Computer security experts tend not to be easily shocked by people's foolhardy, frequently cavalier attitudes toward online security. But even within this generally hardened breed, some expressed surprise over the results of a recent survey in Britain that underscored the profound vulnerability of the world's computer networks.
A man posted outside a London subway station at rush hour offered a chocolate bar to random passers-by if they would reveal the password they used to log on to the Internet. Amazingly, more than 7 out of 10 took the offer.
The survey was something of a publicity stunt staged by the organizers of Infosecurity Europe 2004, an information-technology conference held in London last week. It was hardly scientific; only 172 people were polled, and it was not verified that people were offering up an actual password. But among computer experts, even this informal exercise pointed out a persistent truism: that for the millions of dollars corporations have spent on erecting firewalls and installing expensive intruder-detection systems on their networks, the weakest link in any system remains the ordinary, well-meaning but hopelessly gullible user.
"In the last 5 or 10 years, corporate IT departments have gone to great lengths to impress upon their employees that they must keep password security standards high," said Michael D. Allison, chief executive of the Internet Crimes Group, an investigative company in Princeton, N.J. "Let's just say I'm surprised so large a percentage of people are still so naive."
http://www.chron.com/cs/CDA/ssistory.mpl/front/2531813