"when you try to build foolproof internet security, users can manage to break it in minutes"
"It is impossible to make a system foolproof, because fools are so ingenious" - Corollary to Murphy's Law.
Register here to watch our on-demand Regcast, where we look at why the human factor is an important internet security risk. Register for the webcast here and watch this special three-part Regcast at your own convenience. Handy synopsis for you As we reported in April, you build security and the users muck it up. At a time …
Have an email system where sysadmins can assign user rights to clicking on links.
For Lusers, no rights. They get mail where links are stripped from the body.
Once a Luser has eventually proven a certain degree of intelligence (yeah, I know, but for the sake of argument, okay ?), his status can be upgraded to Under Suspicion. Links he receives are stripped and non-clickable, but he can copy/paste them manually into a browser.
If Luser Under Suspicion manages to not completely bollox everything for six months, he gets upgraded to Luser Under Surveillance. His mails get the links clickable. If he mucks up at any point, he his slapped back down to Luser Under Suspicion and now has to wait a year - oh, who am I kidding, he'll never get upgraded again.
Obvously, no Luser is ever above suspicion.
A possible variant of this scenario is links are clickable, but anything under Surveillance automatically gets a 404 in return. Gosh, the Internet is so unreliable these days. . .