Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/hexadecim8/statuses/109330911895862594">Hexa (hexadecim8@infosec.exchange)'s status on Saturday, 12-Nov-2022 21:57:27 JST</a><a href="https://infosec.exchange/@hexadecim8" title="hexadecim8@infosec.exchange"><img src="https://gnusocial.jp/avatar/24555-48-20240130112344.webp" width="48" height="48" alt="Hexa" style="position: absolute; left: 0; top: 0;">Hexa</a></section><article><p>I have heard this opinion that infosec should pay attention to web 3.0 applications like NFTs and cryptocurrency, and it's something we do have to talk about. </p><p>First of all, the tenor of the argument is that the infosec community owes web 3.0 applications expertise by default, I guess, by virtue of the fact that people will use it and deserve to be protected when they use it. This argument might make sense elsewhere, but there are limitations to this.</p><p>My argument is, we have no responsibility to secure obvious scams just because there are users who will engage in scams.</p><p>For example, imagine if Bernie Madoff was using an insecure chat app to communicate with the victims of his ponzi scheme. Is the infosec industry expected to rush in and tell Bernie he should be using an encrypted and community audited chat app for his operations? I would argue, no.</p><p>When the overall operation is rife with fraud, securing the operations of that fraud is not an obligation. Feel free to disagree with me.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/437429#notice-726181">In conversation</a><time datetime="2022-11-12T21:57:27+09:00" title="Saturday, 12-Nov-2022 21:57:27 JST">Saturday, 12-Nov-2022 21:57:27 JST</time> <span>from <span><a href="https://infosec.exchange/@hexadecim8/109330911895862594" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@hexadecim8/109330911895862594">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/266457">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Hexa (hexadecim8@infosec.exchange)'s status on Saturday, 12-Nov-2022 21:57:27 JST Hexa
I have heard this opinion that infosec should pay attention to web 3.0 applications like NFTs and cryptocurrency, and it's something we do have to talk about.
First of all, the tenor of the argument is that the infosec community owes web 3.0 applications expertise by default, I guess, by virtue of the fact that people will use it and deserve to be protected when they use it. This argument might make sense elsewhere, but there are limitations to this.
My argument is, we have no responsibility to secure obvious scams just because there are users who will engage in scams.
For example, imagine if Bernie Madoff was using an insecure chat app to communicate with the victims of his ponzi scheme. Is the infosec industry expected to rush in and tell Bernie he should be using an encrypted and community audited chat app for his operations? I would argue, no.
When the overall operation is rife with fraud, securing the operations of that fraud is not an obligation. Feel free to disagree with me.
In conversationSaturday, 12-Nov-2022 21:57:27 JST from infosec.exchangepermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice