Why IT Security Is Fucked Up And What We Can Do About It

Presented at DeepSec 2014 „Do you want to know more?“, Unknown date/time (Unknown duration)

IT Security is in a miserable state. The problems have been discussed again and again without advancing IT Security. Discussing the key length of AES is necessary, but not the peak of IT Security, as long as users chose weak passwords, developers implement buffer overflows and vendors deliver faulty banana software. IT Security research did not adapt well to the challenges of IT security. Instead of focusing on fields like man-machine interaction, perception of security by users and developers or political measures like producer's liability the same simple problems are discussed again and again. This is not surprising, since Computer Science is a trivial science and only successful because it ignores hard problems like human behaviour. This rant will give an overview about what's wrong in IT Security and Security Research. I will show you why cryptosystems really fail, what Psychology knows about security and what IT Sec has to do if it ever wants to break the current circle jerk and start generating more security.

Presenters:

• Stefan Schumacher - Magdeburger Institut für Sicherheitsforschung
  Stefan Schumacher is head of the Magdeburger Institut für Sicherheitsforschung (Magdeburg Institute for Security Research) and currently running a research programme about the psychology of security. This includes social engineering, security awareness and qualitative research about the perception of security.

Links:

• https://deepsec.net/archive/2014.deepsec.net/speaker.html#PSLOT172
• https://infocon.org/cons/DeepSec/DeepSec 2014/Why IT Security Is Fucked Up And What We Can Do About It.mp4

Similar Presentations:

• DeepSec 2013 „Secrets, Failures, and Visions“ / Psychology of Security: a Research Programme
• GrrCON 2014 / Security Hopscotch
• GrrCON 2013 / Security Counterknowledge