How Stupid People Really Are

[Reloadron]

Every now and then my department manager will approach me over a project or new system in the design stages. Mike is a great guy and we have always gotten along well, Mike is also of Mechanical and not Electrical nature. Mike is very big on making a design foolproof. Now while I agree with Mike sometimes foolproof can be difficult. After I reach a point I generally reply with it is impossible to make anything foolproof because fools are very ingenious people.

Just about monthly we receive these little security messages that deal with matters of security. Many are a good read with assorted articles on espionage and all sorts of stuff. The following is one part of several articles I received today. The entire article is long but this opening is humorous and clearly shows how stupid people are:

Human Errors Fuel Hacking as Test Shows Nothing Stops Idiocy
By Cliff Edwards, Olga Kharif and Michael Riley - Jun 27, 2011 1:48 PM CT /Bloomberg

The U.S. Department of Homeland Security ran a test this year to see how hard it was for hackers to corrupt workers and gain access to computer systems. Not very, it turned out.
Staff secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60 percent plugged the devices into office computers, curious to see what they contained. If the drive or CD case had an official logo, 90 percent were installed.

“There’s no device known to mankind that will prevent people from being idiots,” said Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp. (CSC)

The test showed something computer security experts have long known: Humans are the weak link in the fight to secure networks against sophisticated hackers. The intruders’ ability to exploit people’s vulnerabilities has tilted the odds in their favor and led to a spurt in cyber crimes.

In real-life intrusions, executives of EMC Corp.’s RSA Security, Intel Corp. (INTC) and Google Inc. were targeted with e-mails with traps set in the links. And employees unknowingly post vital information on Facebook or Twitter.

It’s part of a $1 trillion problem, based on the estimated cost of all forms of online theft, according to McAfee Inc., the Santa Clara, California-based computer security company.

The article goes on in great depth but go figure huh? Sixty percent plugged the devices in and when an official label was added, ninety percent plugged the device in.

Yes, you can't make it foolproof.

Ron

 

[jpanhalt]

Absolutely true. I was involved in ensuring clinical laboratory quality for most of my professional life. Human errors are orders of magnitude more common as the cause of reported errors than are instruments and reagents. Yet, virtually all regulations and standards (e.g, ISO, NCCLS/CLSI) address mainly the instrument and reagent sources of error.

John

 

[Reloadron]

I just would not have guessed the numbers would be so high. The 60 and 90% is what blew me away.

Ron

 

[jpanhalt]

Remember the old P.T. Barnum story about how he got people to exit an exhibit? He posted a sign saying, "This way to the egress." The dummies thought it was another exhibit. If you put a hole in a fence, people will look in it. There are some nice comedy routines based on that. In brief, it is curiosity without thinking.

I am not at all surprised by the 60% to 90% number. And, I'll bet the number is not a lot different for IT professionals. When I was at a university, the "love bug" virus got started. Basically, it got into your e-mail address book and sent "I love you" messages to every address, along with spreading the infection. When I checked my e-mails one morning, there was an "I love you" e-mail from the director of IT. He was the last person in the world I would have expected an "I love you" from, so I never opened it and reported the potential virus. Obviously, he had taken the bait from someone and gotten infected.

John

 

[atferrari]

No hope in my case

I always believed that all messages received from unknown senders would be discarded by my secretary without doubt.

Few months ago, just by checking the discarded email file I realized that she, from times to times, open those with appealing subjects and THEN discard them. It took time to educate myself on that but I am afraid is impossible to have her refraining from being curious. No hope!

BTW, posting in Facebook or whatever isn't the equivalent of talking with friends of what you do and how you do it?

 

[KeepItSimpleStupid]

As the saying goes: You can't make things Idiot proof because you can always find a better idiot.

 

[Boncuk]

Please wait a while until I'm a complete idiot.

 

[Ashford]

*laughs hysterically* I could just imagine those people installing a software they know nothing about and saying, "well at least it has a label"

 

[Reloadron]

*laughs hysterically* I could just imagine those people installing a software they know nothing about and saying, "well at least it has a label"

Where I am at if you compromise anything on any of the networks you are toast. You are gone and face fines and possible imprisonment. They take that sort of stuff rather seriously.

Ron