One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 1062312 |
| Date de publication | 2019-03-09 15:39:51 (vue: 2019-03-09 22:01:04) |
| Titre | A quick lesson in confirmation bias |
| Texte | In my experience, hacking investigations are driven by ignorance and confirmation bias. We regularly see things we cannot explain. We respond by coming up with a story where our pet theory explains it. Since there is no alternative explanation, this then becomes evidence of our theory, where this otherwise inexplicable thing becomes proof.For example, take that "Trump-AlfaBank" theory. One of the oddities noted by researchers is lookups for "trump-email.com.moscow.alfaintra.net". One of the conspiracy theorists explains has proof of human error, somebody "fat fingered" the wrong name when typing it in, thus proving humans were involved in trying to communicate between the two entities, as opposed to simple automated systems. But that's because this "expert" doesn't know how DNS works. Your computer is configured to automatically put local suffices on the end of names, so that you only have to lookup "2ndfloorprinter" instead of a full name like "2ndfloorprinter.engineering.example.com".When looking up a DNS name, your computer may try to lookup the name both with and without the suffix. Thus, sometimes your computer looks up "www.google.com.engineering.exmaple.com" when it wants simply "www.google.com".Apparently, Alfabank configures its Moscow computers to have a suffix "moscow.alfaintra.net". That means any DNS name that gets resolved will sometimes get this appended, so we'll sometimes see "www.google.com.moscow.alfaintra.net".Since we already know there were lookups from that organization for "trump-email.com", the fact that we also see "trump-email.com.moscow.alfaintra.net" tells us nothing new.In other words, the conspiracy theorists didn't understand it, so came up with their own explanation, and this confirmed their biases. In fact, there is a simpler explanation that neither confirms nor refutes anything.The reason for the DNS lookups for "trump-email.com" are still unexplained. Maybe they are because of something nefarious. The Trump organizations had all sorts of questionable relationships with Russian banks, so such a relationship wouldn't be surprising. But here's the thing: just because we can't come up with a simpler explanation doesn't make them proof of a Trump-Alfabank conspiracy. Until we know why those lookups where generated, they are an "unknown" and not "evidence".The reason I write this post is because of this story about a student expelled due to "grade hacking". It sounds like this sort of situation, where the IT department saw anomalies it couldn't explain, so the anomalies became proof of the theory they'd created to explain them.Unexplained phenomena are unexplained. They are not evidence confirming your theory that explains them. |
| Envoyé | Oui |
| Condensat | 2ndfloorprinter about alfabank alfaintra all already also alternative anomalies any anything apparently appended are automated automatically banks became because becomes between bias biases both but came can cannot com come coming communicate computer computers configured configures confirmation confirmed confirming confirms conspiracy couldn created department didn dns doesn driven due email end engineering entities error evidence example exmaple expelled experience expert explain explains explanation fact fat fingered from full generated get gets google grade hacking had has have here how human humans ignorance inexplicable instead investigations involved its just know lesson like local looking looks lookup lookups make may maybe means moscow name names nefarious neither net new nor not noted nothing oddities one only opposed organization organizations other otherwise own pet phenomena post proof proving put questionable quick reason refutes regularly relationship relationships researchers resolved respond russian saw see simple simpler simply since situation somebody something sometimes sort sorts sounds story student such suffices on suffix surprising systems take tells that them then theorists theory they thing thing: things those thus trump try trying two typing understand unexplained unknown until wants when where why will without words works wouldn write wrong www your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.