Interviewed one of CERT's people this morning about incident trends over the last few quarters. Story coming up in news shortly over it.
One of the trends is interesting: attacks against clients are on the increase. It's a little less about server vulnerabilities, this year, more about phishing, exploiting browser vulnerabilities, getting users to click on stuff they shouldn't, getting spyware installed, that sort of thing.
Wondering what this means for designers thinking security. Some of this, it's about social engineering, and maybe that's beyond our purview. Firmware vulnerabilities between the keyboard and the chair haven't traditionally been our thing. Or not so much directly.
Still. Interesting. Thought for the day for thinking designers: what more can be done to engineer against basic human credulousness?