[cap-talk] The Limits of POLA's Utility - Social Engineering
Toby Murray
toby.murray at dsto.defence.gov.au
Wed Jun 7 00:09:14 EDT 2006
Micah Brodsky wrote:
>Hmmm... Genuinely amusing. :)
>
>I'm not sure this is a POLA problem, in the sense that a user has every
>right to delegate their authority for ill purposes. However, a system that
>helped the user maintain better awareness of what authority was being
>invoked and in what way might be a reasonable countermeasure. In the spying
>example, the fact that communication from the virus to Alice's machine was
>frequent even when Bob was not invoking it could be a red flag.
>
>
Good point.
>That being said, I think a real take home message is that problems like
>botnets aren't going away with better client-side security. Just as CAPTCHAs
>are now foiled by recruiting humans to solve them in exchange for porn,
>botnets could well be replaced with "pornnets" or "wareznets". Humans may
>always be the weakest link.
>
>
>
Indeed.
--
Toby Murray
Advanced Computer Capabilities Group
Information Networks Division
DSTO, Australia
IMPORTANT: This e-mail remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
Crimes Act 1914. If you have received this e-mail in error, you are
requested to contact the sender and delete the e-mail.
More information about the cap-talk
mailing list