this post was submitted on 13 Jun 2026
23 points (89.7% liked)

Technology

85355 readers
3658 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
23
Marcus Ranum: The Six Dumbest Ideas in Computer Security [2005] (www.ranum.com)
submitted 14 hours ago by HaraldvonBlauzahn@feddit.org to c/technology@lemmy.world
4 comments fedilink hide all child comments
 

This is an article that is now over twenty years old.

And yet posting it seems like a worthwhile refresher for the "Agentic Age" .... because very basic principles are being thrown overboard.

One is: There has to be a clear separation between code that controls actions on your computer, and untrusted data.

Looking at agentic systems - what do you see?

you are viewing a single comment's thread
view the rest of the comments
[–] pulsewidth@lemmy.world 2 points 12 hours ago (2 children)

The point about 'educating users' being dumb is itself incredibly stupid, because the largest element of hacking is social engineering: the letter from a nigerian prince, the zip file from an attractive person with 'my hot photos enclosed', to today's calls from government impersonators (tax agency, immigration), and emergency requests from close known contacts that 'urgently need money wired to them'.

Education has gone a long way to improving user response and caution against default trust of unverified contact, which is essentially what the first two points complain about from a technical aspect (default allow). Those complaints are at odds with one-another.

[–] HaraldvonBlauzahn@feddit.org 2 points 12 hours ago* (last edited 7 hours ago)

Education has gone a long way to improving user response and caution against default trust of unverified contact

If that were true, nobody would run agentic tools.

Because these:

  • perform actions on your computer, thus are executing programs
  • operate on untrusted data -cannot, by principle, safely discern between commands and untrusted data
[–] HaraldvonBlauzahn@feddit.org 2 points 12 hours ago

Unfortunately, social engineering works incredibly well.