Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Is cryptography becoming less important?

Kyle Maxwell krmaxwell at gmail.com
Thu Feb 28 18:18:20 PST 2013


On Thu, Feb 28, 2013 at 5:30 PM, Richard Brooks <rrb at acm.org> wrote:
>> So organizations get compromised by well-meaning users who click on a
>> link in an email or slip up and use an insecure connection, and while
>> we can ameloriate that to a certain extent with code, we really need
>> to think more about how to make it easier for users to make the
>> "right" choices versus the "wrong" choices.
>>
>
> Too often this is phrased as "users should know better." But,
> to be honest, I think most anyone could be fooled by a well
> planned spear-phishing attack. Last year it got RSA security,
> ORNL, Lockheed-Martin, and the entire state of South Carolina.

State-affiliated actors use this frequently, yes, as I'm sure many on
this list can attest. But if we make it more difficult for users to do
the "wrong" thing, then the attackers have a more difficult time.
Hopefully we eventually change the cost/benefit calculation, but
that's probably best for another separate discussion.

On topic, though, if attackers can easily convince a user to run code
through deception or similar means, then all the crypto in the world
won't matter. And I hope that the linked article missed some context,
because if Rivest et al. only realize recently that the CA PKI is
irretrievably broken, we're way behind.

-- 
Kyle Maxwell [krmaxwell at gmail.com]
http://www.xwell.org
Twitter: @kylemaxwell



More information about the liberationtech mailing list