From Schneier on Security…
Bruce Schneier contributes this very thought-provoking post from the first “Security and Human Behavior” workshop, prompting a discussion of how perception and human psychology affect not only the way people assess their security, but the way security professionals devise solutions for problems. Schneier asserts that “[m]any real attacks on information systems exploit psychology more than technology. […] Technical measures can stop some phishing tactics, but stopping users from making bad decisions is much harder. Deception-based attacks are now the greatest threat to online security.” Agree or disagree?
From Rational Survivability…
VirtSec Not A Market!? Fugghetaboutit!
Christofer Hoff responds to the current discussion among bloggers of whether or not virtualization security is a market unto itself. Hoff’s position: VirtSec is simply the next step in the evolution of the existing InfoSec market.
From Security Fix…
Forty Percent of Web Users Surf With Unsafe Browsers
Some interesting statistics here – from a Swiss study revealing that nearly half of Internet users over an 18-month period were not using the most updated, currently patched version of their web browsers. Brian Krebs at Security Fix takes a stab at explaining why: most browsers have a woefully inadequate process for pushing updates to their users.