Tag: IT security

Complexity beaten by [The mechanics of Joe Average]

Yes it’s time to remind you again. And again. That the mechanics of the mindset of Joe Average (notice how that’s a he not she …?) will beat even the best laid-out strategic plans, Von Moltke-style. As can be read in this here piece; instructive both on the surface and in the sub-surface semantics, meaning. I.e., that JA is even ‘smarter’ than you thought when it comes to achieving JA’s actual objectives of GetOffMyBackWithYourStupidTargets. Through which it all reminds us, being you too, to build security around actually desired functionality — as desired by end users to get their in-tray empty. Nothing more, certainly not your lofty functionality goals, that’s just burdensome nuisance. If you hinder the former and leave space for abuse in the latter, you’ll be doomed doubly. All the pain, no gain.
Be reminded, too, that your efforts down the blind alley will result in complexity that JA will beat, but maybe, all too often, you don’t. Meaning even that, is for nothing and will leave you out to dry.

Hm, as a pointer, this point needs both much more elaborate thought, in your heads, and is depleted for write-up here. Go and do well.

DSC_0084
[In the Cathedral of Pump; Lynden, Haarlemmermeer]

Let’s celebrate (with) a contest for the dumbest security

On this celebration day (for me/us), let’s instate an annual contest — over the most precise prediction of the dumbest information security breach of the upcoming year.
So, the following:

  • Your prediction, storified (½ – 1 page, at most slightly formatted);
  • Realistic, i.e., a combination of dumb and dumber, and stupid and worse, of (non)actions and responses, on the attack and ‘defense’ sides. Realistic, but keep it realistic…;
  • Hence, do include lots of cyberhere, cyberthere, cybereverywhere and only a little bit of #ditchcyber …;
  • Deadline: 1 January 2016;
  • The predictive element means that no sign of the thing actually occuring yet, may be found in the (whatever medium) press already;
  • Prize… ah, there you go. I’ll try to figure out a way to ship a bottle of the finest champagne to the winner;
  • No discussions about my judgement.

Well, off for now. Have fun:
DSC_0161
[Shaky ground (huh, just photographer’s lack of proper alignment due to hurry);
 somewhat relevant, in the opposite (of today)]

Drones are the new tablets

It’s obvious once you think about it (which admittedly may or may not be obvious in your case) —

  • Desktop sales rebound a bit, on new (‘large’, expensive-)chip performance;
  • Tablet sales a sagging as they turn out to be too slow, and the ‘keyboard’ size and control pads turn out to be insufficient for all but casual browsing. Though highest-end specs may suffice, almost;
  • But at the lower end they’re overtaken by notephones;
  • And, at the higher end, 2-in-1 laptops shrink with all their convenience and power on board (SSD mem…) to (better) serve the nomads (than till now);
  • Unexplored newness (post-retro-hipster, though a lot of ppl around may have missed a couple of trend switches probably due to being sheeple anyway) is now in Drones. Of all sorts:
    • Not just cam pics/vids of the casual kind,
    • We’ll see an array of submarkets springing up,
    • E.g., photography: Think about all the much-better tilt-shifted [No. No. NO! Not the crapcam idiot-filter kind!] pics of any environment, including cityscapes and high(sic)rise architecture,
    • Or the pro-am sports event coverage that can improve so much (except for the actual pros — they may lose their margin),
    • And industrial inspection may be much easier if done right; replacing bulky dangerous man-manned choppers etc. — see the text of this!
    • Lots of variants are out there, still; no market rationalisation in action (yet),
    • No easy Eple version being in sight. That could only have the functionality that sheeple can handle; two simple push buttons: ‘Take-off’ and ‘Crash’,
    • All this, especially since safety issues (and privacy maybe, huh) may mean full freedom may not be feasible in the end — leaving the drone thing to techies (those that have a developed feel for tech, not the weaklings that have grown up thinking math was hard b/c they didn’t want to put in any effort into anything let alone hard learning stuff and were left free by their ‘I live like my kids are an accessory’ too stupid to should have been allowed to be parents). Where techies just don’t grow the market into early adoptor/early majority sizes quickly.

Oh well, I made my point. I hope. Anything to add ..? Like:
DSC_1003
[This is a test: If you don’t know what that is, you’re disallowed to operate a drone for obnoxious ignorance]

Cyber ‘Nam

OK… As you know I wouldn’t be the war monger re ‘cyber’ warfare. And don’t have the answers — neither do you! — but have searched and asked for them; see past posts (numerous).
This one is more about how the campaigns and battles are fought. Full cyberstatefulfirewallcomplexmonitoringNOCSOC jacket style, out there in the field. (Privacy) protesters at home, safely away from the danger. Some top brass (‘generals die in bed’) ordering your data forward, hardly trained/hardened or crypto protected and blaming shoddy execution and wily counterparts. The traumatised demobilised db admin not wanting to shoot down even a deer-like referential integrity violation. Et cetera. Feel free to add to the comparison. E.g., how things will develop. Or– how thing would have to work out if, huge if, for once history is learnt from.

Oh well. @CyberTaters and @cyberXpert will have their way. And #ditchcyber. And this:
DSC_0122
[Will be.]

Assurance… No; continuous blockchainproofing will be

Accountants (of the certifying kind) have seen the light of continuous assurance coming. The vast majority of them reacted by being the rabbits [certainly not of the Winnebago / Native American trickster type ..!]; though assuming the headlights were and are still very distant, sitting quite still…
A select few have responded differently – embracing some change as inevitable, researching how Continuous Assurance might be, in times of proliferating XBRL and the like.

That’s OK. And laudable for the Virtue of facing the danger not ducking.

But … all of the assurance industry is still lock, stock and barrel dependent on being the Third Party in agency models.
And now, blockchain tech is around the corner, promising all sorts of unbelievable new ways of transferring trust. If only one could build some system(ic) in which any principal would be able to Read all minute transactions of an agent, and would be able to reliably (…) make sense of it – then the information quality (read: [non]uncertainty, [non] information (access, processing capability) difference) would be immediately visible and actionable. Undoing the need for a trusted third party to give a second opinion that is so beaten down to platitudes anyway that the usefulness has deteriorated way beyond what third parties themselves still believe (if they wouldn’t, who would…?). And note the italics of trusted.

Trusted – the thing that blockchain technology spreads so evenly, so extremely to the opposite of the ultimate non-spread of one person/entity.

Oh well. You know now, and this:
DSC_0235
[Relevant if you think it through: Warped reflections. NY of course]

Tempting Under-30’s

It dawned, suddenly. The ubiquity of lists of Under 30 mil/billionaires, where they live, etc. All that attention – Why? Jealousy? Maybe, (most) partially that is the lure for attention.
[Note that it dawned only. If you’d find this post a bit … imperfect, that would be a. impossible ’cause it’s mine, b. as the thaw hadn’t dried up, c. in particular on socmed not very much elsewhere. If unsure always go for b.]

For one thing, the Under 30 list phenomenon is real and annoying.
For another, it shows the slightly less-than-full-witted to be the target audience – how else to explain the ’30’ cut-off ..? Age isn’t even a number, it’s a word. And why so fixated? … Ah, because:
It (the lists/phenomenon) serves as teaser, as bait, for the gullible (‘slightly-less-than’) to work their … off, even accepting nothing but a vaporware share (‘points’ anyone?) of the mirage. So that the ones that stay behind the screens, the Powers That Be can reap the benefits. It doesn’t even help to have experience; most don’t learn from that anyway as practice shows.
And it creates a sense of urgency, when one inevitably gets closer to the 30 mark so quickly. To not be a failure, hurry up even more armagerrd the pressure to be Creative!
And then find that sane people might be as creative, or even more so, at all later ages as well. My guess: The early fast burners are exhausted by their 40s and have nothing left to rekindle [or, maybe they have, if they’d try really really hard], when the percentage of as-yet untapped innovation and disruption capable people does not go down except when stuck in dumbing-down moronic work (factory, office..!). The ones that escape, have more! Both an urge, a cropped-up primordial energy, and experience to effectively and efficiently release it. Some hope for Yours Truly, then.

So, we weren’t surprised when this came along. IoT not invented in Silly Valley. Because that is where all the minions are doing the hard mind work. Whereas IoT relies heavily on old tertiairy industry and at the same time doesn’t require the totalitarian unphysical-labour-only approach of the Valley. The mindset-disconnect is why IoT hasn’t taken more flight yet; one needs both the less-than-exponentially-exploding developments from everywhere-but and the ‘disruption’-labelled somewhat-faster business model innovations together whereas still, the disconnect is too much of a sea (baha) to be parted-is-connected by some Steve type.

[Morning fog still there. I’ll pause now.]
20150311_122327_HDR
[Boating, banking style @ Zuid-As. Oh stop it! Not literally as a utterly wasted money pit sailing yacht – Dutch invention in two ways… – but figuratively in more ways than two.
In the background left: Not symphony but simple.onetrickpony…]

#ditchcyber CSI, this was real

A quote, a post:

This is a story of a very high-tech kidnapping:

FBI court filings unsealed last week showed how Denise Huskins’ kidnappers used anonymous remailers, image sharing sites, Tor, and other people’s Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.

The story also demonstrates just how effective the FBI is tracing cell phone usage these days. They had a blocked call from the kidnappers to the victim’s cell phone. First they used an search warrant to AT&T to get the actual calling number. After learning that it was an AT&T prepaid Trakfone, they called AT&T to find out where the burner was bought, what the serial numbers were, and the location where the calls were made from.

The FBI reached out to Tracfone, which was able to tell the agents that the phone was purchased from a Target store in Pleasant Hill on March 2 at 5:39 pm. Target provided the bureau with a surveillance-cam photo of the buyer: a white male with dark hair and medium build. AT&T turned over records showing the phone had been used within 650 feet of a cell site in South Lake Tahoe.

Here’s the criminal complaint. It borders on surreal. Were it an episode of CSI:Cyber, you would never believe it.

Just to remind you; it’s not all APTs only that hit you. Here, it was ‘just’ hardcore kdnapping. And think about victims of false … [fill in your favourite of the four horsemen of computer crime and colour the picture] accusations alone: Defamation by the clueless, works at much longer terms, and maybe more effectively. Nothing progressive, innovative, disruptive about that… And:

DSC_0082
[Yes that is the First Flag – government project: (i.e.) unfinished]

A sobering thought

Actually, not one but a great many sobering thoughts, in this great piece: What They Don’t Teach You in “Thinking Like the Enemy” Class. In a high-quality series.

To which one might add … not too much. Maybe the 100%-is-infeasible line, and Schneier’s Return of the Security (is..?) Theatre trope. Oh, and the one that has still taken far too little root; the deperimetrisation-means-you-need-to-focus-on-information-not-the-fortress aspect that has been around for a decade already but still has hardly been implemented properly.

Or, we redesign the world. Somehow, we need to get into the mindsets of the global populace – that so far hasn’t been standardised to any degree; happily! for cultural diversity hence overall societal flexibility, development and progress … – to accept that after human development was pushed by physical wars for all of its existence so far, we have arrived at a new round of warfare innovation. After the man-to-man (sic) manual combat, and the ethically despicable practice of not even seeing the Other in the eye individually that gunpowder brought on – glossing over the trebuchet-and-others long-distance hurtling and archers’ reach –, we are now engaging not only in drone-led warfare (distance being even greater), but also in this: humans not being the soldiers anymore; that part being taken over by the robot. By which I don’t mean humanoid robots – why even bother – nor masses of stand-alone AI. But rather, unembodied A(S)I that operates on any platforms together, creating resilience not by numbers of clones but by moving swiftly over servers by having been virtualised at various levels of conceptuality, as they are compounded-mem complexes battling each other evolutionarily. And still aiming at humans.

…? Well, what’s the purpose, otherwise ..!?

Which is far off from where this post started. And foregoing the intermediary step I wanted to write up; where ideas cleverly capture (numb, dumb?) people and ‘ideologies’ fight each other for global dominance. With all sorts of ‘neat’ (quod non) tricks. But [w|h]ell… and this:
DSCN8626cut
[All humans removed from picture. Naturally]

Maverisk / Étoiles du Nord