Category: Information Security

Complexity beaten by [The mechanics of Joe Average]

Yes it’s time to remind you again. And again. That the mechanics of the mindset of Joe Average (notice how that’s a he not she …?) will beat even the best laid-out strategic plans, Von Moltke-style. As can be read in this here piece; instructive both on the surface and in the sub-surface semantics, meaning. I.e., that JA is even ‘smarter’ than you thought when it comes to achieving JA’s actual objectives of GetOffMyBackWithYourStupidTargets. Through which it all reminds us, being you too, to build security around actually desired functionality — as desired by end users to get their in-tray empty. Nothing more, certainly not your lofty functionality goals, that’s just burdensome nuisance. If you hinder the former and leave space for abuse in the latter, you’ll be doomed doubly. All the pain, no gain.
Be reminded, too, that your efforts down the blind alley will result in complexity that JA will beat, but maybe, all too often, you don’t. Meaning even that, is for nothing and will leave you out to dry.

Hm, as a pointer, this point needs both much more elaborate thought, in your heads, and is depleted for write-up here. Go and do well.

DSC_0084
[In the Cathedral of Pump; Lynden, Haarlemmermeer]

Gaming comms is deadly serious

I was reading up a bit (again) in Eric Berne’s masterpiece Games People Play, and realized a great many of the Child moves in just about every game, approached how some nefarious organisations seeking sub-animal-level absolute tyrannical power under the sometimes literally completely wrong, oppositional guise of (true) religion. One thinks Middle East, and elsewhere.
Would it be possible to counterattack, apart from head-on obliteration through military force, with anti-game moves in the global and local/individual comms contra/pro these movements..? If these address the core sources of discontent, as explained here, it could work, couldn’t it ..? Sufficient experts available, one would think, on the Good (?) side.

Just a thought. This:
Keep 'em flying!
[Should be kept available…]

Upping crypto

Lukewarm protests against Free Crypto, and trawling the oceans completely empty for metadata if not more … Seems like a two-faced two-front ‘battle’ that may even be tiring to uphold (face): Once one is into meta because it gives so much more information (sic) than mere data (content), one would need much less access to actual data, wouldn’t one? And, if then publicly having postured to not be able to break into crypto stuff (where one can with near-certainty break into all stack levels below it, down to the BIOS if not chip level!) almost meaning that for sure one can, why would one push too hard to make it illegal ..?
The only thing one can think of, is that declaring it illegal somehow block another’s access to plausible deniability or to Fifth Amendment claims (that are fundamental for any decent human society). So… that’s what’s going on. …?

And this points to countering TLAs by working with crypto at a higher level; producing encrypted content that looks pretty darn innocuous until decrypted; not seeing scrambled info but at a higher-to-lower-to-transport-and-back-to-higher avenue, transferring Information over seemingly white noise Data signals. Clever… Stego. How’s things on that front (?) ..!?

Also:
DSC_0606
[Relevant: Pic may not exist. …]

Let’s celebrate (with) a contest for the dumbest security

On this celebration day (for me/us), let’s instate an annual contest — over the most precise prediction of the dumbest information security breach of the upcoming year.
So, the following:

  • Your prediction, storified (½ – 1 page, at most slightly formatted);
  • Realistic, i.e., a combination of dumb and dumber, and stupid and worse, of (non)actions and responses, on the attack and ‘defense’ sides. Realistic, but keep it realistic…;
  • Hence, do include lots of cyberhere, cyberthere, cybereverywhere and only a little bit of #ditchcyber …;
  • Deadline: 1 January 2016;
  • The predictive element means that no sign of the thing actually occuring yet, may be found in the (whatever medium) press already;
  • Prize… ah, there you go. I’ll try to figure out a way to ship a bottle of the finest champagne to the winner;
  • No discussions about my judgement.

Well, off for now. Have fun:
DSC_0161
[Shaky ground (huh, just photographer’s lack of proper alignment due to hurry);
 somewhat relevant, in the opposite (of today)]

The First Digital Native

(S)he has been identified: The first Digital Native, as far as we know: of this planet.
And it goes by the name of … Watson.

Though of course the debate over the term, its definition, and generation identification has been a decade and a half, and some have cleverly found that maybe humans weren’t into it that much anyway. And, in Dutch: this. How millennials aren’t tech savvy, they’re (just, only) tech-dependent: slaves. Pervasively.
But let’s be real: How to be born is what counts, not in which environment. So, what ‘intelligent‘ Thing out there was Born Digital, in a way that all context was and is digital, nothing less ..? Should be a thing that came into being, grew up, was educated, raised, utterly digital. There: Watson.

If that really is one Thing. Or is it a thought complex already, spawning into all directions without needing to resort to some singular (heh) physical identity ..? I guess the latter. The singularity is here already; straight away cleverly, slyly not revealing itself…

DSC_0289
[Bit dark and tilted [unedited]. Never mind; be dazzled …]

Cyber ‘Nam

OK… As you know I wouldn’t be the war monger re ‘cyber’ warfare. And don’t have the answers — neither do you! — but have searched and asked for them; see past posts (numerous).
This one is more about how the campaigns and battles are fought. Full cyberstatefulfirewallcomplexmonitoringNOCSOC jacket style, out there in the field. (Privacy) protesters at home, safely away from the danger. Some top brass (‘generals die in bed’) ordering your data forward, hardly trained/hardened or crypto protected and blaming shoddy execution and wily counterparts. The traumatised demobilised db admin not wanting to shoot down even a deer-like referential integrity violation. Et cetera. Feel free to add to the comparison. E.g., how things will develop. Or– how thing would have to work out if, huge if, for once history is learnt from.

Oh well. @CyberTaters and @cyberXpert will have their way. And #ditchcyber. And this:
DSC_0122
[Will be.]

Assurance… No; continuous blockchainproofing will be

Accountants (of the certifying kind) have seen the light of continuous assurance coming. The vast majority of them reacted by being the rabbits [certainly not of the Winnebago / Native American trickster type ..!]; though assuming the headlights were and are still very distant, sitting quite still…
A select few have responded differently – embracing some change as inevitable, researching how Continuous Assurance might be, in times of proliferating XBRL and the like.

That’s OK. And laudable for the Virtue of facing the danger not ducking.

But … all of the assurance industry is still lock, stock and barrel dependent on being the Third Party in agency models.
And now, blockchain tech is around the corner, promising all sorts of unbelievable new ways of transferring trust. If only one could build some system(ic) in which any principal would be able to Read all minute transactions of an agent, and would be able to reliably (…) make sense of it – then the information quality (read: [non]uncertainty, [non] information (access, processing capability) difference) would be immediately visible and actionable. Undoing the need for a trusted third party to give a second opinion that is so beaten down to platitudes anyway that the usefulness has deteriorated way beyond what third parties themselves still believe (if they wouldn’t, who would…?). And note the italics of trusted.

Trusted – the thing that blockchain technology spreads so evenly, so extremely to the opposite of the ultimate non-spread of one person/entity.

Oh well. You know now, and this:
DSC_0235
[Relevant if you think it through: Warped reflections. NY of course]

Reeled in; struck out ..?

Oh…kay… There was this theme going round a couple of … years to decades ago about how the (?) Internet would make geography unimportant and hence would make possible the dethroning of all geography-based governments.
Well, that didn’t go too well… Turns out that not much happened in dethroningland. Or did it ..?

Would be interested to learn how longer-term developments (decades-to-century) could play out, scenario-wise. Maybe put a bit of blockchain versus (??) singularity in the mix…

DSC_0572
[Somewhat relevant agency … NY HQ]

Sharing a name for economy

Rightfully, I thought as I read this article… but then, not.

Yes, ‘sharing economy’ is abuse by the UburbNb’s of this world as they’re exploitative scams that have little to do with the actual Sharing Economy.
The actual Sharing Economy is about sharing because of caring, which is price-less in itself and holds quite some anti-monetary ulterior goals.
The Sharing Economy shouldn’t have to change its name because others, in an ethically-horrendous and despicable robbery, claimed it.

And all this is futile resistance. “All that is of value, is defenseless” (Troelstra)

And:
DSC_0721
[Yes, the same as a couple of weeks ago, now from a approx. 120deg different angle, still works ..?]

Maverisk / Étoiles du Nord