How cognitive blind-spots compromise security systems


16 Responses to “How cognitive blind-spots compromise security systems”

  1. Two Bits says:

    Random person calls and asks my last name.  They are not going to get a true answer.

    • jere7my says:

      Yeah, but everybody here can see it’s “Bits.”

    • KWillets says:

       There just aren’t that many messages you can encode with “Mike Hunt” as the only code point. 

      The old-school security thinking was to avoid giving one’s name to random strangers who call on the phone. 

    • Johnny Rojo says:

      I wouldn’t ask for their last name. I’d say something like: “I’m on a treasure hunt to collect letters of the alphabet. Would you tell me the first letter of your last name please?” Lame, I know, but I don’t think I’d get a lot of turn downs, and I wouldn’t need all the letters to begin deciphering.

    • Some people might answer the phone with their name. Or just ask “is this Mr. X?” and hope to be corrected. If you have some fantasy and are good at talking, you’ll probably get the Name. 

    • trefecta says:

      Good old rubber-hose cryptanalysis… You don’t even need rudimentary knowledge in mathematics, but a decent knowledge in anatomy helps.

  2. Snig says:

    Obligatory Jack Vance
    “What if Cugel scamped his duties?”

  3. The household could have individuals with different last names.
    The household could have changed owners/renters since the book was published.
    The individual on the phone could lie.

    And of course depending on the format of the encrypted data, the corruption introduced by the above scenarios may or may not have an effect on the usability of the unencrypted data (plaintext “bamb the Amoricone Enbrssy” is still somewhat useful data vs. an array of hex with incorrect entries).

    But secretly I’m just jealous knowing that I wouldn’t have seen that solution either…

  4. silkox says:

    It’s still good outside-the-box thinking on the part of the 8th-grader.

  5. I saw this “loophole” instantly after reading the first paragraph… But thats probably what separates engineers and mathematicians :-)

  6. eldueno says:

    Some folks give strangers their credit card numbers over the phone too. 

Leave a Reply