http://tant.livejournal.com/ Vitty - LiveJournal.com Sat, 26 Dec 2009 00:16:54 GMT LiveJournal / LiveJournal.com tant 1544490 personal http://l-userpic.livejournal.com/95813137/1544490 http://tant.livejournal.com/ 100 99 http://tant.livejournal.com/38093.html Sat, 26 Dec 2009 00:16:54 GMT http://tant.livejournal.com/38093.html Совершенно неожиданную для меня позицию <a href="http://www.schneier.com/blog/archives/2009/12/intercepting_pr.html"> занял </a> Брюс Шнайер в <a href="http://online.wsj.com/article/SB126102247889095011.html"> нашумевшей </a> истории. Нет, я даже во многом с ним согласен. Но от Шнайера... не ожидал. Видимо, надо прочесть <a href="http://www.schneier.com/book-sandl.html"> вторую </a> книгу. http://tant.livejournal.com/38093.html public 1 http://tant.livejournal.com/37707.html Fri, 18 Dec 2009 14:48:28 GMT http://tant.livejournal.com/37707.html <a href="http://picasaweb.google.com/lh/photo/03tC51j-yHRyM1Ld7qZwTw?feat=embedwebsite"><img src="http://lh5.ggpht.com/_6Eeon9biidk/SyuV8M1RIxI/AAAAAAAAD94/MpblHCaCIfo/s288/18122009150.jpg" /></a> http://tant.livejournal.com/37707.html public 0 http://tant.livejournal.com/37437.html Sat, 12 Dec 2009 22:46:32 GMT http://tant.livejournal.com/37437.html (via <span class='ljuser ljuser-name_avva' lj:user='avva' style='white-space: nowrap;'><a href='http://avva.livejournal.com/profile'><img src='http://l-stat.livejournal.com/img/userinfo.gif' alt='[info]' width='17' height='17' style='vertical-align: bottom; border: 0; padding-right: 1px;' /></a><a href='http://avva.livejournal.com/'><b>avva</b></a></span>)<br /><br />Cormac Herley, Microsoft Research:<br /><br />It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak<br />passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users’ rejection<br />of the security advice they receive is entirely rational from an economic perspective. The advice offers to<br />shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort.<br />Looking at various examples of security advice we find that the advice is complex and growing, but the benefit<br />is largely speculative or moot. For example, much of the advice concerning passwords is outdated and does little<br />to address actual treats, and fully 100% of certificate error warnings appear to be false positives. Further, if<br />users spent even a minute a day reading URLs to avoid phishing, the cost (in terms of user time) would be two<br />orders of magnitude greater than all phishing losses. Thus we find that most security advice simply offers a<br />poor cost-benefit tradeoff to users and is rejected. Security advice is a daily burden, applied to the whole<br />population, while an upper bound on the benefit is the harm suffered by the fraction that become victims an-<br />nually. When that fraction is small, designing security advice that is beneficial is very hard. For example, it<br />makes little sense to burden all users with a daily task to spare 0.01% of them a modest annual pain.<br /><br />(<a href="http://research.microsoft.com/en-us/um/people/cormac/papers/2009/solongandnothanks.pdf"> статья целиком </a>)<br /><br />Вообще, скорее соглашусь. http://tant.livejournal.com/37437.html public 0 http://tant.livejournal.com/37240.html Tue, 08 Dec 2009 23:57:14 GMT http://tant.livejournal.com/37240.html Хотел было удалить пост про <a href="http://tant.livejournal.com/36599.html">школьный проект</a>, но передумал. Пусть висит для истории, мы хорошо тогда поработали. http://tant.livejournal.com/37240.html public 0 http://tant.livejournal.com/36599.html Mon, 20 Oct 2008 20:56:21 GMT http://tant.livejournal.com/36599.html <div><p><a href="http://freeschool.altlinux.ru/?p=573" target="_blank"><img src="http://freeschool.altlinux.ru/maps/map_big.png" border="1" alt="Карта внедрения СПО в школы РФ"></a></p></div> http://tant.livejournal.com/36599.html public 2