Skip to main content

Learning Log 4

They say that the human mind is the most complex computing device in the world (although that analogy is simply not true, since a brain isn’t really a computer as a certain article says that a brain does not process information as opposed to a computer). A three-gigahertz processor asks for directions on what to do three billion times per second, seems like a lot, then add the fact that a single computer nowadays require more than one of these processors. It almost seems insurmountable, until the brain comes in. The brain with its nuances, its folds, its ability to simply do the irrational, easily surmounting these processors. Were we to rank these processors (although the article attribute to above says that the brain does not process info), the brain would always come out on top.

Ironically enough, in a security infrastructure, the brain, and the human who owns it, is the system’s greatest vulnerability.

Unfortunately, the thing that makes us humans – irrationality, from which imagination stems – is the source of this weakness.

People have been exploiting this weakness from time immemorial (e.g. con men). In the case of security, these people are exploited, banking on a person’s emotions to overtake logical thought.

How is this done? People gather information about this person. In most cases, a significant degree of the person’s trust is gained through clever manipulation. Some people gather info through garbage data (dumpster diving), while a rather funny case where a person was given a cause for alarm caused her to simply give important credentials signifies that sometimes a simple injection of emotion can supersede rational thought.

This is social engineering, a method used by a lot of people as a means to various ends. It has been shown to be particularly costly.


It makes me rather paranoid though. What if someone gains implicit information by simply looking at my wittybuny.com and buzzfeed.com test results. I mean, in this test it said that if I were cheese, I’d be gorgonzola! Can social engineers get something useful out of that?   

Comments

Post a Comment

Popular posts from this blog

Learning Log 1

We were given a group activity that tested our knowledge in security. The one that was given to us was a grocery store with only two guards as their security, no CCTV or whatsoever, and they rely with the "honesty system" which lead them to lose merchandise that cost 10K pesos a month. That loss has been happening for 6 months. My group and I thought about solutions that cost zero cash so every recommendations are more on adjusting how the employees should work. I thought about the whistleblowing system where person raises concern about a wrong doing when he/she sees one. During our presentation, our professor said it was creative of us to put it as our solution, the whistleblowing system. He even said that companies would be happy to us since our solutions are cost-free. All in all the presentation went well. In the last lesson, I've come to realize that not all top privileged users are allowed to access all the resources. Mandatory Access Control (MAC) having labe...
1 comment
Read more

Learning Log 5

We were given an exercise about the RSA Algorithm and the Diffie Hellman Algorithm. In the RSA Algorithm, I found a way to find the value of the  d  variable that is easier than guessing. It is by using the Extended Euclidean algorithm. In Diffie Hellman, I believe I haven't found an easier way to find the values of the variables. All in all, I learned how to understand and use these algorithms. I am excited to learn more algorithms for security.
Post a Comment
Read more

Learning Log 3

I realized that laws can either aid you or jail you from your doings. Each law has their own category making them somewhat unique from each other. The laws discussed which are statutory, administrative, common, civil, criminal. I learned that a court would follow the precedent cases to make a decision. For example, the court decides to give lethal injection to a murderer. The next case would have a large chance of giving a lethal injection to a murderer since it has been done before. This is called the common law and it could replace statutory laws. Privacy, a subjective term in every individual. Privacy can depend on one's culture that is why the thought of privacy is complex. Laws of privacy can even contradict to others. A law may aid you, another may jail you.
Post a Comment
Read more