LAS VEGAS–The most vexing weakness in computer security is not in the hardware or the software, it is in the people who use the machines, according to top hackers and cyber safety specialists.
“It really is more of a human problem than a technical problem,” Dan Kaminisky of Dox Para Research said at the world’s premier hacker conference, DefCon, which ended in Las Vegas on Sunday.
Some things come to mind here:
- Knowing that people are the main risks, shouldn’t technology then adapt itself to avoid such pitfalls?
- What is technology’s purpose anyway? A lot of people have forgotten the forest that the trees make up. The main purpose of technology is to help people, and if their security is jeopardized while using it, then technology is failing.
- What it says is: People are the stupid parts in the security equation. I bet you could make that statement 50 years ago, and 50 years after, and it’d still be true. The term “They’ll always invent a new kind of idiot” holds true forever, from the past, to today, to decades later when people forget to secure their sleeping pods using the DNA-key in the spaceships they live in.
I’d be the first one to rant how difficult it is to educate users. I’ve had clients who are just so frustratingly daft (sorry but that really is the word), and I’ve had to support users who resist the urge to learn new stuff. I’m serious when I say they resist. It’d actually be better if I see they’d reach their intellectual high-point, and could grasp no more, but I’m convinced that they just flat-out do not want to learn.
But it’s happened so many times that I’ve realized, it can’t possibly be their fault altogether. Many times the type of software has a lot to do with it, like a word processor or an OS, and although at that moment I couldn’t pinpoint any particular fault it had, I could see that there are other software / hardware situations where the users just get it, understand it and start using it almost instantaneously.
THe point I’m getting at is this: blaming the users is a lazy thing to do, a quick blame-all scapegoat for whenever things go wrong. Who’s to say that any given security failure would not have been avoided if better thought were put into its design? Given that the reason is equally to blame on tech and the user’s inability to grasp it, tech should always be the first to blame because it’s supposed to adapt to people, and not the other way around.
powered by performancing firefox