this post was submitted on 13 Jun 2026
16 points (86.4% liked)

Technology

85355 readers
4244 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
16
Marcus Ranum: The Six Dumbest Ideas in Computer Security [2005] (www.ranum.com)
submitted 7 hours ago by HaraldvonBlauzahn@feddit.org to c/technology@lemmy.world
4 comments fedilink hide all child comments
 

This is an article that is now over twenty years old.

And yet posting it seems like a worthwhile refresher for the "Agentic Age" .... because very basic principles are being thrown overboard.

One is: There has to be a clear separation between code that controls actions on your computer, and untrusted data.

Looking at agentic systems - what do you see?

top 4 comments
sorted by: hot top controversial new old
[–] pulsewidth@lemmy.world 2 points 5 hours ago (2 children)

The point about 'educating users' being dumb is itself incredibly stupid, because the largest element of hacking is social engineering: the letter from a nigerian prince, the zip file from an attractive person with 'my hot photos enclosed', to today's calls from government impersonators (tax agency, immigration), and emergency requests from close known contacts that 'urgently need money wired to them'.

Education has gone a long way to improving user response and caution against default trust of unverified contact, which is essentially what the first two points complain about from a technical aspect (default allow). Those complaints are at odds with one-another.

[–] HaraldvonBlauzahn@feddit.org 1 points 5 hours ago* (last edited 54 minutes ago)

Education has gone a long way to improving user response and caution against default trust of unverified contact

If that were true, nobody would run agentic tools.

Because these:

  • perform actions on your computer, thus are executing programs
  • operate on untrusted data -cannot, by principle, safely discern between commands and untrusted data
[–] HaraldvonBlauzahn@feddit.org 1 points 5 hours ago

Unfortunately, social engineering works incredibly well.

[–] vk6flab@lemmy.radio 2 points 7 hours ago

A merging of the two 😁