. This friction creates heat on the one, which is held in by the felt table, while the six is facing up and exposed to the air currents and thus is cooled. As hot objects expand and cool objects contract, and a less dense object is more buoyant than a dense one, this creates a natural tendency for the subsequent roll to favor landing one-up rather than six-up. Successive rolls of six will only increase this heat differential. So you see, the gambler's intuition is correct that they are "due" for a one as the odds every increasingly push the die in that direction.

    I have myself used this fact to acquire vast sums of money from casinos, to the point where I was able to purchase a casino myself. You should come and visit and play at my craps table. I'm sure with my the knowledge I've given you, you will soon be buying the casino from me!

    --

    The enemies of Democracy are