Too Many Security Warnings Results in Complacency

Posted on August 4, 2009 at 6:55 AM • 48 Comments

Comments

MikeAugust 4, 2009 7:16 AM

I totally agree, but is there supposed to be some content other than the title?

NickAugust 4, 2009 7:28 AM

So if more people warn Bruce that there is no content except the title, will he be less likely to care?

Captain ObviousAugust 4, 2009 7:28 AM

No, there isn't supposed to be any content.

You don't want us getting complacent due to lots of warnings, do you!?

Clive RobinsonAugust 4, 2009 7:36 AM

@ piratebrido,

"Is this some kind of psychology trick he is playing on us?!"

Great minds think alike ;)

It reminds me of a question on a Uni psychology paper,

"Is there any need for human curiosity?"

One lady student was reputed to have got full marks on the question for answering,

"Need you ask?"

What I never found out was if she included an ink blot or not ;)

FOKAugust 4, 2009 7:52 AM

To receive these entries once a month ... It would be nice to receive such warnings every month. Or isn't this only advertisement for Bruce's newsletter?
I Think we all will know more after a while. :-)

TynkAugust 4, 2009 7:53 AM

I think I will go with the classic Schrödinger's blog post.

By opening the page you disturbed the posts superposition and forced it into a "title only" state in which it now resides.

Clive RobinsonAugust 4, 2009 7:56 AM

Which further reminds me...

I was once told,

"If you want to understand women watch cats, and as for men well watch dogs"

He had a point that with a little observation you might come to appreciate ;)

Anothe point he once made to me was this,

"It is often said that a woman hunts the man she want, and once caught the first thing she wants to do is change him.

Well if you wish to be caught prepare ahead, be a rouge with a soft heart and atleast two hobbies.


The first is something you actualy don't mind that alows you a shared interest that she will likwise not mind joining in with. It has to show your "feminine side" with "macho flare" something like chief style cooking or sauce making (but not apeman barbi food cremation ;)

The second hobby you have no real interest in at all and is something like fishing, bird watching but most definatly not train spotting. That gets you out of the house for long periods and all over the place at any time.

But most importantly can be used by her to 'change you' whilst also being used for trading points."

It appears from experiance to be sound advice ;)

But hey I'm left brained and as he also observerd when I asked why left handed people where never used in psychology studies his reply was,

"The trouble with you lefties is your brains are not wire right"...

SteveJAugust 4, 2009 8:00 AM

Should be:

/!\ Too many security warnings results in complacency:

OK Ignore

|_| Always do this from now on.

IanAugust 4, 2009 8:06 AM

"I don't know what you're talking about," I say as I light up my first cigarette of the morning.

And if too many security warnings results in complacency...too much content results in confusion on days like this!

Fun, amusing post, intended or otherwise.

thedudeAugust 4, 2009 8:08 AM

Im really starting to like Clive R's typos.

rouge rogue etc

seems like he didn't used to make them as much,

I guess its the tiny keyboard on that phone.

Not AnonymousAugust 4, 2009 8:17 AM

Actually, do you really need more than the headline? Could you imagine more than a few words of text to go with it? (Knowing that Bruce probably does.)

bobAugust 4, 2009 8:22 AM

@thedude: world of warcraft (WoW) has a class called a "Rogue". They have an ability called "lockpicking" which is in fairly high demand. I believe I see MORE people asking for a "Rouge" to do lockpicking than I do "Rogue"...

@Clive: Why not trainspotting?

SeanAugust 4, 2009 8:22 AM

Not so much complacency, as fatigue. Despite patch management software, keeping up on each and every software package or component installed on a computer network means more time spent on an activity that provides no revenue, and while it's important because it prevents loss of revenue, it serves to choke off your ability to stay in business.

BryanAugust 4, 2009 8:28 AM

To expand on SteveJ's post, Bruce talked about this at Black Hat and Defcon. In one example he mentioned how SSL certificate expiration warnings are useless because it doesn't really matter.

Section9-BateauAugust 4, 2009 8:37 AM

Hardly the first time this has happened, I recall a year or two ago I was reading a post from my bank, and he had forgotten to close a HTML tag, result was no visible text (but still viewable in source, which I don't see being the case this time)

Carlo GrazianiAugust 4, 2009 8:49 AM

Bruce Schneier is so studly, he can generate a 30-comment blog post thread just by typing a title.

Brent LongboroughAugust 4, 2009 9:13 AM

Too Many Security Warnings Results in Complacency

... in the same way that ...

Superstition Brings Bad Luck

(Raymond Smullyan)

TynkAugust 4, 2009 9:18 AM

@Brent Longborough

No, he means in the way that a corporate email once a quarter labeled "Corporate Security Policy Update" will be read by many more people then the same email sent out once a week.

Maybe Rich WilsonAugust 4, 2009 9:21 AM

And Clive didn't link his name either. Clive on a mobile device or ..... fake Clive?

GelfAugust 4, 2009 9:50 AM

I used to be concerned about too many security warnings triggering complacency, but then people kept warning me about it and nothing much happened, so I just kind of ignore them now.

Petréa MitchellAugust 4, 2009 11:10 AM

Did Movable Type give you a warning that it was going to eat your blog entry? :-)

SteveJAugust 4, 2009 11:30 AM

More to the point, does Movable Type *always* warn you that it might eat your blog entry?

Clive RobinsonAugust 4, 2009 1:43 PM

Hmm in reverse order,

@ Bruce,

"Hmmm, Movable Type ate my blog entry."

As teacher would say, in that frosty "Miss Broadie" voice,

"Mr Schneier do not make unbelievable excuses, you have failed to submit your work on time, go and sit at the back"... 8)

@ Maybe Rich Wilson,

"And Clive didn't link his name either. Clive on a mobile device or ..... fake Clive?"

Well I hope not "fake" that would never do, but the little mobile device I have been using for nearly 18months is getting really slow and the battery does not hold much of a charge. So due to this and the fact I've managed to get mobile broadband to work (using a strange lash up of a 600-2700Mhz Log Periodic Dipole Array connected to a patch antenna glued onto the broadband dongle). I'm starting to use my Acer Aspire One Netbook which I've loaded Linux onto (I really like the Acer I've the dark blue one and the nurses and other YL's I've met all think it looks more like a fashion accessory than anything Apple make 8)

Which brings me onto,

@ thedude,

"I guess its the tiny keyboard on that phone."

Unless I can find a replacement I like then in a few days I will be migrating from the mobile to the Linux netbook and broadband, which has a "spull chequer" in the Firefox browser (weirdly it thinks firefox is spelled incorrectly, go figure...).

So sadly some of my more entertaining typos will be a thing of the past. But... do not forget there is that wonderful little problem of write/right spelling wrong word that you get with these "light/lite" spell checkers so you might still not have a quiet/quite life from my typos, then of course I could change from the UK dictionary to the US dictionary just to "colourize" things a bit 8)

Oh and if anybody is thinking of getting a broad band modem the size of a USB pen drive "FGS Don't" they are rubbish (especially the ZTE MF627 from 3G in the UK) Basically the antenna inside is a folded up bit of track in a plastic block and it's less use than a piece of damp string the same length.

Get yourself one of the phones with a built in modem and USB connector they have a much larger antenna don't over heat and you can (in the UK) get some very good rates.

@ bob,

"Why not train spotting?"

Well I'm assuming you do not live in the UK let us say that here train spotters in the traditional sense (not as in the film) are often used as figures of satire depicted as having issues with sartorial elegance, personal hygiene, diet and the opposite sex....

You can see a "girly night out" on a Friday after work, the girls from the office are starting to dish the dirt on the men in their lives. You have Samantha who's shall we say quite popular with the lads in the office because they think she has "talent" (though the boss thinks she's not the brightest light bulb in the corridor) and Annabell who looks like a mouse on top of a bean pole with long brown hair and glasses and the lads in the office are more likely to hang their coats on her than say good morning (the boss hardly notices her except for the fact she gets just about anything done quickly and above all quietly).

Samantha : Hey Annabell I hear you've got a feller at last, what's his name?

Annabell (embarrassed) : Kevin he's really sweet.

Samantha : What's he like doing?

Annabell (self consciously) : Well you know bloke things he tinkers with old motor bikes and the like.

Samantha (with a smirk) : So he's good at stripping down to the basics then?

Annabell (goes bright red) : err emm I suppose so.

Samantha (with suggestive movements) : So you going to bring him up the club tomorrow night then?

Annabell (without thinking) : No he's in Crew tomorrow train spotting

Samantha (regurgitates her BMW up through her nose and nearly collapses with a fit of giggles as she gasps out) : Did you say he's a train spotter?

As they say "not much street cred"...

ShaneAugust 4, 2009 4:29 PM

Haha, I'm glad that this will live on in the etherlands. This must be preserved for all to see.

BernieAugust 5, 2009 5:18 AM

Is anyone else starting to think that Clive Robinson is the most successful AI ever created?

Clive, whether you're a human or an AI, I'd rather talk to you than to most people on this planet.

BTW, what planet are we on? (If I only knew what day of the week it is.)

Paul RenaultAugust 5, 2009 5:47 AM

Darn, I didn't see this one early enough to post a smart-ass comment before Bruce's explanation.

Darn!

Clive RobinsonAugust 5, 2009 5:59 AM

@ Bernie,

"Is anyone else starting to think that Clive Robinson is the most successful AI ever created?"

Does this mean I have failed the Turing test?

Oh dear what can I say in my defence?

How about,

If it has feathers like a duck,
If it waddles like a duck,
Webbed feet like a duck,
A beak like a duck
And quacks like a duck,

Do you trust your instincts or get a Vet to tell you it's a goose?

Clive RobinsonAugust 5, 2009 6:15 AM

@ Buce,

"Hmmm, Movable Type ate my blog entry."

So in my best John Cleese "head master" voice ( http://latimesblogs.latimes.com/washington/2008/04/john-cleese-of.html )

Mr Schneier, Miss Brodie has reported to me that you claimed your work was eaten by "Movable Type" which she doubted. Well on investigating I received the following,

filemtime() [function.filemtime]: stat failed for /htdocs/www/blog/templates_c/%%2A^2A9^2A9DE3F0%%mt%3A119.php

It would appear that there is indeed a glitch with the system and as a result we have decided that your late submission shall count as valid work.

Err hmm, well I'm sorry that the veracity of your story was doubted and hope that no hard feelings have resulted (holds out left hand to shake).

BernieAugust 5, 2009 10:44 AM

Clive asked, "Does this mean I have failed the Turing test?"

Didn't you read the rest of my post? You have most certainly passed the test while I cannot say the same for most humans. (I just don't have much in common with humans.)

Clive RobinsonAugust 5, 2009 1:57 PM

@ Bernie,

I was being a little tongue in cheek as several people have questioned if it's "the real Clive" or a "fake" in some way 8)

But from a philosophical perspective how does a human pass the Turing test?

It is something that I will think about after a couple of pints of "muscle relaxant" at the Great British Beer Festival this week 8)

BernieAugust 6, 2009 5:25 AM

@Clive,

I being a little goofy too.

On a serious note, the Turing test reminds me of Asimov's laws of robotics. They are simple, easy-to-grasp concepts that most people don't realize are actually quite difficult (if not completely impossible) to implement.

PS: Don't forget peanuts and a towel.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..