[cap-talk] The Limits of POLA's Utility - Social Engineering

[David Hopwood]

Toby Murray wrote:
> David Hopwood wrote:
>> Toby Murray wrote:
>> [...]
>>
>>> The virus has exploited Bob's human weaknesses, thereby corrupting his
>>> ability to make good trust decisions. The provision of POLA hasn't
>>> helped Bob.
>>
>> I have to say that I don't see the problem.
>>
>> Bob has been hoist by his own petard; he did something illegal (or at
>> least immoral) and got caught. Tough.
>
> Yes. But I wonder if there isn't a case for building systems that
> protect users against themselves.

That's a rather political question!

I think it's completely out of scope. The current problem is that users
*cannot* protect themselves from computer security threats even if they are
absolutely incorruptible, and highly motivated to cooperate with their
system's security measures. Let's solve that problem first.


(My answer to the question if it were in scope, incidentally, would be
"No and hell no." Reducing the chance of *inadvertent* mistakes is one thing;
"protecting" users against doing things they want to do and are authorized
to do, as for Bob in this example, is another thing entirely.)

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>