Category: Information Security

Where art thou, APT ..?

In line with some previous posts, about e.g., the Maker Movement, I’d like to ask if anyone knows the whereabouts of all those pesky APTs that were around a couple of years ago. Oh, yes I do know they’re in your infra everywhere all the time, but qua publicity, qua countermeasures ..?
I would like to hope that in this case, more contrary to its nature you can’t get, it would indeed bebecause (sic) of having been dealt with sufficiently in the past. Or the whole APT thing turned out to be a [any country’s] TLA move – of a side with ample publicity-suppressive powers everywhere.
But that would be day-dreaming. So, I’d like to ask your insights…

And:

[[Fuzzyfied] Oh, just some storage room in my house. Or, somewhat more, at the Royal palace, Dam, Amsterdam]

Tech-brittle society

Anyone already studied the brittleness of society re technology ..? Of course, we all do know there’s a lot of ‘critical infrastructure’ out there. But do we realise enough, that it’s not only those somewhat-well-defined (not) industries that might suffer from any form of e-attack (incl EMP; what was it with those old low-band radars that the Russian had stacked behind the Ural and were found to be very effective in picking up F-117s because the latter had never been back-tested so far ..? Same, here ..?), and society as a whole might be blown into disfunctionality when some, not critical-industry-confined but ‘class break’-like attack were to be attempted ..?
I’d think not. The more complex society becomes and (hence !) the more interdependencies there are that already work with ever slimming margins, the more brittle our society becomes, the more it is like a giant house of cards, ever more critically stable before one wind collapses the whole shazam. And the less people there will be, that remember from long times ago how one would run a society in a much less complex way… If anyone still uses ‘shazam’.

Plus:

[Even those were, are complex machines to operate. And what if your coal is delivered just-in-time by some networked drone delivery in the ‘chain cloud or so and none of that still exists ..? Utrecht]

Museum of Software Mainstays of Yore ..?

The ‘terrible’ news (not) that Flash is about to be abandoned by one of its last if not the last pillar of support, reminds me of similar ‘developments’ of the past. Like, where did Dynamic HTML go ..? DEC, Sun (Sparc), Compaq, WordPerfect, Norton Utilities, 9-pin matrix printers, bulletin boards, portals. Etc.etc. Yes, yes, I know, some are still around, like OpenVMS is. And in software in particular, there may be many, many more of the lost ark items – where I’d like to see more focus on. Are they valued enough, for their staying power ..? Isn’t their staying a bit exasperated, in some dark corners of the usage landscape ..?
But more importantly (it is); is there some museum or so out there that preserves them for prosperity? I don’t mean just any ‘computer museum’ as they are (all?) of the scattershot type. I mean some museum that captures most of the essentials of the already many eras past, in IT. Like What the Dormouse Said is on paper, but then in software, running, and presenting systems as end users would experience them, a decade, two decades, -plus, ago. Without smartphones, without fastest Internet let alone actually working WiFi.

Edited to add, before scheduled posting: This, on a farewell to ‘screen savers’.

So, if you’d have some pointers, please..?

[Edited to add: A chunk of the above, here.]

Thanks in advance through:

[Once (??) was modern; Madrid]

‘Code, you know

Recently, I was reminded again that keeping up with appearances of developments, in the IT field are difficult. And placement of commas is an art if you wondered. The culprit in this instance was this here among various articles about Low Code / No Code as a thing. The placement of intermissions is, too.

Well, I’d rather be a fan of Do Code… But I’m unsure whether that still flies, other than in classrooms around the world but not your local prep / grammar school that sorely falls behind in prepping children (‘kids’ is for their parents with diminished language competencies) for the nearest of futures.

Oh well. Just go out and yolo- / NoLoCode… Plus:
[What beautiful Frank Lloyd Wright just Jeruzalemkerk Amsterdam]

Forever young, immature infosec

Sometimes one feels like one’s in a partial Gourndhog Day or 2:22 …
When 7 december 2006, there was this meet about the maturity of infosec, as a field. Which was compared, by Yours Truly, to the then (and now!) equally immature IS audit world – which had a couple of decades more under its development belt but was is still quite immature still.

Then there’s the first paragraph of this. ’nuff said..?

And:
[This, still fresh which is a different thing …; Barça of course]

Diving under, almost, everything

Dindn’t we feel it coming, if not in the air tonight than at least, after we signalled that BIOSes had been targeted… that there’s always a layer deeper one has to be on guard for infosec leakage and backdoors… How did this ‘surface’? Bypassing all the O/S features …

Just putting in down here. E.g., which, how many, platforms would be vulnerable to this; how much and what sorts of traffic could you send around through this …? Would one be able, when in so deep, to pick up system/sysadmin/root rights/credentials when browsing around ..?

And here we (not) are, all fleeing to the End User Is Stupid mantra, away from our own failings in tech but hey, users are the weakest link so we shove tons of hard protocol i.e., stupidity, on them. And burying them in awareness smotherlectures, instead of creating real behavioural change.

Oh well. And:
[Buried under the tons of network traffic, there’s a pay(ing)load you see? Nyagra]

Collaborative economy

Just a shout-out for some positive initiative, indicative of what you too, could do qua collaborative economy…: This, for all your poetry in business, in particular when you’re Dutch. Which might be an oxymoron of sorts, semantically…
Whatever. Just sponsor …

Plus:
[Past poetry in 3D; Zuid-As Ams]

Droneshield-downer

How would this (link in Duds) great – not so much – invention help against drones that have pre-programmed GPS coordinates and semi- or fully-autonomously fly to their destination? Because they’re out there already and even building/programming them is a piece of cake for the ones that would actually want to do harm for no defensible (sic) reason.
And also, there already is this; better drone detection than the article (and the vendors therein) suggest would be possible …!
And also, there already is law against the proposed jamming.

So, too bad, vendors Deutsche Telekom, T-Systems, Dedrone, Rhode&Schwartz, Squarehead, Robin Radar Systems, and HP Wüst: Magenta is a colour, not a viable product — it’s illegal and it doesn’t work; a square fail.

Am I too harsh? Possibly; that happened some 50 years ago as well. Plus:
[Quite this’y: All showboating, no real value, and skewed; Haut Koenigsbourg again]

Sending the right message

This of course being the right message. If you can read it when I Send it you. And, for your viewing pleasure:


[Anonymous but blurry and far from privacy-complete, this physical cloud exchange…; NY Grand Central]

Goldielocks versus information security

If you expect some fable about budgets; not so much.
This post’s about the generation thing called the Goldielocks syndrome – every generation (aren’t they ever shorter, these days?) believing that they had it, and made the society they ‘created’ no less, better than any generation before and after them.
For many generations, tech is still something that ‘came in later’ [venturing that even the newest ones, will see major tech-driven societal / tools changes in their lives], and information security nitty-gritty stuff is a major part of what they experience of that technology.
And ‘we’ (all) have done a very poor job of making it easier, actually improving over what was, to take away rational arguments for the G syndrome. We rather have heaped tons of infosec micromanagement of the worst kind onto the mere use of the technology, not even mentioning the troubles in the content where automation turned into change and inefficiencies of the polished work that was, and all that to cope with issues not in the actual work but in the operation of that very technology and its (sometimes gross) imperfections that didn’t exist before.

So, we may have to re-strategise and re-implement about all that we have, qua technology and qua information security dyeing on top and after it.

There’s other reasons, too. And:
[When defences were, quite, a bit less buggy; Haut Koenigsbourg]

Maverisk / Étoiles du Nord