Skip to main content

Learning Log 4

They say that the human mind is the most complex computing device in the world (although that analogy is simply not true, since a brain isn’t really a computer as a certain article says that a brain does not process information as opposed to a computer). A three-gigahertz processor asks for directions on what to do three billion times per second, seems like a lot, then add the fact that a single computer nowadays require more than one of these processors. It almost seems insurmountable, until the brain comes in. The brain with its nuances, its folds, its ability to simply do the irrational, easily surmounting these processors. Were we to rank these processors (although the article attribute to above says that the brain does not process info), the brain would always come out on top.

Ironically enough, in a security infrastructure, the brain, and the human who owns it, is the system’s greatest vulnerability.

Unfortunately, the thing that makes us humans – irrationality, from which imagination stems – is the source of this weakness.

People have been exploiting this weakness from time immemorial (e.g. con men). In the case of security, these people are exploited, banking on a person’s emotions to overtake logical thought.

How is this done? People gather information about this person. In most cases, a significant degree of the person’s trust is gained through clever manipulation. Some people gather info through garbage data (dumpster diving), while a rather funny case where a person was given a cause for alarm caused her to simply give important credentials signifies that sometimes a simple injection of emotion can supersede rational thought.

This is social engineering, a method used by a lot of people as a means to various ends. It has been shown to be particularly costly.


It makes me rather paranoid though. What if someone gains implicit information by simply looking at my wittybuny.com and buzzfeed.com test results. I mean, in this test it said that if I were cheese, I’d be gorgonzola! Can social engineers get something useful out of that?   

Comments

Post a Comment

Popular posts from this blog

Learning Log 1

We were given a group activity that tested our knowledge in security. The one that was given to us was a grocery store with only two guards as their security, no CCTV or whatsoever, and they rely with the "honesty system" which lead them to lose merchandise that cost 10K pesos a month. That loss has been happening for 6 months. My group and I thought about solutions that cost zero cash so every recommendations are more on adjusting how the employees should work. I thought about the whistleblowing system where person raises concern about a wrong doing when he/she sees one. During our presentation, our professor said it was creative of us to put it as our solution, the whistleblowing system. He even said that companies would be happy to us since our solutions are cost-free. All in all the presentation went well. In the last lesson, I've come to realize that not all top privileged users are allowed to access all the resources. Mandatory Access Control (MAC) having labe...
1 comment
Read more

Learning Log 5

We were given an exercise about the RSA Algorithm and the Diffie Hellman Algorithm. In the RSA Algorithm, I found a way to find the value of the  d  variable that is easier than guessing. It is by using the Extended Euclidean algorithm. In Diffie Hellman, I believe I haven't found an easier way to find the values of the variables. All in all, I learned how to understand and use these algorithms. I am excited to learn more algorithms for security.
Post a Comment
Read more

Learning Log 6

Learning how to use pfSense gave me an idea to use it for my home internet, especially, when I'd have my future kids. Blocking websites that are not intended for minors is a good way to hide content that are only for adults. For me, it is another way to avoid phishing websites and etc. In our lecture, the topic physical security was being taught. It actually gave me a new perspective on how buildings handle their security. Like what kind of door should be used for fire exits which should be made of light timber and knowing that there are different kinds of water sprinklers that best fit a situation. There are numerous ways on how to secure a building but standards should be followed at least. No steel doors for fire exits, please. In another lecture, it was like a review of our previous subject. We should take note of the broadcast domain and the collision domain of each network device (Hub, switch, and router). Setting up an environment for example, a company, needs firewalls ...
Post a Comment
Read more