Author: Maverisk

Seth’s maybe slightly too positive

In one of his, almost always delightful and insightful blog posts, Seth Godin recently almost pulled me along into (yet another) “Yes indeed completely so” response.
But then I realised Truth might just tilt the picture a bit.

Well, first read said post: here. Then:

The point is: It is a common human error (e.g., by Hegel in particular (see below), and many others with better insights) to consider oneself or one’s generation(s) as being the pinnacle of human development; no generation or time before had seen such beauty of humanity’s glory in masterty of the universe.
But others agree less. Yes, there’s something that seems to be progress, but fallbacks are just as common throughout history, on all fronts. Yes, also in technology, as we even today haven’t quite figured out how pyramids were built, etc. – one source here of which I have no clue about the veracity of argument, but others having more (or less) of that, are widely available. But certainly in terms of general human condition and human peace and quiet, and possibly a piece of the rock.
So the resulting picture is maybe sawtooth (ratchet) shaped, around a horizontal line… Usually, I think for this area, too, some punctuated equilibrium kind of random (sic) or even silly walk figure is better representative.

Oh, and regarding Hegel’s eternal march towards Ratio glory, here (read past the pic please…) and here. No belief on authority.

For your patience:
DSCN8709
[Free shipping (no) Porto … from another than the usual angle]
[Yes, yes, technically hardly Porto but Villanova de Gaia. Meh.]

Before it disappears: Told you so

Oh, before it returns to oblivion; re the Hacker Team hackback: I’ll just join the endless queue of Told You So’ers with reference to this.
Noting that there is a confusing connection to the illegalise-encryption-cum-mandated-government-backdoors stupidity that keeps coming back like whack-a-mole, to put it very, very friendly.

OK, leaving you with:
DSCN4521
[Antwerp beauty, untiltshifted]

The need for a new security framework

… I feel the need for it. A new security framework.

Because what we have, is based on outdated models. Of security. Of organisations. Of how the world turns.
Bureaucracy doesn’t cut it no more. The very idea of hierarchically stacked framework sets (COSO/CObIT/ISO27k1:2013/…) likewise, is stale.
And the bottom-up frameworks en vogue, e.g., OSSTMM (if you don’t know what that is all (sic) about, go in shame and find out!) and core work like Vicente Aceituno Canal’s, haven’t found traction enough yet, nor are they integrated soundly enough (yet!!) into further bottom-up overarching approaches. Ditching the word ‘framework’ as that is tainted.

But what then? At least, OSSTMM. And physical security. And SMAC. And IoT. And Privacy (European style, full 100.0%, mandatory). And business-organising disruption, exploded labour markets, geopolitics, et al.

OK. Who of you has pointers to such an Utopia ..? [Dystopian angles intended]

Unrelated:
DSCN6146
[Your guess. Not Nancy. But is it Reims ..?]

Today’s-Tech-Yesterday-Craving

As a question: What is the melancholic (sic) feeling one gets when realising how great it would have been to have had (some of) today’s technology / hype little tools, already yesterday or rather, a couple of decades back ..?

As logically flawed as the feeling is (you’d change the world of yesterday in a way that would make today’s world impossible to exist exactly like it turned out today… No-impact visits to the past even, are impossible since you’d return with the info of having been there), it still creeps up every now and then. Oddly, it concerns specific technology items, not Technology as a philosophical construct altogether. Is that where the error of thought creeps in; can’t have your tool and not eat the whole thing ..?

Please add your musings… And
DSCN0567
[Quiz: Prato or Pistoia ..?]

I am not me. Myself: nope, neither.

Now that infosec has become to lean so much on the People side of things – as in theory all things Tech have been solved, for decades already just not implemented to any degree of seriousness..! and ‘process’ having been exposed as utter nonsense ‘management’ babble – it is strange to see that psychology hasn’t come to the fore much, much more. Even when pundits and others, and the minions like Yours Truly even, have posted over and over again that no tech system however perfect can stand the assault of through, e.g., casual negligence and unattentive error let alone gullibility and other vices.

E.g., in the area of IAM. Where I, the construct, the behind-the-persona ego I recognise as such, is constantly changing. In my case, developing fast, forward, up. In your case… well, let’s be nice to one another so I’ll remain silent.
And all sorts of avatars are developing as substitute for you and me within systems. See, with AI mushrooming lately, avatar ‘development’ may quite easily, soon, surpass ‘you’ in being ..?

Back to the story line: It’s just not userIDs anymore; context-aware and -inclusive, capability- and rights-attached constructs they are, and integrating with the Avatar Movement (Rise of the Machines, yes) to morph into actual beings that might soon pass Turing for comparability to/with humanoid identities. We’ll be on equal footing, then, or soon after, bland dumbed-down versions of personas/egos.

But How Is This Relevant … Ah, the clue of today’s post: Because social engineering, phishing etc. play on the weaknesses of humans to be able to impersonate. So, either stop the weaknesses (as vulnerabilities; eternally impossible) logical-OR stop the impersonation (the assumption of avatars/personas by attackers; taking down their masks). The latter, by at least being aware that the avatar, the persona, isn’t the actual person. How to get that into systems, and at the same time recognising ‘actual’ avatars/personas i.e., the link between those and the right real persons behind the masks even when considering through human weakness the persona has been ‘compromised’ …? That will solve so many infosec troubles…
But heyhey, I don’t have a clue like you do. Or do you ..? Very much would like to hear ..!

[Edited to add before publishing: Hold Press; include this on behavioural stuff]

DSCN2608
[“Riga”..? Aptly French?]

Disruption, -parity

Just wondering: How’s the disruption in your ICT coming along ..?

Seriously; hardly at all ..!?

Join the club. Of almost all. Public, private, large, small; all organisations suffer your fate of [barely; outdated browser] being able to read all about the Great New stuff that’s out there, but seeing nothing of it in your daily work. Strange, eh?
Or is it again the short-term impact being overestimated until it’s “too” “late” to join in, for most orgs ..? Because the real talent, the people that actually want something out of life either with, through your org or without it, elsewhere, will have gone to that elsewhere with all their motivation, and you’re left with the dull, exhausted, numbed-by-the-avalanche-of-downsizing-rounds petrified staff [you deserve, if you don’t pay attention]?

So, be positive; hunt for the opportunities and push your people to do the same! While also bulldozering through the roadblocks, often (middle? elsewhere too?) management having been trained to the hilt with objection finding, -raising stamina to defend the stasis quo [intended]. Close the gap, from veering into nothingness off the path of innovators, to return to lead at the head.

Oh well; for now:
DSC_1026
[Needs serious renewal above the shoulders; DC]

Nice note

Just a long-form quote this time, by Norm Laudermilch:

In addition, we should stop using the term “advanced threat” to describe the threats we see every day. It’s too common to hear a recently breached company point to a “very sophisticated cyber attack perpetrated by a nation-state”, which makes it sound like this was something undetectable and impossible to stop. Gartner analyst Neil MacDonald calls this the “dog ate my homework” excuse. More likely we find that it was just another piece of malware cranked out by one of the latest exploit toolkits, delivered via spear-phishing or targeted malvertising, perpetrated not by highly advanced nation-state adversaries but by comparatively low-tech cyber crime gangs. Even if a nation-state attacker crafts an extraordinarily unique and complex malware payload, they’re probably using the common delivery vectors mentioned above. Why? Because these attacks work every time.

Emphasis mine and I second. Until quantumcrypto is cracked, each, any and all cracks are of sophistication Zero. Or One, at most. Combining the most basic of ‘attacks’ i.e. exploits of negligence. Read the full article, and agree. Oh, and [self-plug] there could be side benefits in sloppiness, like this – IF deployed properly. And have your press release at hand, like this one.

So, …
DSC_1024
[Surpreme court; would you want your ball there?]

Publi(li)us Series; final part V

OK, the fifth and final part of a series, on quotes of the guy that went from Publius to Publilius Syrus in a century, after having been forgotten [Oh! How unduly! How unfortunate! Hence this series] for a century or fifteen. As they’re handily numbered already and in fitting English (not too modern i.e. simplified, dumbed down), but quite a few may be enhanced by some frills of mine, I’ll take mine from an 1856 translation:

800. It is the height of folly to blame without knowledge.
So… Any blame on me can be retorted with this. Remember also the earlier quote about the virtuous man not being touched the slightest by false accusations. Yup, combine these two re me.

806. It matters not with what purpose you do it, if the act itself be bad.
So, utilitarians are wrong. They are. Now go back and reread (over and over again) John Rawls until you finally get that.

813. A man has as many enemies in his own house as he has slaves.
Yes Celebrity CEO, your number might be up any moment.

821. A frog would leap from a throne of gold into a puddle.
So, you’re free to return to where you liked life. … yes, go ahead and make room so I can return to my destined place.

852. The eyes and ears of the mob are often false witnesses.
So don’t trust statistics, polls, or popular opinion.

867. The sons of the blacksmith are not frightened at sparks.
So, learn a bit how to code! Otherwise, you’ll have to be aloof all your life about e.g., app building, to overshout your fear for it.

881. It is late to devise expedients when the danger is at hand.
Basically, the foundation of and need for risk management. Of the sane sort, not what the other 98% preach.

903. It is folly to censure him whom all the world adores.
Even in a friendly way ..? A word to the wise, will be understood by those, only. The adored by the mob, is suspect enough already ..?

910. It is folly to punish your neighbour by fire when you live next door.
Uh-huh. But what if you want to disrupt in order to build a business …?

919. A lax government can not maintain its authority.
Beware to slack when you lead …

920. A boastful prosperity will prepare its own fall.
So, don’t boast about your sheer utter luck..!

955. One will agree with you sooner than many.
There’s no pleasing everyone. Aim high, but be content with lower achievements.

960. Either be silent, or say something better than silence.
So, silence may be golden but if (big if, in your case, when, in mine) you have sparkling diamonds to offer, do speak.

974. It is better to trust virtue than fortune.
Ah, this against the introductory musings of this (in Dutch); where consultants and advisors of all sorts are better believed/trusted because they show off with bigger cars, unfunctionally smart suits, etc. – which is posing of course, fake it till (if?) you make it. But will disappoint. Then hire me and you finally get the stellar actual performance you wanted.

983. Conceal your opulence if you want to avoid envy.
And, in many other Syrus lines, you read: Envy will in the end get the better of your fortune…

985. Flattery was once a vice, now it is a virtue.
And still is (considered such), wrongly.

1047. You are not happy if the rabble do not make sport of you.
This goes within trade groups as well. If the rabble ‘colleagues’ or ‘peers’, the meek able-only-to-follow’ers blame your creative ideas, you can be happy to know you are right and not they.

1057. Money is a servant if you know how to use it; if not, it is a master.
Notice ‘use’: Not invest to merely make more of it, but to achieve something for the betterment of society…

1058. When we speak evil of others, we generally condemn ourselves.
Speak no evil…

1074. If you obey against your will, you are a slave, if of your will, you are an assistant.
Which goes for (having to) obeying to totalitarian bureacracy, and possibly being an accomplice (of a grave evil) ..!

And… we’re… done. Enjoy reading the entire thing! Leaving you with:
DSCN3633
[Recognisably but often overlooked, Calatrava, Toronto]

Maverisk / Étoiles du Nord