[cryptography] SSL is not "broken by design"

Eitan Adler lists at eitanadler.com
Tue Sep 20 20:37:59 EDT 2011


> It has been a very long time since I had virus or trojan on my home
> computers.  The only time my website was hacked, someone had socially
> engineered my email password out of microsoft.
>
> So it is not apparent to me that the node is the problem.

http://www.rickwash.com/papers/rwash-homesec-soups10-final.pdf

Different people perceive security differently and react to threats
differently. Often times educating people doesn't change any action of
the individual. In order words: Security is increased by designing for
the way humans actually behave instead of getting people to behave in
a different way.

>  My wife knows
> nothing about computers.
> ...

Anecdotes are not evidence. There are have been many studies which
show that user education of this form rarely works.




> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>



-- 
Eitan Adler



More information about the cryptography mailing list