Security awareness, security breaches, and the abuse of “stupid”
- Monday, February 20, 2012, 12:42
- Threat Research
Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better.
Consider the phenomenon of people posting photos of credit cards on Facebook, a sort of self-inflicted security breach. Your first reaction might be "Is that stupid or what?"
In my opinion the "or what?" is a fair question, one that I thought about this President's Day, a day when a lot of credit cards in America get a good workout (with the notable exception of the one in this picture).
Note that what you're seeing is a doctored version of what actually appeared on Facebook, where the details on the front of the credit card were clearly visible. These have been masked in this screenshot, along with other identifying information (I have tried to find out who produced the above image in order to give them credit, as it were, but so far I've not succeeded).
Also note that the person who posted the pic does not seem to be the card owner, so it's not a case of "stupid kid posts photo