Bonum Certa Men Certa

Citation/Atlas 'Security' Exam is a Total Farce, But It's Still Good for Entertainment Purposes

Summary: What are people being taught about so-called 'security'? Might that explain so many security breaches? (Poor training, wrong assumptions)

OVER the years I saw criticisms of school or classroom indoctrination about copyrights. They're basically teaching/pushing a bunch of lies to young children in an effort to "educate" them about "copyright law" (sounds reasonable on the surface... until one actually checks what these pupils are being told).



"It's supposed to sound sophisticated, but the net gain for security is laughable."For ISO compliance purposes, sometimes I'm required to take and pass some online "training" courses. Some of these are ridiculously bad, so I end up taking screenshots.

This post is about fake security mindset -- a concept explained here several times earlier this year. It's supposed to sound sophisticated, but the net gain for security is laughable. Complexity does not beget security (usually the opposite is true; simplicity is auditable). Basically, it boils down to what's sometimes known as "security theatre", owing to a 'fake security' cargo cult of "phones" or "apps" and "clown computing" (i.e. giving all your access credentials to some other company, along with highly sensitive data).

During my latest "training" I stumbled upon about 40 examples of amusing errors and silliness (it's all over the place, sometimes with repetition for extra effect or 'good' measure), but to keep things more concise and digestable I took screenshots and annotated them a little, just as I did last year with edX [1, 2], in effect shilling for the Linux Foundation in the guise of "training". Where does one draw the line between courses and marketing, revisionism, and even outright lies?

"Basically, it boils down to what's sometimes known as "security theatre", owing to a 'fake security' cargo cult of "phones" or "apps" and "clown computing" (i.e. giving all your access credentials to some other company, along with highly sensitive data)."Below I present just a small sample. Almost at random I narrowed it down to just a dozen rather unique examples (there are many more similar instances of these). Surely, a more exhaustive list would take a lot of time to prepare while the clock is running. At the end, one is required to lie or say what they expect you to say in order to pass the test (which I did). To be fair, the questions aren't as terrible as the supposed 'training', as they don't mention brand names there or promote outrageous fallacies.

Without further ado, let's begin.

Does that mean what they think it means? Yes! They can! Like, every person? If you already labeled them that, what does that mean? 'Good' ones?

It doesn't take a genius to see what's happening here and why it's shallow. Infantile questions like, ARE CRIMINALS A THREAT? It's like a colouring book quiz with heroes and villains. They present actual adults with such questions. We'll come back to it later when it comes to "exam time".

They don't need to target you, they can target the software you use, e.g. Microsoft Windows

Notice how, just like Microsoft, they're looking to blame computer users or "criminals" (or some nations like China or Russia). Anything to divert liability away from rogue software companies that write shoddy code, hide the defects, and code back doors for the NSA et al.

Let's move on.

Apple or Microsoft

Wait, I'm confused.

You mean Microsoft

As if it's the user's fault that Microsoft cannot secure its own systems...

Surveillance devices with back doors are some of the least secure ways to maintain access to things

Yes, let's all use 'phones' to manage critical servers... with "apps".

Back doors of vendors and governments not even mentioned

Missing part?

With back-doored encryption of the aforementioned brands?

No mention of "weakened" (i.e. fake) encryption.

Microsoft promotion (niche player)

Why are they ignoring bigger players like Facebook and Twitter? Brand promoting? Wait, there's more right after that...

What if I don't use (back-doored) Windows?

It's 2021 and they still think everyone uses Windows. Guess what... Windows market share is less than a third.

But should I use Windows at all?

Windows again.

OK, questions time. First in the test:

The simplistic children's villain narrative

So let me guess... "criminals" are the threat. Who would have guessed?

Did I learn something from this course? Absolutely nothing. But I got some giggles. Many millions of people are constantly subjected to this kind of propaganda, which sometimes seems more like marketing than actual education.

Recent Techrights' Posts

The Ongoing Evolutionary Process of News-Reading (or News-Finding) on the World Wide Web
it gets worse
"It's Obvious There's No Future For Any of Us from Blizzard at Microsoft"
The rumours suggest that more Microsoft layoffs are on the way
[Meme] Who's the Boss?
"I thought EPC governed the Office"
Salary Adjustment Procedure (SAP) at the EPO and Why Workers' Salary is Actually Decreasing Each Year (Currency Loses Its Purchasing Power)
outline and update on a years-old blunder
Ongoing Media Campaign, Sponsored by Bill Gates, to Portray Critics of Gates Crimes as "Conspiracy" Cranks
In prior years we wrote about this PR tactic of Gates
 
End of an Era
The Web isn't just filled with marketing spam but actual disinformation
[Meme] Onboarding New EPO Staff
You read the patent application and grant within hours
The Legacy Prolific Writers Leave Behind Them
"Free Software Credibility Index" after more than 15 years
Phoronix in Google News
congratulating or welcoming Embrace, Extend, Extinguish (E.E.E.)
Google Fired Many Employees Working on Google News (Which Had Deteriorated and Became Gulag Noise, Littered and Gamed by Blogspam, Plagiarism, and Chatbot/Translator-Generated Spew), Now Comes the Likely 'Phase-out'
No wonder many yearn for the days of DMOZ and Web directories in general
IRC Proceedings: Monday, February 26, 2024
IRC logs for Monday, February 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Exposed: FSFE, Legal & Licensing Workshop (LLW), Legal Network & Modern Slavery
Reprinted with permission from Daniel Pocock
Gemini Links 26/02/2024: Mastodon Trouble, RSS, and Zombie-scrolling
Links for the day
Links 26/02/2024: Suicide Crisis and Doctor Walkouts in South Korea
Links for the day
Why Do People Who Attack GNU/Linux Hate Women So Much?
My wife is being viciously targeted again
[Meme] Follow the Law, Not Corrupt Bosses
pressuring staff to break the rules to make more money
The EPO Uses Appraisals to Force Staff to Illegally Grant European Patents or Lose the Job. The Matter is Being Escalated en Masse to ILO-AT, Requesting a Review of Appraisal Reports.
it is only getting worse over time
Debian History Harassment & Abuse culture evolution
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, February 25, 2024
IRC logs for Sunday, February 25, 2024IRC logs for Sunday, February 25, 2024
Gemini Links 25/02/2024: Chronic Pain and a Hall of the Broken Things
Links for the day
Links 25/02/2024: New Rants About 'Hey Hi' Hype and JavaScript Bloat
Links for the day
Going Static Helped the Planet, Too
As we've been saying since last year
Chris Rutter, Winchester College, Clare College choir, Arm Ltd, underage workers & Debian accidental deaths
Reprinted with permission from Daniel Pocock
Gemini Links 25/02/2024: Blocking Crawlers and Moving to gemserv
Links for the day
IRC Proceedings: Saturday, February 24, 2024
IRC logs for Saturday, February 24, 2024
Over at Tux Machines...
GNU/Linux news for the past day