Ahhhh. We recently made an amazing discovery in our company, and I am so tempted to write about it here. But it would be absolutely unfair and inappropriate. Also, it would cost my anonymity, which I value a lot. But it’s sooo cool, I can’t wait to get it out. (Yes, you can now imagine an angle on my one shoulder and the devil on the other).
Generally, this seems to be a problem in security. People like to boast, as it is good to be admired by others. It is hard for us to keep things secret. Only when something would make us look silly, we are interested in protecting the information.
People also like to be nice to others, so if someone is asked a question, he subconsciously wants to be friendly and answer the question. It is actually really difficult to tell the person: “I know the information, but won’t give it to you”. This is the reason why social engineering attacks work so well.
As a great example, have a look at the DefCon talk by Johnny Long last year on Google Video. The talk is almost an hour long, but take the time, it is definitely worth it. Apart from it being really funny, it shows how people from the audience like to yell out the right answer, even if it’s something you would not want everyone to know.
Picture of tempting cookie by YlvaS
Cyberphobia 