mersenneforum.org

mersenneforum.org (https://www.mersenneforum.org/index.php)
-   chalsall (https://www.mersenneforum.org/forumdisplay.php?f=169)
-   -   Just because I'm Paranoid doesn't mean They're not out to Get Me. (https://www.mersenneforum.org/showthread.php?t=25816)

chalsall 2020-08-08 21:15

Just because I'm Paranoid doesn't mean They're not out to Get Me.
 
Hey All.

I can't go into details, but I find myself in a situation where I might be able to provide some guidance on a public-education exercise with regards to best practices in this new "online" world within which we now all find ourselves.

I don't communicate well with "normals", and so there will be several layers between what I present for consideration and what is actually communicated. I prefer it that way; I always want at least one (human) editor between me and the audience.

I would welcome feedback from those here on What Makes Sense (TM), in relation to the below.

Everything posted here on the Mersenne Forum falls under a CC license.

We'll likely never be directly credited for any good done.

Strong people are comfortable with that.

chalsall 2020-08-08 21:25

Important concepts to map language onto.
 
These are the concepts that need to be expanded upon, into easily understood human language.

1. Trust.

2. Entropy.

3. What is a Certificate?

3.1. Certificate Chain?

4. What is a Digital Signature?

5. What is a Digital Credential?

6. What is a Digital Token?

7. What is an Attack Surface?

7.1. What is an Attack vector?

8. Social Engineering.

8.1. Humans are statistically your most likely risk.

8.2. Phishing.

8.3. Spear-phishing.

8.3.1. "Your email box is full. Click here (a tagged URL which is completely different than what is shown in the email) to confirm your account!

9. A discussion about Passwords vs. Passphrases vs. PINs.

9.1. The costs of exhaustive searches.

9.2. Why "123456" is a *really* bad PIN (and yet used by ~12% of all accounts).

10. Salting.

11. One-way hashes.

This post will be edited as we fill in the details, and debate the concepts.

jwaltos 2020-08-09 06:35

[QUOTE=chalsall;552959]

8.2. Pishing.

8.3. Spear-pishing.

[/QUOTE]

Phishing, but you made your point.

Edit_CH: Thanks. Fixed. (I'll be deleting messages over time, as any suggested deltas are applied.)

pinhodecarlos 2020-08-09 08:41

Looking forward to hearing about number two.

Nick 2020-08-09 11:33

To be effective, I think you will have to split up your audience somehow and create different versions for each group.

chalsall 2020-08-09 15:27

[QUOTE=Nick;553012]To be effective, I think you will have to split up your audience somehow and create different versions for each group.[/QUOTE]

Completely agree.

There are going to be professional communicators who take this language, and copy-and-paste and edit it deeply to be more palatable to different audiences.

The target demographics will be wide-ranging, from the lay-person who has never digitally signed anything before in their lives, to programmers who will soon have access to an API for development purposes.

Appreciate any and all feedback.


All times are UTC. The time now is 10:28.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.