Wednesday, February 25, 2009

Perfect privacy podcast with Markus Jakobsson

20th episode of The Silver Bullet Security Podcast.

Interview with Markus Jakobsson

In corp research you dont need to worry about funding - compare to academic.

everybody wants to see what's they are doing change the world...
I left academia to see if i can change the world

Thesis: privacy vs authenticity : there is a necessity to balance between privacy & payment.
at that time there was a believe it must be absolute privacy in perfect privacy payment scheme in cryptographic community <- I dont believe this

today the balance is actually on the other side, payment lack of privacy

Scott McNealy: "get over it, You have zero privacy anyway..."

ppl sell their privacy for very low price.

I dont believe fundamental trade off between security vs privacy:
security: you cannot be abused
privacy: your information that you want to be leaked - cannot be abused

it's a naming convention

Hard core cryptography does not change the world - so I'm changing my approach.

if you really want security to happen, you have to realize that it's not enough with algorithm, but you also need to present info to user & make sure they understand.

research, the reaction the user inferface to ppl.. then folded to applied in security...

it's far too common to say: "oh man ppl are dumb, and all dump ppl has to suffer their consequences"

"ppl are remarkably dumb because to them it makes no sense to use SSL cert.... they just need to go on with their life"

that dumb can be your mum or my mum... and I dont want that.

if you can educate ppl, what can u educate?

I care about the effect of security on ppl... the key is the interface...

I have collection of syntactical phishing experiment

synthetical phishing: instead saying this is your last 4 digit, it says this is your first 4 digit - to ppl, this has absolutely no security difference - yes this is the 1st 4 digit of my bank account, then I'm talking to my bank...

actually 1st 4 digit corresponds to the issuer...

this means authentication ppl with the last 4 digits is an insane way to do, because you teach user.. 4 digits it's OK... then when the phisher comes around with 1st 4 phisher, they are hooked.

length: 24:29m
* this is a very good interview

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home