Why IT Security Is Fucked Up And What We Can Do About It
iSpeech.org
Stefan Schumacher is head of the Magdeburger Institut für Sicherheitsforschung (Magdeburg Institute for Security Research) and currently running a research programme about the psychology of security. At DeepSec 2014 he shares his thoughts on the state of information security with the audience:
"IT Security is in a miserable state. The problems have been discussed again and again without advancing IT Security.
Discussing the key length of AES is necessary, but not the peak of IT Security, as long as users chose weak passwords, developers implement buffer overflows and vendors deliver faulty banana software.
IT Security research did not adapt well to the challenges of IT security. Instead of focusing on fields like man-machine interaction, perception of security by users and developers or political measures like producer's liability the same simple problems are discussed again and again.
This is not surprising, since Computer Science is a trivial science and only successful because it ignores hard problems like human behaviour.
This rant will give an overview about what's wrong in IT Security and Security Research. I will show you why cryptosystems really fail, what Psychology knows about security and what IT Sec has to do if it ever wants to break the current circle jerk and start generating more security."
Likes: 2
Viewed:
source
Gloss