Security and Theft
When visiting Eastern Europe I read an article in a local newspaper about a band of gypsies going through nearby villages and stealing stuff using mind manipulation techniques. As is was described it goes like this: they stop at your house asking for a glass of water and later on you realize that all cash and the jewelry in your house are gone and you don’t remember what happened. This type of theft is not specific to Eastern Europe. Street thieves around the world are actively using suggestive hypnosis to make people “voluntarily” part with their valuables. To some of you it may come as a surprise, but with the right set of skills it is pretty easy to manipulate people and make them do whatever you want them to do (although there are certain boundaries). It works on a vast majority of people. Yes it is possible to hypnotize people and program them to do things without even putting them into a trance. This area of psychology is relatively well developed and one of its modern branches is called Ericksonian Hypnosis.
Computer Security
What does this all has to do with computer security? Well, I think most of you have already guessed: the resume is that human is the weakest link of any security system. Systems based just on password protection are a joke for any serious and determined organization willing to gain access to it. Furthermore, the more people with access exist, the more susceptible the system is, even to simple social engineering. Office workers give away passwords for a cheap pen! A research shows that a whopping percentage of office workers - 90% - are willing to give away their passwords to their coworkers. Men are slightly eager to give away their passwords: 95% versus women 85%. This research of cause was not conducted at a software development company. It was done in England at one of the main railroad stations a while ago. A large number of people simply use word “password” as their office password: totaling a number in a range of 5 to 10 percent. More information on computer security and passwords you may read at http://www.dotnetthis.com
How to make a computer system more secure
What can you do to make the system you are developing more secure? The rule of thumb is: require as much as possible information for a person to be able to access the data. A smartcard badge with a owners photograph does work much better than a password. “Obscure” passwords that are hard to read out and pronounce do work better than simple passwords. Passwords that contain capital letters, signs and digits are better than simple “word-type” passwords. Requiring two passwords from two different people to access a critical piece of data works better than one password. Having two smartcards are even better. Choosing the right people of have access to the data (if you can) is equally important step. Smart people, who are self-aware, have critical thinking and quick reaction and are less susceptible to manipulation. If you are in the military or a similar organization you can even conduct a psychological evaluation of those who is going to be handling secrets. You may tell people that disclosing secrets or any sensitive info will hurt the organization badly, will get them fired and may be in some circumstances a sufficient cause to start a lawsuit against them. All this will set up a moral block in their minds, a great defense against authoritative suggestive techniques.
Page 1 of 2 :: First | Last ::  Prev | 1 2 | Next 
|
