Diving under, almost, everything

Dindn’t we feel it coming, if not in the air tonight than at least, after we signalled that BIOSes had been targeted… that there’s always a layer deeper one has to be on guard for infosec leakage and backdoors… How did this ‘surface’? Bypassing all the O/S features …

Just putting in down here. E.g., which, how many, platforms would be vulnerable to this; how much and what sorts of traffic could you send around through this …? Would one be able, when in so deep, to pick up system/sysadmin/root rights/credentials when browsing around ..?

And here we (not) are, all fleeing to the End User Is Stupid mantra, away from our own failings in tech but hey, users are the weakest link so we shove tons of hard protocol i.e., stupidity, on them. And burying them in awareness smotherlectures, instead of creating real behavioural change.

Oh well. And:
[Buried under the tons of network traffic, there’s a pay(ing)load you see? Nyagra]

Once were warriors of the smallest kind, our promise for the future

Who was surprised when this here piece entered their view? Not I. I not ed that a presentation of Yours Truly of Jan 2015 had:
Ello, Viv, YikYak, Tsu, Whisper, Kik, WeChat, Line, Viber, surespot, Whicker, Treema, KakaoTalk, Nimbuzz, Tango, MessageMe, Slack, HipChat, Peerio, Wizters, Secret, The Insider, Awkward, Cloaq, Chrends, Dropon … just as a sample list, so
To which already then, tons could have been added.

[Intermission quiz: Which ones did I forget then, that have made it big today ..? Or have perished again in the mean time ..? Or are still around but struggling ..?]

Some questions spring to mind:
Have you called your money manager to account over investing in every hype over and over again whereas the returns (after accounting for LGD) are so measly?
Why do we believe the hype, against old but still solid and supreme-quality advice?
How can we do better next time(s) ..?

Poor old/young Yik Yak. So much promise, snatched away at such a young age…
Plus:
[Not a unicorn, but somewhat rare; guess where (wrong, wrong again, and again …)]

Collaborative economy

Just a shout-out for some positive initiative, indicative of what you too, could do qua collaborative economy…: This, for all your poetry in business, in particular when you’re Dutch. Which might be an oxymoron of sorts, semantically…
Whatever. Just sponsor …

Plus:
[Past poetry in 3D; Zuid-As Ams]

Free (for) all or valuable next to nothing

We discussed the distinction between ‘users’ and ‘clients’ re socmed recently, and also a bit on socmed usage profiles – I mean, (active) ‘user’ numbers.
Did I mention … (not; ) the development of one catch-all platform for those who have no clue about their own user profiles and hence dump just about anything on Facebuck, in between all duckface, cat and somewhat-(??)-indecent pics since they don’t have the capability to see the future negative reflection this will have on their sensibility qua socmed use?
Plus a whole suite of other socmed platforms, with particular use by respective particular parties that know where to post which content? Not lumping it all together, and have it viewed by just about any irrelevant crowd, but carefully pitching various content at sites where they know only interested, subject-discriminate and -educated (also, by experience) peers will seek, find and see the subject-relevant materials.

Are there any data on this? Big data on various age categories, and whether (other) user categories (per professional category at some level of detail?) use different socmed platforms ..?
Would like to learn; thanks in advance for your pointers.
Oh, edited to add before release: There’s already something on user categories, unfortunately without the numbers.

And:
[Oh all you 2 billion individuals… Caught in the intensive human farming for data…; Zuid-As Ams]

Droneshield-downer

How would this (link in Duds) great – not so much – invention help against drones that have pre-programmed GPS coordinates and semi- or fully-autonomously fly to their destination? Because they’re out there already and even building/programming them is a piece of cake for the ones that would actually want to do harm for no defensible (sic) reason.
And also, there already is this; better drone detection than the article (and the vendors therein) suggest would be possible …!
And also, there already is law against the proposed jamming.

So, too bad, vendors Deutsche Telekom, T-Systems, Dedrone, Rhode&Schwartz, Squarehead, Robin Radar Systems, and HP Wüst: Magenta is a colour, not a viable product — it’s illegal and it doesn’t work; a square fail.

Am I too harsh? Possibly; that happened some 50 years ago as well. Plus:
[Quite this’y: All showboating, no real value, and skewed; Haut Koenigsbourg again]

Sending the right message

This of course being the right message. If you can read it when I Send it you. And, for your viewing pleasure:


[Anonymous but blurry and far from privacy-complete, this physical cloud exchange…; NY Grand Central]

Goldielocks versus information security

If you expect some fable about budgets; not so much.
This post’s about the generation thing called the Goldielocks syndrome – every generation (aren’t they ever shorter, these days?) believing that they had it, and made the society they ‘created’ no less, better than any generation before and after them.
For many generations, tech is still something that ‘came in later’ [venturing that even the newest ones, will see major tech-driven societal / tools changes in their lives], and information security nitty-gritty stuff is a major part of what they experience of that technology.
And ‘we’ (all) have done a very poor job of making it easier, actually improving over what was, to take away rational arguments for the G syndrome. We rather have heaped tons of infosec micromanagement of the worst kind onto the mere use of the technology, not even mentioning the troubles in the content where automation turned into change and inefficiencies of the polished work that was, and all that to cope with issues not in the actual work but in the operation of that very technology and its (sometimes gross) imperfections that didn’t exist before.

So, we may have to re-strategise and re-implement about all that we have, qua technology and qua information security dyeing on top and after it.

There’s other reasons, too. And:
[When defences were, quite, a bit less buggy; Haut Koenigsbourg]

Don’t lower the bridge … Wait.

Would it impact you when I told you that the world’s mountains all are getting lower..?
Because that is what results from global warming. Ice melts. Sea levels rise. The zero-level is that sea level (average), right? So any distance up from a risen mark, will be smaller. QED.

Or we’ll have to start measuring from some, fixed in some improbable way, sea bottom / land point but that may not be so easy, and as said also not fixed enough. And/or the earth’s shape may change, either being more perfectly round or moving the opposite way, more 3D-elliptoid. What will happen to the rotational speed of the earth? Will we have more that 24 hours in a day, to work ..? Dynamics, tensions in the earth’s crust, etc… all is flux, nothing is stationary: Heracleitos was very, very right.

If time slows down, we might live longer. Or time relativity, or we’ll not be able to live on this earth. Or …

And:
[Heat haze will be, and the fish will swim…; Barça]

Data Science, yeah man!

Some of you may have noticed I like 4-way Venn diagrams.
That’s why (not) I’d like to link you to this.

In particular, see the information flow diagram of Science versus Engineering. Yes this is what people got their PhDs on – since academia were so often frustrated that the few times they got advisory assignments (on the side, for anything resembling real income for the department), their advice was considered much too late and wasn’t implemented whereas when the same assignments were done by commercial consultancies, the budgets were way higher and the results very unscientific but implemented. Turned out: academia lost themselves in endless analysis paralysis and beautification (in the immediate sense) of models and modeling; business just delivered a nicely coloured report with actionable advice regardless of its scientific defensability (who’d care?).

To return now to the subject: Let’s better focus on the details of the Venn diagram and make those specialisations happen (by way of recognition by employers, long and short-term), not try to maintain the über-image [no reference intended].

That’s all, and:
[In a pic, like in a job, you can’t have everything. It has flowers so it’s OK; Bayeux]

M, and A, and G, D, P and R

Now that you have finally got something going qua GDPR compliance – way short of what you’d want but still, at least something, better than the Nothing to which you were limited so far – there is a new twist to the requirements…
To be clear; by now you should at least have the requirements clear, and also possibly have some upsides lined up (if not, go shop with some vendor consultancy (and others); they’ll tell you about the benefits of data minimisation, the unstress of having your house on order, etc.). And have something going qua reconnaissance, though not armed recce or recattack.

But now, you may have to rethink. A bit. About what you’d have to have prepared when you land in M&A territory, or even in Chapter 7/11/13- (and 9-!) or any glocal receivership. Because … well, the idea sprang from this thing with de-anonymising data from sperm banks (in NL); until now most highly classified secrets (qua donorship). Turns out that not all clinics have the old data, still, because previously the secret was to be eternal hence best secured by throwing away the data.
But more seriously, not all clinincs exist anymore and there is no way to know where the data went, if anywhere.

And that’s where you organisation comes in. Not qua LoB but qua existence, now and in the future. Will you buy, take over, integrate some other org, or be on the receiving (uh…) end of the turmoil? You may want to make sure that the “GDPR” record of the other party is impeccable… Or end up with a mixed compliance bag which is equal to no compliance…
Possibly, you may have to prepare for some form of end-of-organisational-life where there is no body to take over your data and you might have to prepare for that ..?

Well, we’ll see what WG29 comes up with. At least, it will be additional stuff.
Plus:
[In a weird twist of interpretation, this complex of buildings could have housed a private bank of said kind…; Sevilla BTW]

Maverisk / Étoiles du Nord