Please don't shoot the messenger.
According to Infosecurity Europe, 10% of men -- but 45% of women -- were willing to give personally identifiable information to a complete stranger when approached outside Liverpool Street Station in London.
But, wait, it gets worse: The fake researchers asking for the information were offering chocolate bars as an incentive to participate.
The press release is dated April 16, so I'm thinking it's unlikely to be an April Fools joke. There was some good news, however:
This year's survey results were significantly better than previous years. In 2007 64% of people were prepared to give away their passwords for a chocolate bar, this year it had dropped to just 21% so at last the message is getting through to be more infosecurity savvy. The researchers also asked the office workers for their dates of birth to validate that they had carried out the survey; here the workers were very naïve with 61% revealing their date of birth. Another slightly worrying fact discovered by researchers is that over half of people questioned use the same password for everything (e.g. work, banking, web, etc.)
I know what you're thinking: No surprise there. Nor here.
Workers were also queried about their use of passwords at work, half said that they knew their colleagues passwords and when asked if they would give their passwords to someone who phoned and said they were from the IT department, 58% said they would. Researchers also asked workers if they thought other people in their company knew their CEO's password. Thirty-five percent of them thought that someone else did with personal assistants and IT staff being the most likely suspects.
This type of ruse has been perpetrated before, of course, as in this example featuring the Internal Revenue Service (bet they're both distracted and vulnerable this week). Nevertheless, it's always striking to see exactly how much additional work needs to be done before the average Joe and Josephine will become more guarded about this stuff. <!--stopindex-->
Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.
This Year's 25 Geekiest 25th Anniversaries.
Adults are too quick to dismiss educational video games.
He called my teen-age daughters slutty. ... Should I hit him?
Talking tech with Cleveland's famous ballpark drummer.
The ultimate identity theft: "house stealing."
In defense of Caller-ID spoofing.
Stallman on handing over GNU Emacs, its future and the importance of nomenclature.
Google renames the Persian Gulf.
Top 10 Buzzblog posts for '07: Verizon's there, of course, along with Gates, Wikipedia and the guy who lost a girlfriend to Blackberry's blackout.
<!--startindex-->
The Leader in Network Knowledge
"The researchers also asked
"The researchers also asked the office workers for their dates of birth to validate that they had carried out the survey; here the workers were very naïve with 61% revealing their date of birth"
Or maybe, they just made something up. Hell, maybe the ones giving away free chocolate bars for bogus info were naïve.
Benny Hill Conducts Security Survey
I still can't believe the amount of internet coverage this comical survey has received. Since when is trading chocolate for unreliable information (I don't think they actually tried to log into everyone's email accounts to verify the passwords)considered noteworthy? What should be reported is that this "research" was not the result of a school project, but of Infosec Europe 2008. Please read my commentary on this meaningless survey at my meaningless security blog: http://www.networkworld.com/community/node/27262