Skip to main content

Learning Log 4

They say that the human mind is the most complex computing device in the world (although that analogy is simply not true, since a brain isn’t really a computer as a certain article says that a brain does not process information as opposed to a computer). A three-gigahertz processor asks for directions on what to do three billion times per second, seems like a lot, then add the fact that a single computer nowadays require more than one of these processors. It almost seems insurmountable, until the brain comes in. The brain with its nuances, its folds, its ability to simply do the irrational, easily surmounting these processors. Were we to rank these processors (although the article attribute to above says that the brain does not process info), the brain would always come out on top.

Ironically enough, in a security infrastructure, the brain, and the human who owns it, is the system’s greatest vulnerability.

Unfortunately, the thing that makes us humans – irrationality, from which imagination stems – is the source of this weakness.

People have been exploiting this weakness from time immemorial (e.g. con men). In the case of security, these people are exploited, banking on a person’s emotions to overtake logical thought.

How is this done? People gather information about this person. In most cases, a significant degree of the person’s trust is gained through clever manipulation. Some people gather info through garbage data (dumpster diving), while a rather funny case where a person was given a cause for alarm caused her to simply give important credentials signifies that sometimes a simple injection of emotion can supersede rational thought.

This is social engineering, a method used by a lot of people as a means to various ends. It has been shown to be particularly costly.


It makes me rather paranoid though. What if someone gains implicit information by simply looking at my wittybuny.com and buzzfeed.com test results. I mean, in this test it said that if I were cheese, I’d be gorgonzola! Can social engineers get something useful out of that?   

Comments

Post a Comment

Popular posts from this blog

Learning Log 5

We were given an exercise about the RSA Algorithm and the Diffie Hellman Algorithm. In the RSA Algorithm, I found a way to find the value of the  d  variable that is easier than guessing. It is by using the Extended Euclidean algorithm. In Diffie Hellman, I believe I haven't found an easier way to find the values of the variables. All in all, I learned how to understand and use these algorithms. I am excited to learn more algorithms for security.
Post a Comment
Read more

Learning Log 2

A part of our lesson in cryptography is the password policy and it gave me a different perspective on how account passwords are being secured. As what I've learned, passwords are the weakest type of authentication but it is the most commonly used. From my observations, companies handle the passwords differently. Some may be stricter than the other. I have an account from a website and when every time I try to reset my password, it asks for a unique one than the recent ones I've used. This proves that they handle the user's password history strictly. That kind of security may be annoying but they I guess they just want to avoid hackers. The recommended password to have is the one that's long, having caps and not, special characters, and numbers. The more complex your password is, the more hard it is to get hacked. I plan to change my usual password to a more complicated one asap. 
Post a Comment
Read more