< MJS Article published: Social Authentication: Vulnerabilities, Mitigations, and Redesign
17.11.2014 Kategorie: Konferenzen

Talk at DeepSec: Why IT Security Is Fucked Up And What We Can Do About It

Stefan Schumacher will give a talk at this years DeepSec about the future of IT security.

IT Security is in a miserable state. The problems have been discussed again and again without advancing IT Security.

Discussing the key length of AES is necessary, but not the peak of IT Security, as long as users chose weak passwords, developers implement buffer overflows and vendors deliver faulty banana software.

IT Security research did not adapt well to the challenges of IT security. Instead of focusing on fields like man-machine interaction, perception of security by users and developers or political measures like producer's liability the same simple problems are discussed again and again.
This is not surprising, since Computer Science is a trivial science and only successful because it ignores hard problems like human behaviour.

This rant will give an overview about what's wrong in IT Security and Security Research. I will show you why cryptosystems really fail, what Psychology knows about security and what IT Sec has to do if it ever wants to break the current circle jerk and start generating more security.

More Info at https://deepsec.net/speaker.html#PSLOT172