Schneier on Security

A blog covering security and security technology.

« Airplane Security | Main | Limitations on Police Power Shouldn't Be a Partisan Issue »

December 1, 2005

The Human Side of Security

A funny -- and all too true -- addition to the SANS Top 20:

H1. Humans
H1.1 Description:

The species Homo sapiens supports a wide range of intellectual capabilities such as speech, emotion, rational thinking etc. Many of these components are enabled by default - though to differing degrees of success. These components are implemented by the cerebral cortex, and are under the control of the identity engine which runs as me.exe. Vulnerabilities in these components are the most common avenues for exploitation.

Posted on December 1, 2005 at 1:01 PM • 21 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Nils Kalchhauser • December 1, 2005 1:19 PM

my identity engine does not run as a win32 exe...

Eli • December 1, 2005 1:41 PM

"my identity engine does not run as a win32 exe..."

I think some people run that under wine...
I agree; I prefer an OpenMind, though I am particular about what patches I accept. Hmm... compiling...

Porter • December 1, 2005 1:55 PM

I've always considered this Layer 8 of the OSI model...The Carbon Layer.

Davi Ottenheimer • December 1, 2005 2:03 PM

PEBKAC

Josh • December 1, 2005 2:23 PM

I saw a woman outside who I think was running with open ports...

Grady • December 1, 2005 2:34 PM

Rational thinking is an optional upgrade, and has been known to cause conflicts with other modules.
Note that the FLOPS that any given cerebral cortex is capable of varies wildly and is only somewhat dependent on the manufacturer.

CP • December 1, 2005 2:53 PM

I find that I am at my most vulnerable state when I have a buffer overflow of beer.

Trev • December 1, 2005 2:56 PM

I had a waking dream once that I couldn't boot in the morning - lines of assembler kept running past my eyes and then I'd crash, everything would go black, and it would start again from the beginning. It was quite vivid, and was starting to turn into a nightmare before I finally woke!

Scary, I've always had a vague concern about the nature of reality after reading a book - Counterfeit World, by someone I don't remember, as a kid. The real world turned out to be a simulation, but scarily, the real world above was as well ...

Trev

John Heijmann • December 1, 2005 4:17 PM

We as human beings are influenced by viruses that are normally invisible for us but they can enter through microscopic small ports. All kinds of security we use to prevent, defend and eliminate these organisms don't stop them really. It is an neverending way of struggle for life. Viruses need us and we need them. So let us be happy about it because that is the living nature. Our 'human application software (awareness)' should realize it.

Mike • December 1, 2005 4:27 PM

"PEBKAC"

How so very true ...

Not-JF • December 1, 2005 4:47 PM

ME.EXE is a .NET Framework application, hence, there's really nothing to worry about...

Ilfak Guilfanov • December 1, 2005 5:44 PM

If the least privilege principle were applied systematically the H.1 vulnerability factor would be much more limited than today...

David Harmon • December 1, 2005 5:46 PM

Trev: A bit of Google-searching yields:

Counterfeit World, (1964) aka Simulachron-3 by Daniel F. Galouye,
movie version The 13th Floor (1999).

An info site for the (late) author is at:

http://www.severing.nu/galouye.htm

havvok • December 1, 2005 6:01 PM

"ME.EXE is a .NET Framework application"

Unfortunately the performance of me.exe was a bit of a let down compared with Native code :)

jammit • December 1, 2005 6:12 PM

I know I shouldn't do this, but it's just easier to run jammit as root.

Pat Cahalan • December 1, 2005 6:34 PM

/sbin/patd

I run as a daemon.

Z • December 2, 2005 5:41 AM

Anyone who thinks they are *not* 'living' inside a simulation, had better visit this website.

Enjoy!

http://www.simulation-argument.com/

Delores Quade • December 2, 2005 7:24 AM

@ Z:

In reading the abstract on How to Live in a Simulation:

"ABSTRACT. If you might be living in a simulation then all else equal you should care less about others, live more for today, make your world look more likely to become rich, expect to and try more to participate in pivotal events, be more entertaining and praiseworthy, and keep the famous people around you happier and more interested in you."

It appears to me that an overwhelmingly large percentage of our World DOES believe we are living in a simulation, whether they admittedly recognize it or not, based on trends and behaviors. :-)

dq.

yODAT • December 2, 2005 10:18 AM

I upgraded from ME.EXE to a 64 bit version of SELF.EXE compiled for VMS AXP. So far it has been extreamily stable and I am the sanest person I know.

Davi Ottenheimer • December 2, 2005 10:51 AM

@ yODAT

funny, i was just about to toss my books on VMS (it seemed awfully DEC-adent to just hang on to them any longer) when i read your comment. the more things change...

Pat Cahalan • December 2, 2005 12:43 PM

> DEC-adent

Oh, God, we're not going to turn into a bunch of punsters around here, are we?

Post a comment

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

Subscribe via Kindle

Blog Menu

Search

Powered by DuckDuckGo

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M J
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D