[cap-talk] The Limits of POLA's Utility - Social Engineering

Stiegler, Marc D marc.d.stiegler at hp.com
Thu Jun 8 13:58:53 EDT 2006 

> Continuing the Devil's advocate role: Thus, I think even 
> Gramma (following her rules of POLA) might still be vulnerable in some
> (unlikely) cases. What if she's had a long running dispute 
> with a neighbour. This neighbour of hers has evidence on 
> their computer that Gramma could use to win the dispute but 
> they've been unwilling to give it to her. In this case, the 
> incentive for Gramma to use the virus is there. She may even 
> feel that she's not violating the rights of the neighbour 
> because the neighbour "should" be giving her the evidence in 
> the first place (even by law. The neighbour could be acting 
> illegally by not providing the evidence). In this case, she 
> still needs to be aware of the risks though. I'm not sure 
> that Gramma's rules of POLA inform her much of the risks in 
> this case. Please correct me though if I've misunderstood them.

Granma's Rules present a very simple risk management algorithm: if you
want to be safe (within Granma's threat model), follow these rules.
Breaking these rules leaves to you exposed to danger. The rules make no
finer distinction. Break the rules, accept some unknown (possibly
unbounded) risk.

Granma, like everyone else, can choose to accept such possibly unbounded
risk if she has a purpose she considers compelling enough. 

In the actual scenario, with the additional context you just gave,
Granma would probably ask her grandson Bobby to help her. While this
might sound like a hoaky part of the scenario, in fact it is not. People
generally have someone they go to for help when some piece of equipment
fails them, someone who may not be brilliant but who is certainly
smarter about the gear than they are. The fact that one is violating
Granma's Rules to do the installation would serve as the kind of
heads-up notice that IMHO would be enough to get them to get a second,
better opinion of the details of the risk. Even poor "experts" ought to
be able to recognize that a program demanding it be installed as part of
the OS kernel is a full-breach sitting on the doorstep.

--marcs

More information about the cap-talk mailing list