Information Security News mailing list archives
Why E-Mail Trojans Work So Well - The "Homer Simpson Syndrome"
From: William Knowles <wk () C4I ORG>
Date: Mon, 8 May 2000 09:11:12 -0500
Forwarded by: Richard F. Forno <rforno () taoiw org> Why E-Mail Trojans Work So Well - The "Homer Simpson Syndrome" Richard F. Forno rforno () taoiw org Essay 2000-03 5 May 2000 It's been rather busy at the office these days, and as a result, this will be a very short commentary. I will not go into a lengthy discourse about why having one giant software company's excruciatingly-insecure e-mail software running (or disrupting) our world organizations is a bad thing. I will not go into details about why Visual Basic Scripts are a very bad thing for IT staff, and I will not go into details about why in God's name we as seasoned computer professionals continue to march like lemmings towards a single-source IT environment that is proven time and again to be unstable, insecure, and as we've seen all-too-often, very easy to exploit for malicious purposes. Outside of mass chaos, the result of these ILOVEYOU events makes the security vendors smile as their stock prices rise while they scramble to sell and deploy knee-jerk "solutions" to futilely-attempt to correct what I believe is a fundamental and technology-enhanced flaw in the human condition. Having said that... Let me ask a simple question. Do you receive tons of unsolicited postal mail every year? I am talking about stuff ranging from un-marked white envelopes addressed to "Resident" to the jazzy "You've Been Pre-Approved!" credit card letters to the infamous Publishers' Sweepstakes entry forms with all the flourishes and pomp of a well-deserved certificate of achievement. How many of these envelopes do you open when you receive them? I often tear them up and toss them in the trash. As far as I am concerned, most of the people and organizations that I want to correspond with provide me full names and addresses on the envelope, and don't try to trick me into opening the envelope through clever logos, messages, or official-looking (but totally bogus) stamps, seals, or stickers. Let me ask another question. Didn't our parents tell us not to talk to strangers? So, why are we doing the exact opposite in cyberspace? We get a message from someone we may or may not know claiming that the SENDER LOVES YOU. Okaaaaay...if it's from someone I know in my office, why didn't they engage me in small-talk in the hallway, cast a playful eye in the kitchen, or 'accidentally' bump into me at the last holiday party? Why would this person chose to send me an email message saying they love me when it is such a cold, impersonal medium to get a romantic point across? And, if this note came from someone I have never heard of, why should I give it more than a passing glance as I push the "delete" key as I scanned the subject line? Why should I have the need to open the message to see what else this person is talking about? Sadly, my experience as an IT professional is that people assume the glare of the monitor in front of them somehow 'protects' them from falling victim to cyber-pranks like Melissa or ILOVEYOU. Given that assumption, the human brain slowly shuts its common-sense areas off to conserve bandwidth. The end results are evident in the Melissa, RingZero, ILOVEYOU, and the Next Great E-Mail Incident. I dread how quickly this next Incident will travel - ILOVEYOU spread around the world like wildfire, and made our current benchmark for incident response - the Morris Worm - look like a kindergarden prank. Don't our systems administrator repeatedly tell us to never, EVER open e-mail attachments from folks we don't know or are not expecting? But we do. We want to see what's inside that this person sent to us. As humans, we all love to get mail - it makes us feel important and not as ordinary and insignificant as we really are in the Grand Scheme of The World. So, we click the attachment and open/run/execute the latest Visual Basic Script and watch out -- some very great/weird/odd (insert your adjective here) things or events soon follows, often with catastrophic results. Given that, I must concede that the average computer user is a lot like the FOX cartoon character Homer Simpson. I mean, we all KNOW not to talk to strangers. We are WARNED almost weekly by our IT staff and the media not to open e-mail attachments we are not expecting, not to download programs from the Internet before scanning them for virii, never plug modems into networks behind the firewall...and we fully UNDERSTAND why such actions are bad for us. But we still do it. This brings to mind the classic Simpsons episode where Homer - slouched on his couch watching television - keeps trying to eat a potato chip. Every time he raises his hand to his mouth, a dog snatches the chip from him; Homer boorishly exclaims "doh!" and tries again. Rather than stand or move to a place where the dog can not get to him to steal the chip (e.g., learn from the errors in the procedure he eats his chips), he complacently stays in his sofa and keeps trying to ("doh!") keep the ("doh!") chip away from the ("doh!") dog but the ("doh!") dog keeps snatching the ("doh!") chip from poor Homer's hands until the box of chips is empty. Like Homer and the dog, we will never be able to easily facilitate a change in our ways, even on the side of caution, since such change is often inconvienient, uncomfortable and often requires us to THINK. We still ride (not walk) our bikes across the busy intersection, run with scissors, and eat our meals too quickly. Software "features" aside, we will continue to have ILOVEYOU-types of events because as people we want to read the next email sent to us...it makes us feel "needed" in this allegedly "protective" world behind our monitor's addictive glare. It's in our nature to strive toward community interaction - often without a second thought. And that will be our technological undoing. Article (c) 2000 Richard Forno. All Rights Reserved. Author and Book Information available at www.infowarrior.org. Contact the author at rforno () taoiw org. Reference to Homer and The Simpsons (c) by FOX. ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Why E-Mail Trojans Work So Well - The "Homer Simpson Syndrome" William Knowles (May 08)