Tuesday, July 16, 2013

I don't think it's clear to some users what kind of authorisation they give to programs when they click an accept button. When you click accept, in most cases you give that software full authority to act as you in any action which it can perform. It's also problematic that outside of (and sometimes inside of) large government operations, the principle of least privilege is neither understood, nor implemented when it is, in the case of dodgy or absent specifications, a very good way to limit the damage rogue programs (and operators) can do.