Last week, the world’s top computer scientists gathered to discuss security and the weaknesses created by putting it in the hands of people. It was the first “Security and Human Behavior” conference, and many experts on human behavior were invited to help the attendees understand how criminals use social engineering to circumvent security technology.

Here are some interesting topics that came out of this conference:

A study soon to be published will reveal when we are more likely to surrender private information about ourselves. One conclusion was that we are more likely to answer private questions when we are not given any assurance of confidentiality because it makes us suddenly aware of our privacy.

Another set of research looks into the question of improving the fallback password system that many sites employ. Instead of asking questions that might even be difficult for the true user to answer, the proposed method has the user choose things that they like and dislike from a list.

Finally, this MSNBC posting reveals a new idea in security training that was presented at the conference. Instead of periodic reminders to be wary of phishing and e-mail attachments, companies may attempt to fool their own employees. Those who fail the tests would learn by shame or possibly by hearing about it in an employee review.

This entry was posted on Monday, July 7th, 2008 at 8:46 pm by Mike Markiewicz and is filed under privacy. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.