Innovation advisory and IRM/InfoSec/I-Audit services. Positive contrarian, inspirator, loosen-upper.
Hm, there was this meme about Death By Powerpoint. Now, the toned-down version, conviction (attempt) by PPT, has been found in the wild. As in this here article. Where the prosecutor was too dumb to not hide the culpose text behind the 24-images-per-second visibility screen. [Is that ‘stego’ ..?]
Incentives, incentives…
[Vic chic]
I think I have the solution to this one but unfortunately the Internet is too small to write it down.
Why did it take so long for this to surface ..?
As the <link> mentions, steganography in images is detectable and tools are around to help – how many of you already use them on a regular basis, in times when LOLcat pics are so abundant (hint(?)) – but wasn’t it too obvious that the Bad (?) Guys knew that, too, before you the pithy defenders?
So, why?
Either the tools are around but not widespread enough, or as <link> suggests, other means might work better. But the other means… are as cumbersome to deploy, continuously, costly, for the short run for the slightest of changes that anything would be leaked in such a sophisticated way whereas we’re nowhere really nowhere near similar near-water-tight deployment of tooling and methodology against much simpler leaking methods. Leaving you in blissful ignorance. ?
Leaving (sic) you with:
[Tarrega door. Shut closed.]
Apart from the #ditchcyber aspects, in the (sometimes somewhat sportsy, even) battle about control, or is it temporary one-upmanship, over the world’s communications, so many parties play a role, in such varying sizes, and operating for so many sides, sometimes multiple sides at the same time, sometimes without even knowing that, with the interactions playing at various topics and levels of abstraction and with varying scopes, time horizons, strategies and plans (quality), I could really do with some clarity. Some mapping, interactive or not.
Which all was triggered by this post on yet another singleton developer taking on, inactively!, some well-funded TLA.
Will have to dive into the detail of it all, but know that I’ll end up losing the helicopter view. How many similar developments are out there, known or not? What stages of development, of deployment, of maturity, of starting to crack and leak are they all ..? It’s a hard life, this keeping up thing.
Hence, you deserve:
[As if moulded by a genetic algorithm, Porto]
So, after privacy-enhancing regulations finally got some traction here and there – mentally, hardly in implementation yet – we’re getting the full bucketloads of bovine-produced fertilizer regarding adapted protection through ‘Data Use Regulation’.
Which already throws back actual regulation in intent and in the letter of it. But has many more nefarious consequences… As is in this article; couldn’t word it better.
We should be vigilant …
For now, I’ll leave you with this:
[A spectacle, Jerez]
Thothtech has a very useful and readable overview of ‘national’ versus ‘personal’ security.
Go read it a realize the balance has gone.
Go on! I meant that!
[Such detail, much masterpiece]
[On a rooftop ..! ‘t Spant, Bussum]
Yeah, it’s a post on double secrets again. Not just because I haven’t seen any conclusive research on what to do with it; how to handle oversight (what is warranted, , etc.), what limits to justifications there would be, how to close the recursive secrecy gap, etc.
Not even because of stuff like this.
But because another issue was pointed out yesterday/today in a post at Bruce Schneier’s blog: Where double secrets may exist, trust is lost, and (theoretically and practically) impossible to regain.
Which is a problem not only for ‘current’ (big) companies relying on the trust of ‘consumers’ (who are in fact drone suppliers of almost completely free raw materials) and other business partners on the receiving end, as their business model will crumble to nothing when (not if) those cheapoo supplier leave in massive numbers.
It also spells trouble for the not-yet-big, almost-not-yet-companies. As defined in this slide deck, those new companies rely on distributed power, which is based on trust. The said (not sad) companies can grow only to the point where the base of trusting counterparts in exchanges (~facilitated) still grows. If at one end, trustors still flow into the system, but trustors on the other end flow out at a faster pace, the base will be ever narrower; the house of cards becomes more fragile and will collapse as some business wind (if only draft) comes along.
So, in order to really ‘disrupt’ as if that would be a lofty goal of any business [I am very much opposed to such thinking! ‘Disruption’ invariably leads to massive job losses and ever so many more family members’ life dreams ruined. No, the new industry will be of (relatively) jobless growth and yes, at some scale one has to take the macro effects into account], one would need to have a pre-emptive way to deal with double secrets, so the trustor trust base may grow in breath and depth.
My feeling is now that this sort of issue may also be the foundation of the inevitable-collapse-of-any-democracy issue. As predicted toungue in cheek, and shown practically throughout history. Are we at the verge of such a (Schumpeterian?) collapse, dinosaur extinction phase, in the way societies manage themselves? Utopian or distopian visions of what’s next for the coming era (remember the ‘Mayan calendar’ prediction of such a ‘new era’ ..?) may both be overblown, or … does reality always play out a bleak version of what could have been?
All in all, it seems rather important than someone [preferably someone more intelligent than me – regarding these issues, that is] would have a look at this all…
Is there really nothing out there in the intersection of sociology-, trust-, legal-, and economics- research that has pointers on how to resolve this issue ..? If the NSA or other TLA(s) are listening in and would have some Confi stuff, that’s good, too …!