12 Jul 2011 @ 9:40 AM 

The base computer network seemingly doesn’t trust any security certificates from any signing authority other than Verisign. This means that every web site that uses any other registrar (which is to say, a truly stupendous number of sites) gets an error message that the site’s security certificate cannot be verified to a trusted issuer. This happens with my company timecard system, as one rather important example. Since the network doesn’t trust Entrust or others, this means there is no way to be sure that the sites I connect to which are not Verisign-approved are real sites or phishing expeditions. This means that every site which is not Verisign-approved is a giant red beacon of “ignore this security warning because it’s really not a problem after all.” Every non-Verisign site adds one more item to the list of things to ignore which good security practices tell you NOT to ignore.

Although the Air Force has decided (for reasons which escape me) to allow Youtube and Facebook access on-base (but not Google Plus or even Google Calendar), this week Flash is broken. This is a security configuration issue, as the flashing error bar on the top of the page says the addon has been disabled, not that Flash is literally broken. So, one more flashing error bar to add to the list.

Again, this just encourages users to assume that every error message is, in fact, in error itself. If we get inundated with false positives, we are being trained to ignore actual positives. This also applies to the wave of “helpful” messages which greet us whenever we log in; I challenge any user here at Goodbuddy to honestly claim they read those every time they log into the network. Just more noise to ignore, and train people to ignore all messages because most of them are trivia or wrong.

Posted By: Gary
Last Edit: 19 Jul 2011 @ 07:29 AM

EmailPermalink
Tags
Categories: Geek, Military, Stupid People


 

Responses to this post » (One Total)

 
  1. […] another way in which normal procedures are training us to be bad computer security risks. As illustrated by the always-excellent XKCD, the theory that really hard-to-remember passwords are […]

Post a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


 Last 50 Posts
Change Theme...
  • Users » 2
  • Posts/Pages » 4,635
  • Comments » 896
Change Theme...
  • VoidVoid « Default
  • LifeLife
  • EarthEarth
  • WindWind
  • WaterWater
  • FireFire
  • LightLight

MythTV



    No Child Pages.

Who is Bunk?



    No Child Pages.

Friends



    No Child Pages.