funsec mailing list archives
Crap. Why didn't I think of that?
From: Valdis Kletnieks <Valdis.Kletnieks () vt edu>
Date: Tue, 17 Jun 2014 02:34:08 -0400
Oy. Vey. "Study done by Carnegie Mellon University examine the cost for an attacker to pay users to execute arbitrary code - potentially malware. User at home are asked to download and run an exe without being told what it did and without any way of knowing it was harmless. Each week they increase the payment. Study observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran the executable. Once increased to $1.00, this proportion increased to 43%. As the price increased, more and more users who understood the risks ultimately ran the code. They conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience." http://www.spywarenews.org/easiest-way-to-get-people-to-install-malicious-software-is-to-pay-them/
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Crap. Why didn't I think of that? Valdis Kletnieks (Jun 16)
- Re: Crap. Why didn't I think of that? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 17)
- Re: Crap. Why didn't I think of that? Michal Zalewski (Jun 17)