undefined | Better HN

0 pointsewzimm9y ago0 comments

You could take that concept pretty far. There's no computer system that doesn't involve a human element (CS101). And yet some of the most clever people spend their time finding ways to hack the machine element. Their work inevitably gets understood and integrated into software, either through voluntary submissions through bug bounties or otherwise.

Social engineering has been understood for a long time, and yet we can't develop defenses in the same way we can develop defenses in software. So we have an underpaid workforce of software hackers uncovering vulnerabilities which get patched and an overpaid workforce of social engineers exploiting unpatchable vulnerabilities in the human condition.

Who is really being exploited here?

0 comments

Aelinsaar9y ago

You don't need to crack a safe if you can get the combination from the owner. You don't need to pick a lock if you can pick the key from a pocket. It also goes to the classic XKCD comic about the realities of crypto: https://xkcd.com/538/

As for why so little attention is paid to the human side, I think you said it, "We can't develop defenses the same way we can develop defenses in software." Not only that, but a human being who's brilliant in their role in your company, might be singularly unsuited to learning lessons about social engineering.

I suppose if you want a humorous and somewhat dystopian sci-fi view of how this could be managed... you ever read 'Snow Crash'?

j / k navigate · click thread line to collapse

0 pointsewzimm9y ago0 comments

Who is really being exploited here?

0 comments

Aelinsaar9y ago

I suppose if you want a humorous and somewhat dystopian sci-fi view of how this could be managed... you ever read 'Snow Crash'?

j / k navigate · click thread line to collapse