Stiglo pismo, ali nije otvoreno nego šifrovano. U napomeni stoji da je poučno. Hajde da se zabavimo i da ga otvorimo tj. dešifrujemo.
Evo sadržaj pisma:
- Maksa mi je sugerisao ovu izuzetnu ilustraciju. Hvala!
- Informacije su tu negde.
Edit: 21.09.2012. u 22:25
All security is a weakest link problem. Employers have to trust their workers; there is no reasonable alternative. However, all too often, employers fail to realize that risks posed by trusted personnel are highly dynamic and must be actively managed. Often, employers assess employee risk only once - at the time of hire. Unfortunately, employees with decades of tenure are capable of the unthinkable if they're having trouble making the mortgage payment next month. Moreover, as employees' roles' change, their access to sensitive information and level of supervision must be re-evaluated to actively manage the acceptable level of risk.
As the Information Age generations make up more and more of the workforce, their perspectives risk devaluing information as a proprietary resource. Problems arise when employees treat data casually, sharing widely, emailing socially, and taking valuable information with them when they leave.
When a security mechanism presents a standard "hard" way through and an alternative "easier" way through, the bad guys will always target the easy way.
In the cybersecurity world, automated ("self-service") password reset mechanisms are the norm and are a perfect example of this phenomenon. They're used because they are quick, economical and convenient for both the account issuer and the user. We've all used them - click the "I forgot my password" button and I'm either sent an email or prompted to answer a few personal questions. Unfortunately, the security of the alternate (reset) mechanism is often weaker than the password, and as such the reset mechanisms have become attractive targets. Just ask the numerous Hollywood starlets that have recently had their mobile accounts compromised via this mechanism. Social networking sites have made it easy for bad guys to guess the answers to common "personal security questions" such as the name of your street growing-up, high school mascot, etc.
In any system where humans play an integral role, vulnerabilities due to human nature will permeate. Any realistic security system creates redundancies and redoubts that address both technical and human vulnerabilities.
Kao dodatak i ilustracija:
Article about a kid who was/is part of the UGNazi hacking group and his participation in "social engineering":
Thanks to my colleague Matt Linney.