The sociology of IT
2005-03-28 19:21![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
flexibeastFor those of us who are trying to educate users to take a more pro-active approach to IT security1, the article "How to sell your self for a song" makes for very disturbing reading. A recent survey found that:
This follows another recent survey, in which it was discovered that people "Will trade passwords for chocolate".
This might not be such an issue if such stupidity only affected the stupid themselves, but unfortunately, it doesn't. Users' irresponsible attitude towards security, combined with the the plethora of security flaws in the various incarnations of Microsoft software (such as Windows), is allowing malfeasants to take over people's PCs and make them 'zombies': PCs which are not only under the control of their 'official' users or owners, but are also (inconspicuously) under the control of the malfeasants in question. These zombie PCs can, and are, used to do such things as send spam and perform what are known as 'Distributed Denial of Service' (DDoS) attacks on other computers and networks: DDoS attacks result in the attacked systems becoming unusable by their 'official' users. A recent study estimated that "more then [sic] one million hosts are compromised and can be controlled by malicious attackers". But who cares, as long as one can get free movie tickets and a bar of chocolate? :-/
On a different note: i was chatting earlier today in a Linux-related chatroom, and was told by a member of the room that i was "a fucking moron" because i helped a newbie out by giving him a link to exactly the thing the newbie was after, instead of the indirect link giving by the insulter. The insulter had earlier claimed that Visual Basic had been developed on Linux and then ported to Windows; and subsequently claimed that this 'fact' is "all over the MCSE webpage". Knowing something about the history of both VB and Linux - version 1 of VB came out in March 1991, Linus' first post mentioning his 'hobby' project that would eventually become 'Linux' appeared in August 1991 - i asked my insulter for a link. Unsurprisingly, my request was met with silence.
The reason i bring this up is that it's a good example of one of the reasons i'm not particularly interested in working in the IT sector anymore: there seems to be far too many people covering up ignorance with arrogance. Especially guys: they don't want to admit they don't know something, so instead they just make up rubbish and pass it off as knowledge. Questioning this 'knowledge' can result in the sort of "proofs by intimidation" mentioned above - which hardly makes for a comfortable working environment, unless one enjoys alpha male bullshit. It also results in newbies getting inaccurate information about the systems they're working with. Sometimes this may not be a much of a problem - as is the case with the incident earlier today - but other times it can lead to the creation and/or maintenance of insecure, unstable and unreliable systems by both IT people and by end users.
And if people like my insulter, who hangs out in a Linux-related chat channel, are happy to spread IT-related misinformation in order to protect their ego, what hope is there of end-users learning at least the basics of IT security?
Update, 7.4.2005
According to this article, security firm Sophos estimates that 60% of the world's junk mail comes from zombie PCs. :-/
Update, 14.4.2005
And according to this article, people are becoming less concerned about spam. Perhaps they'd be more concerned if they realised that the huge amount of bandwidth consumed by spam forces up Net connection prices, since ISPs have to upgrade their infrastructure to cope with the load? :-/
Update, 6.5.2005
Another article from The Register, this time noting that:
1. Well, in fact, even a reactive approach would be better than most people's approach, which is to basically do nothing. :-/
Dangling the chance to win free tickets was enough to make people surrender everything needed to impersonate them. . . .
By the end of the survey, the fake researchers had everything they needed to pose as those taking part, to take out credit cards in their name and even open bank accounts.
This follows another recent survey, in which it was discovered that people "Will trade passwords for chocolate".
This might not be such an issue if such stupidity only affected the stupid themselves, but unfortunately, it doesn't. Users' irresponsible attitude towards security, combined with the the plethora of security flaws in the various incarnations of Microsoft software (such as Windows), is allowing malfeasants to take over people's PCs and make them 'zombies': PCs which are not only under the control of their 'official' users or owners, but are also (inconspicuously) under the control of the malfeasants in question. These zombie PCs can, and are, used to do such things as send spam and perform what are known as 'Distributed Denial of Service' (DDoS) attacks on other computers and networks: DDoS attacks result in the attacked systems becoming unusable by their 'official' users. A recent study estimated that "more then [sic] one million hosts are compromised and can be controlled by malicious attackers". But who cares, as long as one can get free movie tickets and a bar of chocolate? :-/
On a different note: i was chatting earlier today in a Linux-related chatroom, and was told by a member of the room that i was "a fucking moron" because i helped a newbie out by giving him a link to exactly the thing the newbie was after, instead of the indirect link giving by the insulter. The insulter had earlier claimed that Visual Basic had been developed on Linux and then ported to Windows; and subsequently claimed that this 'fact' is "all over the MCSE webpage". Knowing something about the history of both VB and Linux - version 1 of VB came out in March 1991, Linus' first post mentioning his 'hobby' project that would eventually become 'Linux' appeared in August 1991 - i asked my insulter for a link. Unsurprisingly, my request was met with silence.
The reason i bring this up is that it's a good example of one of the reasons i'm not particularly interested in working in the IT sector anymore: there seems to be far too many people covering up ignorance with arrogance. Especially guys: they don't want to admit they don't know something, so instead they just make up rubbish and pass it off as knowledge. Questioning this 'knowledge' can result in the sort of "proofs by intimidation" mentioned above - which hardly makes for a comfortable working environment, unless one enjoys alpha male bullshit. It also results in newbies getting inaccurate information about the systems they're working with. Sometimes this may not be a much of a problem - as is the case with the incident earlier today - but other times it can lead to the creation and/or maintenance of insecure, unstable and unreliable systems by both IT people and by end users.
And if people like my insulter, who hangs out in a Linux-related chat channel, are happy to spread IT-related misinformation in order to protect their ego, what hope is there of end-users learning at least the basics of IT security?
Update, 7.4.2005
According to this article, security firm Sophos estimates that 60% of the world's junk mail comes from zombie PCs. :-/
Update, 14.4.2005
And according to this article, people are becoming less concerned about spam. Perhaps they'd be more concerned if they realised that the huge amount of bandwidth consumed by spam forces up Net connection prices, since ISPs have to upgrade their infrastructure to cope with the load? :-/
Update, 6.5.2005
Another article from The Register, this time noting that:
Americans are just as blasé about password security as the Brits, according to a new survey. Two out three three people (180 of 272) approached in a downtown San Francisco street by researchers were happy to provide their password in exchange for a coffee gift card. Of those respondents that declined offering their actual password, 51 provided a clue about their password in exchange for a $3 Starbucks gift voucher.
1. Well, in fact, even a reactive approach would be better than most people's approach, which is to basically do nothing. :-/
no subject
Date: 2005-03-29 05:54 (UTC)Also you have got to love the domination through sodomy icon on Linux is for bitches *Gag*. I’m a sub so that’s my sexuality you’re messing with you stupid little fuckwit. Grrrrrrrr
no subject
Date: 2005-03-29 06:38 (UTC)As for the icon: well, i don't think the site maintainer cares much about other people's opinions and feelings. :-)
no subject
Date: 2005-03-29 06:53 (UTC)no subject
Date: 2005-03-29 07:01 (UTC)no subject
Date: 2005-03-29 07:03 (UTC):)
"but I have a girlfreind and things to get done"