GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Wednesday, 27-Mar-2024 17:18:06 JST Ryan Castellucci (they/them) :nonbinary_flag: Ryan Castellucci (they/them) :nonbinary_flag:

    While I'm doing some thought leadering...

    Threat modeling should include the users as threats to themselves.

    "How could the most naive person I know use this wrong and suffer?"

    or

    "How will people actually use this, and does that violate our security assumptions?"

    Note that I do not say "stupid" here.

    The guy who used sha256("how much would could a woodchuck chuck if a woodchuck could chuck wood") as a Bitcoin private key to protect 250BTC circa 2013 was (is?) a Mensa member.

    In conversation Wednesday, 27-Mar-2024 17:18:06 JST from infosec.exchange permalink
    • Embed this notice
      Claudius Link (realn2s@infosec.exchange)'s status on Wednesday, 27-Mar-2024 18:59:24 JST Claudius Link Claudius Link
      in reply to

      @ryanc
      Additionally even the most astute person can fall for social engineering.
      And helpfully do everything the "technical support" needs to diagnose and fix the "problem"

      In conversation Wednesday, 27-Mar-2024 18:59:24 JST permalink
    • Embed this notice
      David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Wednesday, 27-Mar-2024 20:00:57 JST David Chisnall (*Now with 50% more sarcasm!*) David Chisnall (*Now with 50% more sarcasm!*)
      in reply to

      @ryanc Or, more broadly: 'What will the behaviour be of a user that doesn't think about these things'.

      The canonical example is of security dialogs where users are trained to click 'okay' without reading them, but there are a lot more things related to defaults, positions of icons, and so on.

      Unfortunately, the problem is usually not caused by people failing to think of these things. The problem is that the people that do think about these things do not have the interests of their users in mind. They are trying to manufacture consent for things that have negative impacts on their users.

      In conversation Wednesday, 27-Mar-2024 20:00:57 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.