Comment by obscurette

Comment by obscurette 10 months ago

19 replies

View on Hacker News

I'm old enough to remember ILOVEYOU. During years after that I have seen millions and millions thrown into educating users not to click on wrong things.

Last month I was in conference where the keynote was from CEO of cyber security company. The whole point of the speech was that we need more money because in some cases more than 80% users still fall into email scams. My very serious question to the speaker was - if after many millions and almost 25 years more than 80% users still click on wrong links, then maybe we do something really wrong?

bugtodiffer 10 months ago

We are, but people want convenience.

Try to get a company built around Word to use another tech that doesn't requires running unsigned macros from emails...

You literally can't, they lough at you for saying things like "don't use Microsoft"

Reply View 1 reply
  • [removed] 10 months ago
    [deleted]
    Reply View 0 replies
guappa 10 months ago

They measure by clicks… but clicking a link doesn't mean you'll follow through and put in your username, password, and 2fa code.

Ultimately he's a businessman seeking for more money. Doesn't mean he can be trusted.

Reply View 1 reply
  • kayodelycaon 10 months ago

    In my opinion, these products are nothing but scams. I can’t use any links from work emails on my phone because I can’t see the domain of a link without previewing the page. IT told me I needed to change system-wide settings to disable previewing webpages in every app on my phone. Not happening.

    Fortunately, my work email supports IMAP, so I can use a script to scan my inbox for fake phishing emails and delete them.

    Reply View 0 replies
mnau 10 months ago

We are not not doing anything wrong, but we are completely neglecting the attacker side.

All our actions are defensive.

Look at our physical security. Basically nothing is reasonably protected. 99% of stuff (buildings, locks) can be broken into with tools available in any home depot.

The key reason why it doesn't happen that much is because it's possible to find the attacker.

Why can any scammed just create a website without any traceability? It wouldn't be foolproof, but it would raise a bar.

Reply View 14 replies
  • chii 10 months ago

    > Why can any scammed just create a website without any traceability?

    because jurisdictional challenges.

    Not to mention that this very same traceability would be abused by some other authoritarian gov't to track down dissidents for example.

    There's no real way to systematically have good security, if the human element is the weakest link tbh. Securing windows is not a technical problem, but a social and educational one.

    Reply View 12 replies
    • mnau 10 months ago

      More like no will.

      Does the domain/server implements required level? No? Block connection. Dtto email with automatic response.

      Is your IP in a botnet? Cut it off.

      Edit: I already get blocked connection (on target site) because EU regulation is too onerous. I get reminded on basically every Google search I am being censored (Some results may have been removed under data protection law in Europe).

      Completely doable.

      Reply View 11 replies
      • GTP 10 months ago

        > I already get blocked connection (on target site) because EU regulation is too onerous

        More like "we want to track every single user coming to our website without giving them the option to not be tracked".

        Reply View 3 replies
      • guappa 10 months ago

        What do you suggest? Bomb even more countries?

        Reply View 6 replies
  • unethical_ban 10 months ago

    Do you think people should have to get permission to host a server on the internet?

    Reply View 0 replies