Re: informIT: Modern Malware

[Martin Gilje Jaatun <secse-chair () sislab no>]

On 2011-03-23 00:57, Andy Steingruebl wrote:
> On Tue, Mar 22, 2011 at 8:41 AM, Gary McGraw<gem () cigital com>  wrote:
[...]
> > malware" as the AT&T guys sometimes think…you use it to find the kinds of bugs that malware exploits to get a toehold 
> > on target servers.  One level removed, but a clear causal effect.
> Interestingly, your article only covers malware that gets installed by
> exploiting a technical vulnerability, not malware that gets installed
> by exploiting a human vulnerability (social engineering).  I've been
[...]

As someone once said: Idiot-proofing is difficult because the idiots are 
so ingenious...

I'm not sure if we really can protect ourselves against "stupid users" 
through secure coding. Marcus Ranum opined 5 years ago that even 
educating users is pointless, opting for some way of punishing them 
instead:
http://www.ranum.com/security/computer_security/editorials/point-counterpoint/users.html 


Can we idiot-proof computer systems without crippling them for the rest 
of us?

-Martin
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________