[GTALUG] Comparing Expert and Non-expert Security Practices

Sun Oct 18 21:42:23 UTC 2015

On 18 October 2015 at 17:13, Hector <gtalist at bell.net> wrote:

>
> Hi all, thought to share. A little bit old but according to it.. using
> Linux is in the top 10 things to do to stay safe online :p yay.
>
> Any of you follow any particular order?
>
>
> https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf
>
> Hector
>

The reasons WHY the various practices are/are not effective are pretty
interesting.

The differences described between "expert" and "nonexpert" are pretty
interesting too.

A place worth going is to explore *why* a password manager is good to use.
(Actually, that's probably a good topic for a talk.  Anybody got experience
with
the gamut of password managers running on Linux???)

Non-expert users have little faith in password managers, seemingly because
they
don't understand with any depth how they would be secure.

This takes me back to university; we had a module in my Management
Accounting #1 course on Linear Programming...  It was kinda neat, and,
as someone that has studied the math behind it, I'd wish I could use LP
for solving some management accounting problems.  But the typical
management accounting student (as well as, as it happens, our
instructor!) doesn't have any idea why linear programming works,
with the consequence that, in industry, nobody's prepared to entrust
anything to it.

It's not a leap to see common application there...  If the mechanism seems
"too magical," to the point that it's difficult to have any intuition about
how
it functions, it's tough to trust it.

An interesting *new* thing is the fact that we now have some new platforms
with fresher behaviours vis-a-vis upgradability.  And I'm not sure it helps
teach better lessons.  I can commonly press a button and upgrade the
apps on my Android mobile phone, which ought to be better than the
creaky upgrading of Windows and Windows apps, right???  Sometimes
there's the right lesson.

Alas, sometimes (iOS 9.0.2, I'm looking at you!!!) the upgrades include
downgrades of functionality, leading users to the horrid conclusion that
they shouldn't trust vendor upgrades to be improvements.

-- 
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20151018/3da5cdbe/attachment.html>