Category: Innovation (technologicallly driven)

I am not me. Myself: nope, neither.

Now that infosec has become to lean so much on the People side of things – as in theory all things Tech have been solved, for decades already just not implemented to any degree of seriousness..! and ‘process’ having been exposed as utter nonsense ‘management’ babble – it is strange to see that psychology hasn’t come to the fore much, much more. Even when pundits and others, and the minions like Yours Truly even, have posted over and over again that no tech system however perfect can stand the assault of through, e.g., casual negligence and unattentive error let alone gullibility and other vices.

E.g., in the area of IAM. Where I, the construct, the behind-the-persona ego I recognise as such, is constantly changing. In my case, developing fast, forward, up. In your case… well, let’s be nice to one another so I’ll remain silent.
And all sorts of avatars are developing as substitute for you and me within systems. See, with AI mushrooming lately, avatar ‘development’ may quite easily, soon, surpass ‘you’ in being ..?

Back to the story line: It’s just not userIDs anymore; context-aware and -inclusive, capability- and rights-attached constructs they are, and integrating with the Avatar Movement (Rise of the Machines, yes) to morph into actual beings that might soon pass Turing for comparability to/with humanoid identities. We’ll be on equal footing, then, or soon after, bland dumbed-down versions of personas/egos.

But How Is This Relevant … Ah, the clue of today’s post: Because social engineering, phishing etc. play on the weaknesses of humans to be able to impersonate. So, either stop the weaknesses (as vulnerabilities; eternally impossible) logical-OR stop the impersonation (the assumption of avatars/personas by attackers; taking down their masks). The latter, by at least being aware that the avatar, the persona, isn’t the actual person. How to get that into systems, and at the same time recognising ‘actual’ avatars/personas i.e., the link between those and the right real persons behind the masks even when considering through human weakness the persona has been ‘compromised’ …? That will solve so many infosec troubles…
But heyhey, I don’t have a clue like you do. Or do you ..? Very much would like to hear ..!

[Edited to add before publishing: Hold Press; include this on behavioural stuff]

DSCN2608
[“Riga”..? Aptly French?]

Disruption, -parity

Just wondering: How’s the disruption in your ICT coming along ..?

Seriously; hardly at all ..!?

Join the club. Of almost all. Public, private, large, small; all organisations suffer your fate of [barely; outdated browser] being able to read all about the Great New stuff that’s out there, but seeing nothing of it in your daily work. Strange, eh?
Or is it again the short-term impact being overestimated until it’s “too” “late” to join in, for most orgs ..? Because the real talent, the people that actually want something out of life either with, through your org or without it, elsewhere, will have gone to that elsewhere with all their motivation, and you’re left with the dull, exhausted, numbed-by-the-avalanche-of-downsizing-rounds petrified staff [you deserve, if you don’t pay attention]?

So, be positive; hunt for the opportunities and push your people to do the same! While also bulldozering through the roadblocks, often (middle? elsewhere too?) management having been trained to the hilt with objection finding, -raising stamina to defend the stasis quo [intended]. Close the gap, from veering into nothingness off the path of innovators, to return to lead at the head.

Oh well; for now:
DSC_1026
[Needs serious renewal above the shoulders; DC]

Nice note

Just a long-form quote this time, by Norm Laudermilch:

In addition, we should stop using the term “advanced threat” to describe the threats we see every day. It’s too common to hear a recently breached company point to a “very sophisticated cyber attack perpetrated by a nation-state”, which makes it sound like this was something undetectable and impossible to stop. Gartner analyst Neil MacDonald calls this the “dog ate my homework” excuse. More likely we find that it was just another piece of malware cranked out by one of the latest exploit toolkits, delivered via spear-phishing or targeted malvertising, perpetrated not by highly advanced nation-state adversaries but by comparatively low-tech cyber crime gangs. Even if a nation-state attacker crafts an extraordinarily unique and complex malware payload, they’re probably using the common delivery vectors mentioned above. Why? Because these attacks work every time.

Emphasis mine and I second. Until quantumcrypto is cracked, each, any and all cracks are of sophistication Zero. Or One, at most. Combining the most basic of ‘attacks’ i.e. exploits of negligence. Read the full article, and agree. Oh, and [self-plug] there could be side benefits in sloppiness, like this – IF deployed properly. And have your press release at hand, like this one.

So, …
DSC_1024
[Surpreme court; would you want your ball there?]

As predicted; a next container move

Actually, the speed of development of this, is bigger than it seems. Both on the impact and on the implementation side. It’s just that it’s out of sight for most.

Any suggestions how this impacts Security ..?

For now:
DSCN5522
[Next time we’ll take fresh pics; DC]

Trigger seeding

In defense of sloppy account management …
Sort of. Rather, deliberately sloppy account management.

Reading through this in particular, and that, I wondered: Would there not be a nice part of a solution in seeding your user accounts database(s) with fake accounts, to act as tripwires ..? They could be given no access to anything, or access only to honeypot-like info / environments. And then trigger the alarm when accessed – by intruders, or by own security staff or auditors when doing surveillance of controls functioning.
Somehow also, I have a gut feeling there’s some hidden secondary effects in this. Any of you who has given this some more thought already, and have info on this ..? Much appreciated.

For now, this:
DSCN1106
[This makes me look fat. La Défense again.]

Off Maps

Again an intermission. About interruption. Of interesting innovation(s).

Jsut to put it down like that; we tend to see only the successes – of the time being. But the once were warriors of disruption aren’t all, around, anymore. Be ware the next hypes…

[Edited to add: This here pic via Martin de Bie may be a first thing attempting to challenge little G’s hype cycle visual since that got traction, to depict innovation-to-disruption-scale developments. Other than the above list, returning to the underlying ideas not accidental Inc’s.]

DSCN0657
[Good Barça. Not a hotel.]

Tax reform, city closure: Really …?

With the Summer approaching (though not having the weather accordingly yet, here in NL), discussions about closing city centers to “old” diesels (even the types with filters that are cleaner that regular cars!), and changing settings in e-car subsidies because they prove so popular, just consider I drive nicely over 50MpG on average (incl traffic jams, city traffic)…:
Vehicle-emissions1
Whereas most electric cars run on coal juice … So, putting it straightforward: Sh.t up.

Road rage (autonomous car edition)

Two things about self-driving cars:

  • When a fully ready car leaves the factory, it should be programmed completely, at least with all needed to function independently from thereon. Does it think at that very moment “Ugh here I am, just born and already with a huge traffic jam behind me (in the factory)”..?
  • Where humanoids will in school and around that, learn quite some data and algorithms by heart just to know them, and acquire experience on how to deploy all that, in the chaos that is the actual world, before being considered an adult capable of independence and accountability in the free world, how will autonomous cars gain such experience once they leave the factory ..? Will they be utterly clumsy during the first few miles / years (sic) ..? Your legal department may need to know.
  • [Third, because rebel.] News broke that self-driving cars drive like your granny. Get out the bull bars (originally: ‘roo bars! from down unda) and shove them off the road. [Edited because apparently necessary to add: In no way literally or even close, you m.r.n!]

So. Moving on ….:
DSCN4611
[Skewed before screwed; Madrid for no reason whatsoever]

Singularity / M-jumps

Musing with the ideas, suddenly (?) resurfacing the last couple of weeks, of memes being the abstract ideas that spread over human brains like viruses do in the physical world.
Where ‘virus’ taken in a wide sense may include the mitochondria et al., would reflect into the abstract like algorithms and/or Turing engines / data streams.

But that’s just some analogy to just track back. My concern was (is?) with what would happen at the point where ‘machines’ would become so intelligent, or the physical substrate that information (and/or algorithms, analogy from the other side?) rides on, would no longer need human brains, human flesh and bones, to function, procreate and spread. Is that at, or past, or before the Singularity ..? I see [wanted to write ‘envision’ but one should eschew obfuscation!] various scenarios following from there various scenarios. Not all, too happy. Let alone for us humans.
And how would we call such points? Ladies and gentlemen, I coin ‘M-jumps’.

Your comments are welcomed. Even if you expected “you’re”.
Oh well, …:
20150517_212545
[Just an off the cuff phone snapshot; Baltimore by night]

Where accountancy will go

Considering the progress made in the accountancy sector with ‘continuous’ assurance, it struck me that until now, process (read: mere procedures) was driven by technology, at least up till now. Because the idea of ‘transactions’ in that, now quickly antiquating, ERP system we all know, was based like it was and is in all the other comparable systems or less, on the ideas before that. And procedures just had to adapt to the software. No, not the other way around; that’s pure marketing babble!
So, now we (hopefully soon) have XML and XBRL to take some work off our hands (?). But also … qua big d analysis (tired of writing / pronouncing that at full length..!) we’re moving ahead. To be able, would be able, to just dump all ‘transactions’ or primitives into a big db and then run ad hoc queries on them, possibly with some AI in the mix. Who needs separate bookkeepers’ accounts when all source data is available in blobs or whatever ..?

Which may require a leapfrog of assurance. But hey, the world wasn’t invented to service that, but the other way around.
Any thoughts ..?

Thought so. hence:
20150510_160828_HDR
[Oh, the Great Outdoors! … Central Park, NY, NY]

Maverisk / Étoiles du Nord