Slashdot Mirror
Humans Not Evolved for IT Security
Stony Stevenson writes to tell us that at the recent RSA Conference security expert Bruce Schneier told delegates that human beings are not evolved for security in the modern world, especially when it comes to IT. "He told delegates at the 2007 RSA Conference that there is a gap between the reality of security and the emotional feel of security due to the way our brains have evolved. This leads to people making bad choices. 'As a species we got really good at estimating risk in an East African village 100,000 years ago. But in 2007 London? Modern times are harder.'"
So the modern equivalent is "What I can't see won't eat me" ... seems to be the same mistake. More likely, if 99.99% of your senses tell you that you are safe, then worrying about meteors or lightning strikes is a waste of energy.
Plus you gotta think "selfish gene". Is I *feel* "secur-i-ness", I can proceed with making babies... while you're so worried about lions, you fail to impress the ladies.
meh
As a species we got really good at estimating risk in an East African village 100,000 years ago.
I wonder how many days would that guy last in an East African village 100,000 years ago.
He told delegates at the 2007 RSA Conference that there is a gap between the reality of security and the emotional feel of security due to the way our brains have evolved.
Which is why, a lot of times, you end up with security theatre, instead of real security.
The theory of relativity doesn't work right in Arkansas.
Looking at the number of people falling for Nigerian scammers, I'd say that our ability to "estimate risk in an East African village" is not so hot either. :)
If you open yourself to the foo, You and foo become one.
Thank God I was intelligently designed for this kind of thing ;)
Knowledge is power. Knowledge shared is power lost.
Exaggerate uncommon risks -- for example, air travel is safer than cars but because car accidents are common they are seen as less risky Maybe because everyone involved in an air plane crash usually dies. Automobile deaths are much less. There's this idea of risk = probability * impact. In the case of automobiles, probability is high but the impact is low. It's the other way around in aircraft failures. Personified risk -- Osama Bin Laden is scarier than a faceless threat How in the hell does this relate to IT security? I think IT administrators are more afraid of the people they don't know hacking their systems then the people they actually employ doing the same. In the end, I'm sure more attacks come internally or from an ex-worker than someone unknown. Maybe the face you know should be more scary than the face you don't at the office? Risks that could be controlled -- The DC sniper caused a few deaths but the response was way out of proportion. Please elaborate, I know of the John Lee Malvo incident but I have no idea how this relates to IT security. Are you telling me that shutting down a system to protect a database from a possible threat or virus is overkill? I would respond with that varying on a case by case basis but at my job, offline databases are worth maintaining the integrity of the data inside them.
I know I'm really coming off as a jerk when I say this but I don't think this article helped me in anyway. All I saw was someone over simplifying a complex problem--thereby making them seem smarter to the people they were explaining it to.
Don't read this article, it has nothing to offer you. If you don't know this subject, I believe this article will only add to your confusion and lack of understanding.
My work here is dung.
As a INFOSEC person, I see this kind of mentality on a daily bases. Still, there is a realization of the costs of outages due to attacks and that I see. Slowly but surely it's changing. Compared to evolutionary changes tho, it's a blink of an eye.
We're not evolved for space flight either. You can't apply "evolution" as a blanket to tool use at the level we've taken it; we have evolved a capacity for abstract thought which allows us to create highly complex tools...Saying that we're not evolved to assess risk on a level as abstract as this is disingenous...When was the last time a virus jumped out of your computer and ate you? There is no evolutionary pressure involved with such intellectual pursuits.
It's perhaps more accurate to say that only a few people are capable of truly understanding this stuff at all, and for the rest it's just black magic. Of course they don't appreciate the risk. I guess B.S was trying to find a rational reason why people just categorically don't understand security when applied to technology, but I think it's more just that they're doing well to be able to use the tech at all. We're going to have to have a lot higher skill level among users before we can expect them to truly appreciate security.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Finally, its official. 'nuff said.
In many ways, we need to go back to square one. We need to teach ethics to the younger generation. Hackers and phishers will always remain one step ahead of the security community in developing new methods to bypass security measures. The problem is, we should have to erect so many virtual walls. The real question we should be asking ourselves is: why is this behavior acceptable -- even lauded at times?
We aren't specifically evolved do algebra either, and we (well, many of us) do a decent job at that. Humans are evolved to learn and adapt.
"Only human."
--Agent Smith on IT security
... if it really must be Schneier, read: "Why the Human Brain Is a Poor Judge of Risk" ( Wired ), but better immediately turn to Kahneman .
CC.
TaijiQuan (Huang, 5 loosenings)
I disagree with the use of the term 'evolution' to discuss the inadequacy of emotional responses to threats. People can be successfully trained to overcome these issues. As a security professional, I know my spidey-sense has altered considerably over the years due to training and experience, and I would think that others in fields where risk assessment is all in a day's work have largely had the same experience, and, to a certain extent, this is extensible to the population at large. (For example, I find that younger employees are typically a lot more savvy about safe online usage than older employees, which is not a matter of evolution, but acculturation to technology.) The evolutionary advantage of rationality outweighs the primacy of fight-or-flight responses in trained individuals.
This looks to me like another misquoted/misunderstood Bruce Schneier sound bite. Not much to see here.
#!
I'm estimating my risk in an East African village 100,000 in the future. Forget about London.
Virginia is for lovers. EVE is for griefers.
Schneier is neither an evolutionary biologist nor a neuroscientist. Why is his bad opinion on these matters news?
Are you adequate?
People want the easy way. Security and "the easy way" are often at odds.
Case in point...I was in a hospital ER the other day, waiting in the room (for a very long time), and I looked at the computer in the room. I noticed that someone affixed a sticker to the keyboard tray with (presumably) the windows domain login info. Had I wanted to, I could have logged in and probably gotten to all kinds of medical records. Someone from the hospital's CIS department would probably poop a brick if he saw that.
People are lazy, and security folks constantly have to toe the line between making things hard enough to be secure but not so hard that it's just easier to find the loopholes.
blah blah blah
"Originally from New York City, Schneier currently lives in Minneapolis, Minnesota. Schneier has a Master's degree in computer science from American University and a Bachelor of Science degree in physics from the University of Rochester. Before Counterpane, he worked at the United States Department of Defense and then AT&T Bell Labs."
I don't see anything about "behavioral psychology" or "evolutionary biology" in there.
So, sorry Bruce, but you're not qualified to make that statement with any authority, and frankly, your position as an expert on security should make you more wary of voicing lay opinions about subjects in which you have no expertise.
I only go to buffets for the unlimited soft serve.
I don't think thats the case. I think its just that culturally we fear what we don't understand and are being taught to be stupid and proud of it. Biology and evolution have nothing to do with it. We can learn these concepts we just willingly refuse to for religious and ideological reasons.
He's a security guy, not a biologist. His list (I must not be well today, I'm actually RTFAs) is correct; e.g., 3000 deaths this century in the US from terrorism and 40,000 every single year on the highways, but OMG ITS TEH TERRAISTS!
However, although he's well versed on security his grasp of evolution is even slimmer than mine, and I'm no biologist, either. The only way evolution would come into play would be if computer security had the effect of killing us before we had children. Clearly, the security of your home PC is NOT going to keep you from procreating. In fact, considering the stereotype of us nerds it's arguable that knowing how to secure a PC is counter to evolution! After all, evolution is all about getting laid.
I'll demonstrate with two real people: me, and a woman I know.
It is possible that I have a lot of kids in Asia I don't know about, but for the sake of argument lets say I only have the two girls that came from my ex-wife's uterus.
Both of my children are living, and grown. Neither has children of their own.
Linda, OTOH, had 14 kids, 13 of which are still alive. She trumps me in the evolution game 13 to 2. I lose, she kicks my ass in the Darwin game. But she can't even boot a computer, and while Bruce Schneider could likely root my box with impunity, I built the damned thing from spare parts.
There is no possible way to "evolve" computer security. Schneider should stick to computers and shy away from fields in which he isn't an expert.
-mcgrew
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
There were in South Africa anyway.
#!
Security solutions have to be designed around usability. If usability isn't the #1 or #2 consideration, it will increase the failure rate of the humans involved and you'll end up with an insecure system in practice regardless of the technical merits of the security methods.
The crude animal impulses present in the vast bulk of humanity are masked by the accumulation of accomplishments by extremely rare geniuses. Skim off the top 1% of creative freethinkers, and humanity wouldn't be all that different from any other species on this planet. Our feelings about what is or is not secure are easy to game with scary stories and special effects. Our desire to live peacefully in a democracy can quickly be overwhelmed by a relatively small threat, such as by a group of underfunded Islamic crazies living in a cave with a shoebox full of box cutters and 19 airplane tickets. It wouldn't take much of a jujitsu move for an effective terrorist to scare the bulk of the American people to quickly decide that fascist rule was in their interest. Humanity's easily-meddled-with irrationality is our Achilles Heel. For example, since 9Eleven America has turned away many brainy and creative people who used to contribute to our greatness. Now those people go elsewhere, making other places great.
The flag just makes more sense than the constitution. - Judas Gutenberg
The real problems are, in no particular order:
1) A lot of people are either stupid or uneducated.
2) A lot of people don't bother to think.
3) A Lot of people are sheep and believe what they're told by marketing.
4) A lot of people are lazy.
I guarantee you this covers the vast majority of the problems with IT security. It's not biological evolution, though you could make a good argument for societal devolution being the problem.
Is there anything on which Bruce Schneier is not an expert? Now he's an expert on evolution? I'm not sure why he thinks his knowledge of cryptography qualifies him to hold forth on every freaking subject on the planet.
What I'm listening to now on Pandora...
Witness the post-it notes under the keyboard to remember a password. :-)
If you read Schneier's regular blog, you'll see that he regularly talks about security topics in general, not just IT security. The tagging of this talk as being narrowly related to that may be a case of inaccurate reporting; given what Schneier regularly talks about, I'd have been surprised if his talk hadn't covered non-IT security topics.
Are you adequate?
I guess people are running around in some sort of Darwinian intellectual enlightenment these days. I've been seeing bad evolution and artificial intelligence references all over the place recently. It's only a matter of time until some jack-off writes about a darwin 2.0 semantic web
Anyway...the issue with security isn't that people aren't "evolved" enough to use it, it's just that the solutions presented to the masses are garbage. You don't implement something in a way which makes it difficult to use, then say that people are just too dumb to use it. The solutions needs to evolve, not the people.
Help me take back Slashdot. When did 'News for Nerds' become 'FUD and Conspiracy Theories for Extremist Nutjobs'?
Time to get rid of planes (not snakes, just the planes), frozen yoghurt and tv. I can't see how any of that is in our genetic makeup. If we should fly, I'm sure we'd have evolved some wings by now.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I suppose we need the repetition though.
I'm not sure what the hell you're talking about. Are you saying that B.S is an evolutionary biologist? I think he'd be a bit surprised to be so described, since as far as I know, his background is almost entirely compsci and crypto (and physics).
Mine on the other hand is primarily cognitive science, which, as it happens, does include a bit of neuroscience, more than enough to dispel the whole "patchwork" assertion. And while my formal training in evolutionary biology is somewhat lacking, I think the uncontestable claim that humanity is a competitive animal will be seconded by anyone with even the weakest background in biology.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
On the other hand, why *should* we evolve for IT security? It's not like there's a Darwin Award waiting for the dumbest user or admin. There's no evolutionary advantage for comp sec aware folks... unless we start creating some, like opening up safety related systems to the wild. Mmmm, how about wireless interfaces to the internal networks of cars, or to household appliances like gas stoves? Or the charge circuitry of Li-Ion batteries? That'll teach the noobs.
thegodmovie.com - watch it
- Your expensive OS has security flaws that you can drive a mack truck through? Patch it or buy the new version of the same.
- Your mailbox is flooded with special offers on discount viagra? Install a spam filter to block the messages.
- Oops, the filter isn't catching the newer offers for discount software? Update the filter or buy the newest version of the same.
- Oops, the filter isn't catching the new stock offers that are flooding your inbox now? Another update, of course.
When of course, these all have much better solutions, if only people actually worked on the source of each respective problem. Hint, its not filter / firewall rules.Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
"The brain is still in beta mode, it's got all sorts of patches and workarounds. It's not perfectly created, it's clearly evolved up." If your brain is so imperfect and patchy, and you know so little about it, why should anyone listen to your opinion? You're using your own beta-mode noggin' to whip up a bunch a baloney, and you recklessly throw it out with such certain authority. Shameful.
"The brain is still in beta mode, it's got all sorts of patches and workarounds. It's not perfectly created, it's clearly evolved up." See, even God uses Windows.
:wq
Wow. You truly are entertaining. Here, have some more rope. I'm sure you can find an entertaining way of hanging yourself again.
Those who can, do. Those who can't, sue.
"You do realize that, outside of biology, evolution is usually used metaphorically, right?"
YOU do realize that in this case, WE ARE ACTUALLY TALKING ABOUT BIOLOGY, RIGHT?
I see why you posted AC.
I only go to buffets for the unlimited soft serve.
Sexual reproduction decides when the organism goes live, and marketing decides when the product goes live.
You can't take the sky from me...
That's exactly how a (fallacious) argument from authority is usually constructed.
You can't reliably judge an argument on the basis of the perceived expertise of the speaker, since it's entirely possible that they may know more than you think.
-- The act of censorship is always worse than whatever is being censored. Always.
Anyway you should only trust Humans V1.0 after SP1 has been released.
Engineering is the art of compromise.
"That's exactly how a (fallacious) argument from authority is usually constructed."
No it isn't.
In this case his argument is an OPINION, which is directly reliant on his expertise.
If there were an absolute truth here, you would be correct. You are not, because there isn't.
I only go to buffets for the unlimited soft serve.
People are very quick to confuse inbred and conditioned behavior, because it can be hard to distinguish.
Calling a behavior inbred is usually a cop-out: if it's inbred, then we can't do anything about it, so we can stop thinking logically about it and just attribute it to bad human wiring. It's the lazy person's way to end an argument.
I suggest to you, that someone who has been brought up in an environment where trust is treated like the complex subject that it is, will do better than someone brought up in an environment filled with deceit and denial.
Our brains haven't evolved a single way to solve problems; That's why we're as successful as we are as a species, is that our brains can evolve and solve new problems as they come up.
This guy demonstrates a severe lack of understanding of the subject, which is odd given who it is.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
"Hm, my troll detector just went off."
Stop pointing it at yourself?
I only go to buffets for the unlimited soft serve.
"How much money and how much trouble have we expended to go after terrorists? But how few people have they killed? It won't please anyone, but if we spent that money fighting something ordinary, say heart disease (#1 killer, last I knew), we might actually save more lives."
Maybe the money and trouble we've spent on fighting terrorism so far is precisely what keeps them from killing alot more people. More directly, how do you know what effect, good or bad, people taking their shoes off in airport security lines has on air security? Just because the TSA doesn't report its results directly to you? For all we know (you and I both) taking shoes off may have prevented hundreds of bombs from being smuggled aboard airplanes.
Just because it doesn't make sense to you personally doesn't mean its not worthwhile to do. Which I suppose is part of Bruce's actual point.
Also, you are setting up something of a false dichotomy. There is no reason why we can't spend a lot of money and trouble on fighting both terrorism AND heart disease, as well as Cancer, jaywalkers, speeders, people with too much back hair, etc. etc.
Car crashes are less scary because of familiarity, has you said, but also because you can grab the wheel, yell "look out!", or otherwise act upon your own destiny. And because of vertigo phobia. In a car, you're already on the ground: you aren't going to accelerate towards it inexorably, as planes will if they stall/run out of gas/break/hit another plane/etc.
Familiarity and statistics are just part of it.
You can't take the sky from me...
The first problem I have with this article is that it attempts to discuss two completely different topics, that of security against physical harm or risk and that of security against harm to a computer system. They really are not related. If I see a rhino charging at me I will have fear and get out of the way (if I can). In the case of a computer system, I cannot detect harm such as someone attempting to gain administrator access through a remote connection except by special software or reading logs.
The average human being is not going to dig through log files or read technical documentation to shore up possible security risks. A (sober) human being will most certainly try to get out of the way of a rhino, and it is more common sense than it is evolution: either get out of the way or get trampled to death. When it comes to IT security, the average human computer user will trust the firewall, the anti-virus software, or "that computer guru" to keep things safe.
The second problem I have with the article are the unproven assertions made:
--we got good estimating risk 100,000 years ago in an East African village
--evolution is true, and how we feel emotionally about security is a result of it
--the brain is still in beta mode
--it is difficult to estimate risk in London in 2007
I think Londoners (as are most city-dwellers I know) are street smart and savvy enough to estimate risks quite well, but maybe because all but the criminals have been disarmed and Londoners don't have the means of self-defence anymore it is perhaps harder to defend against harm?A word fitly spoken is like apples of gold in pictures of silver --Proverbs 25:11
You're drunk, aren't you.
I know I am, and I was just about to post what you did.
" 'As a species we got really good at estimating risk in an East African village 100,000 years ago. But in 2007 London? Modern times are harder.'""
So those kids in East Africa with their shiny new XOs should run rings around us westerners?
Oh, wait...
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
But in 2007 London? Modern times are harder.
Phew! I'm glad I'm in Seattle.
Comment of the year
I spent years doing technical security, but that eventually turns to box shifting. Sure, there are very clever tools out there, but what good is that going to do my clients if they still leave a laptop ready to be stolen, and use passwords an 8 year old can guess?
:-).
:-). Security is about people, and as long as we don't start from that angle a lot of people will still make a lot of money - but not address the real issue.
And that's again just the technical side. We have a setup which advises on all sorts of security, and doing the anti-kidnap coaching is a serious eye opener for someone who's been living on the command line. It puts it all in perspective (although the driving part is *seriously* cool to do just for the hell of it
IMHO, security is NOT a process (I know this is sacrilege
I've started coaching CEOs on security, privacy and IT, and that works because it impacts decisions in a positive way. But we've got a little while to go yet..
Insert
"IT Security Not Evolved for Humans".
pb Reply or e-mail; don't vaguely moderate.
What an ignorant, insensitive ass. Please, do tell, how could the response have been better managed? A shooter on the loose for weeks taking out random targets at will. Response out of proportion?
I think of the woman shot in the head standing next to her husband while loading their car after shopping. Ponder for a moment, the emotion involved in that single death. The intensity of that moment. A few deaths indeed.
There's a reason the Amish don't have cell phones, and it's not *just* because of religious reasons, though that's a big part of it. The Amish see something like this as getting between people. Face it: how many times have you, in person, been put "on hold" for someone on a cellphone? Basically they don't like what it would do to their community.
:>
In this case, the same is true. Metaphorically like giving a hot rod to a teenage boy, you can't always trust'im to be _wise_ or _polite_ as to the operation of the car....and this is a realization of the same thing, on a grander scale.
In a similar vein, what's the first thing that gets illuminated when you hand a child a flashlight? YOUR face.
--- For a good time mail uce@ftc.gov
As much as I respect Bruce, but here he's got it the wrong way around.
If people can't cope with the way something works, then are the people at fault, or the way we built that thing? Or, in more practical terms: Which part can we change? So where should we direct our energy and creative thinking?
Humans are the way they are. The way to change them is called education, takes several generations for any major change, and is fairly uncertain and not yet fully understood.
Assorted stuff I do sometimes: Lemuria.org
But you're assuming that there is one 100% fool-proof security system out htere, that once our researcher discovers what it is, they will put it in place and all will be secure. That isn't the case in physical airport security any more than it is in computer security. In the real world, and computing, security is more like an onion. It has many layers, some closer to others. Worse, in both cases you evolve towards better security using trial and error.
I would argue that taking off your shoes does indeed do something: it prevents terrorists from sneaking in bombs in their shoes. Furthermore, it doesn't really hinder useability of the system all that much, so I would say its a pretty good tradeoff. It is one less exploit "they" can use against our system. Think of it as a patch, if that helps. You don't run an unpatched IIS 3 server, even if nobody is seriously using any exploits against IIS 3 anymore.
"The true solution is to stop pissing people off who would be terrorists, and stop allowing them to fuck up our economy and SUCCEED at the terrorism. Terrorism only works when your target is afraid of you."
I agree that would be a good solution, but it is also not a realistic solution since it would only work on Fantasy Island.
So he made fun of you for being a coward instead of answering your question. And now you're stalking him for petty revenge. If anything, this backs up his opinion that AC's aren't worth responding to. Fortunately for him, he can just set his preferences so he'll never see your posts again.
You are reading a copy of my copyrighted post.
Yes, there are too many security efforts evaluate risks badly; that aim to rigorously closing systems to guard against supposed known threats, piling security measure on security measure, while leaving the back doors wide open. The equivalent of people who are afraid of flying, but drive recklessly while drunk.
However, I think that many misguided security measures are inspired at least as much by self-protection as by bad evaluation of risks. People often know that they are not addressing all the real risks. But they assume that as long as they stick to policy, and "even better" ridiculously over-design to cover every possible risk explicitly mentioned in the policy, they can't be blamed when things to go wrong. Some junior technician is not going to challenge policy laid down from above, just because it has giant gaping loopholes. He or she is just going to follow it, and apres nous le deluge. And the policies in turn are often written by people who focus on past incidents, not future risks, because what's behind you is more likely to bite your ass.
Governments regulate aviation safety very tightly because they can get a lot of criticism when there is a fatal accident. But car accidents that cause more casualties overall, are considered a normal part of life, and people rather resent additional safety measures, so governments are much less inclined to take strict measures to reduce them. That's not caused by short-sighted risk evaluation (at least not necessarily on part of the government) but by plain politics.
You can see it any form of modern engineering; measures designed not to reduce risk, but to reduce liability. Of course I don't know whether the same principle was applied in communities of pre-historic hunter-gatherers, but my somewhat pessimistic view of humanity induces me to assume that it did. And I would not be surprised if the same behavior was discovered in chimpanzees.
It is even possible that that behavior actually has a background in the evolution of our brains. The ability to blame someone else when things go wrong, must be of considerable advantage to the spread of your genes.
It is interesting to note that those who are most competent at IT security are least likely to reproduce.
Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
I once heard Neal Stevenson give a similar talk. http://db.tidbits.com/article/05951
He drew pie charts labled "threat model" where 99% of the chart was "hyenas."
Today, our threat models are a bit more complex.
http://www.anu.edu.au/people/Roger.Clarke/DV/NotesCFP2K.html#Steph
junpei wikipedia
FYI this is why they check our shoes for explosives. Notice the sheet metal: The explosion literally rips a hole through it!
Life is not for the lazy.
Like many first-generation tools, the internet exposes us to risk. Think electricity, tall buildings, surgery.. we just haven't figure out how to build a safe internet yet.
In the case of automobiles, probability is high but the impact is low. It's the other way around in aircraft failures.
Doesn't the impact happen at ground level either way?
And for that reason you gave, I think we have to conclude that computer UIs suck for security.
For example: Someone gives you a crypto key on a flash drive. You plug it in and look at the contents... a teensy nothing of a file that just opens in a text editor. The OS doesn't try to push any of our evolutionary buttons with regard to this very important object.
Or how about task lists? They'll show you what/who is using the CPU, but won't do the same for a network interface. The user must take it upon themselves to become educated and install tools like nettop and such.
Also, most GUIs won't give you a clue about the data/executable status of a given file (unless you keep opening the properties/info window). So we get lots of trojans posing as jpeg files and proliferating like mad. OSes are only now starting to (inelegantly) deal with this problem.
These are examples of bad design from a security standpoint.
Why bother with security at all then with that attitude? No system is going to be 100% perfect anyway, so why bother at all. What are we going to do? tear down all the airports, scrap all the airplanes and rebuild it all from scratch with an eye for security? Not going to happen. You are totally correct that us looking out for our best interests is the root of the problem, but the problem with that problem is that us looking out for our best interests necessarily means that we aren't looking out for the interests of others. That's why I said your idea was unworkable. It would be nice if world relations were a zero-sum game, but that's just not how the world works.
Now, that being said, I just wanted to say I do get what you're saying. We could probably do alot to improve security by trying a little harder not to be dicks to people in other countries. But that's neither completely possible, nor will it solve it entirely.
"we need to stop with the meddling in the middle east to the extent we have been (Afghanistan = good idea, Iraq = bad idea), work on our image as a nation and then encourage people to stop being scared of the bogeyman, and start paying attention to the REAL dangers that our arrogance and national policy are causing."
I agree with you 110% there, and I'll raise you we should also cut all ties with Israel. But I have news for you, that still isn't going to solve the problem. There are just bad people in the world, who want what we have. worse, there's some that just don't plain like us for no real discernible reason. And no amount of being nice to them is going to convince them otherwise. And its just too easy to make your point by taking down an airliner or three.
Maybe that's why they're "running scared" from the Storm Worm!
http://it.slashdot.org/article.pl?sid=07/10/24/1532240
Remember that Will Smith movie Independence Day? If that movie is a true to life indication (which I believe it is), then super advanced aliens aren't evolved for IT security either.
Don't trust a bull's horn, a doberman's tooth, a runaway horse or me.
Young people learn at amazing rates. Some people keep learning stuff much longer but are a very tiny minority.
We are Turing O-Machines. The Oracle is out there.
This has *NOTHING* to do with brain evolution. Period. It has everything to do with modern attitudes, perceptions, and beliefs, as influenced by modern events, cultures, and happenings.
This is a prime exmaple of someone trying to sound smart about something they obviously aren't.
IT security has nothing to do, even remotely, with brain development OR evolution (other than the fact we had to develop the skills necessary to use/develop computers/machines/technology).
Humans *ARE* evolved for these types of thing, just hardly anybody wants to spend the amount of time necessary to counter every security threat that gets thrown at them.
Idiot.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Weren't Human 2.0 The Cybermen?
Humans have not been intelligently designed for IT security!
Read the Bible!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Guess what, in a Lemon market, all the Lemons get sold and only a few of the good products, the IT market most often is a "Lemon market", and that explains why the best products don't always come out on top.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
"Maybe because everyone involved in an air plane crash usually dies. Automobile deaths are much less. "
Thank you for proving Bruce's theory exactly. You don't think that automobile deaths are that common, when in fact 119 people die on the roads every DAY. 43,443 people died on the roadways in 2005 alone, and this is only in the United States! Pretty sure airplane deaths are FAR less...
http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year
What do you expect? The human brain is still running on OS "Homo Sapiens 2.0". It hasn't had an upgrade (or even a patch) since the last ice age. Networking is slow and undependable, memory is prone to faults (or even false data), graphics quality varies wildly, it sometimes ignores input and returns the same results constantly, and if you hit it too hard it shuts down and has to be rebooted. The only thing going for it really is very good parallel processing. Sadly, some people are still running on "Homo Erectus 1.0".
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
Yes, it's harder. we're competing with ourselves much more fiercely and more often. We're up against our own brains, and that is the fatal limitation.
The eternal struggle of good vs. evil begins within one's self.