ITM 820 Lecture Notes - Lecture 2: Wi-Fi, Usability, Phishing

Security research is related to cognitive psychology. Categories of mistakes: it is common that people click on ok , actions that people take by following rules are open to errors when they follow the wrong rules, mistakes are made by people for cognitive reasons. Victims are lured by an email to log on to a website. It is much easier for crooks to build a bogus bank website that passes casual inspection. Common way for private investigators to steal personal information is pretexting: such attacks are sometimes known collectively as social engineering, example: behaving like a support staff, collecting a companies information. Psychological manipulation of system users or operators becomes ever more attractive. The security engineer simply must understand basic psychology and security usability": irs employees at all levels, asked for their user ids, and told them to change their passwords to a known value. The user problem in security systems is not just about user interfaces or system interaction.