Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Eradicating the human problem

Laura Bell
December 11, 2014

Eradicating the human problem

Laura Bell

December 11, 2014
Tweet

More Decks by Laura Bell

Other Decks in Technology

Transcript

  1. People are a problem. We are tangled balls of emotional

    detritus that masquerades as a trusted member of society. Underneath this lacquered veneer of respectability however writhes a tiny pink squishy ball of vulnerability - the root of all evil, well the root of security issues anyway. Let me tell you a story, let me bend your brain and make you feel uncomfortable. I want to show you why we are all our own worst enemies, why we should never ever be trusted and security people are the worst of them all.
  2. This is not how people learn Just go ask the

    education and psychology communities
  3. WE LET children fall so that they can learn to

    stand REINFORCING BEHAVIOURS LEAD TO POSITIVE CHANGE
  4. we don't test because it makes us feel uncomfortable because

    we don't want people to get hurt because it’s hard BECAUSE WE DON’T KNOW HOW TO FIX IT because we don't want people to get fired
  5. the need to be seen the need to be accepted

    the need to be loved the need to be liked
  6. is it better to safely test and understand these vulnerabilities

    so that our people can get stronger, learn and become more resilient?
  7. Location Time stamps Sender Receiver User agent friends contacts frequency

    aliases profiles Last login Traffic rate Pw Expires? Disabled? Influence
  8. Email attacks that go beyond phishing Email phishing Internal request

    social panic Direct request External request favour authoritative
  9. The URL may be different on different messages. Subject: Security

    Alert: Update Java (*See Kronos Note) Date: February 22, 2013 *********************************************************** ************* This is an automatically generated message. Please DO NOT REPLY. If you require assistance, please contact the Help Center. *********************************************************** ************* Oracle has released an update for Java that fixes 50 security holes, including a critical hole currently being exploited in the wild. The IT Security Office strongly recommends that you update Java as User generated and publicly sourced attacks
  10. This talk should make you feel uncomfortable The humans are

    a problem Let’s do something about it