Presented at
DeepSec 2014 „Do you want to know more?“,
Unknown date/time
(Unknown duration).
IT Security is in a miserable state. The problems have been discussed again and again without advancing IT Security.
Discussing the key length of AES is necessary, but not the peak of IT Security, as long as users chose weak passwords, developers implement buffer overflows and vendors deliver faulty banana software.
IT Security research did not adapt well to the challenges of IT security. Instead of focusing on fields like man-machine interaction, perception of security by users and developers or political measures like producer's liability the same simple problems are discussed again and again.
This is not surprising, since Computer Science is a trivial science and only successful because it ignores hard problems like human behaviour.
This rant will give an overview about what's wrong in IT Security and Security Research. I will show you why cryptosystems really fail, what Psychology knows about security and what IT Sec has to do if it ever wants to break the current circle jerk and start generating more security.
Presenters:
-
Stefan Schumacher
- Magdeburger Institut für Sicherheitsforschung
Stefan Schumacher is head of the Magdeburger Institut für Sicherheitsforschung (Magdeburg Institute for Security Research) and currently running a research programme about the psychology of security. This includes social engineering, security awareness and qualitative research about the perception of security.
Links:
Similar Presentations: