Neumann@SRI RISK digest

Found an interesting mailing list quite a while back just before I got my RSI and lost my ability to type. Here's a link to index to articles on SPAM.

There's also another article by Marcus Ranum about the Security Myth that security has to be inconvenient. His comments that security often fails because:

1. Security measure does not try to solve the problem - the just work harder approach, that ignores the fundamental problems.
   
2. Security measures ignore human factors - users refuse or fail to use measures that they don't understand or require lots of effort.