Tag: Risk Management

Overwhelmed by ‘friendly’ engineers

The rage seems to be with chat bots, lately. Haven’t met any, but that may only be me — not being interesting enough to be overwhelmed by their calls.
Which will happen, in particular to those in society that have less than perfect resistance against the various modes of telesales and other forms of social engineering (for phishing and other nefarious purposes) already. Including all sorts of otherwise-possibly-bright-and-genius-intelligent-but (??)-having-washed-up-in-InfoSec-for-lack-of-genuine-societal-intelligence types like us. But these being the ones of all stripes that ‘we’ need to protect, rather than the ones apparently already so heavily loaded that they can spare the dime for development of such hyper-scaling ultra-travelling foot-in-the-door salesmen. Is this the end stage, where none have a clue as to which precious little interaction is still actually human-to-human, and the rest may be discarded ..?

As for the latter … It raises the question of Why, in communications as a human endeavor… Quite a thought.

But for the time being, you’re hosed, anti-phishing-through-social-engineeringwise.

Just sayin’. Plus:
DSCN0408
[Retreat, a.k.a. Run to the hills / Run for your life; but meant positively! Monte Olivieto Maggiore near Siena]

Plusquote: Critique of the Pure Reasonlessness

This episode, by reference to the excellent Future Crimes (Marc Goodman, as here), one originally by G.K. Chersterton (The Blue Cross):

The criminal is the creative artist; the detective only the critic

To which we would want to add: And the auditor, only the disgruntled desk-bound traffic cop.
Since, the checker (and penaliser) of the trivial petty little rules, should remain in the third line, right ..?

Where by the way, the creativity of the artist is required to make the art work that sells — and hence all make their living off straightforward crime or would perish. The more you bureaucratise into totalitarianism, the more you see life wither, till death. Even if the crime keeps on being perpetrated — by laxity of the second and particularly third lines, in cahoots with the profiteers. … Maybe that’s a bit deep-but-overly-lapidary …
Hence, just:
DSC_0247
[Panopticon Central, Strassbourg]

Miss(ed), almost ..?

One might have easily missed one of the most valuable annual reports … but if you trust it (you can) or would want to dismiss it (you can, for various reasons like the management babble leading to a great many missed threats and ~levels as here, always of course, but still), it is an important item when you’re in InfoSec despite #ditchcyber! so you’d better study it.
Oh, yeah, this being the thing.

OK now. Plus:
DSC_0113
[In “cyber”space (#ditchcyber once more), easily scaled. Haut Koenigsbourg again.]

Still, 3LD is the 4th leg

This, not as much a monster under the bed as it is a monster elsewhere; Three Lines of Defense (quod non).

I’ve discussed the utterly nonsensical, totalitarian bureaucratic, lie of its utility already over and over again, but the thought — through encounter in daily practice so often still — returns every now and then. And then, one realizes: Three Lines of ‘Defense’ (quod non) are not the third, but the fourth leg of a flipover stand. Yes, indeed, you hardly see that ever — for a reason: Where the third leg is flimsy already and certainly so compared to the stability provided by the first, essential, two legs, any fourth might impress but destroys stability of the whole!
Yes, as three ground point define a surface hence stable stance on any irregular surface (and, hence again, are completely sufficient), four such touch points are very hard to get stable, onto a plane surface. Therefore, the fourth leg destabilizes the whole shazam, undoes the effectiveness of the third. Now, two are bungling.

And no, not because a flipover has three legs does that reflect TLD; the first two legs are equally required and face us, thus giving the thing its purpose which is completely, fundamentally, different from TLD where there’s three lines behind each other that only ‘protect’ (quod non) against regulatory oversight by massaging all embarrassment away through ever more dubious language. When you don’t see the fundamental of that difference, you may or may not be hopeless. Stop dragging the IQ average of whatever group you consider yourself part of, down so low.

I now rest my case.

20160428_170217[1]
[‘Transparency’ and building material? We see right through that both, Chanel!
 (PC Hooftstraat)]

I am Satoshi Nakamato

… If only to dilute the discussion. And to all be Spartacus. Let the Craigs be the fools (not even meant lightly; rather pejorative here) they are. The absolute hard-math sides of Bidkoyn coming full circle to the mysteries to be kept mysteries for the very sake of it for once you dumb.ss! of its origins.

To keep it real:
20140917_091306_HDR
[Mining precedes, but the use side is in transport ..? <Think that one over> at Utrecht]

Rien vous ne pouvez plus …?

When business is about betting, hopefully educated guessing, the near and bit further future developments of <somethings>. Educated, of course with a pinch of theory — but then, only the parts that are actually true, and still valid, for the future, too so throw away all (seriously) but a few nuggets of the most absolute que sera, sera of economics / business administration (sic) — and a healthy dose of experience — but not too much as it would lead to a lachrymose same as the (true) theory and we still need Action, don’t we ..?

Then totalitarian bureaucracies, like the banking world (in a suffocatingly tight grip, including the regulatory-captured but also holier-than-thou regulators), will try to squeeze all involved so thoroughly that no business is feasible anymore. But will fail, as the spirit has been out of the bottle since the Apple; Original Sin is about being human, above animalistic sustenance-supporting instinctive compliance with the laws of nature. Again and again, the stupidity of belief that Apollo wins out over Dionysos ..! They’re equal in all respects, certainly in the spirit of Man, and remember that even Zeus was forced to break marital laws (what a player he was, by necessity …:) because at the End of Times, the titans, the powers of Chaos, will almost win out. A trope so powerful that all belief systems have it (but a few exceptions) so to be held for certain; until proven wrong…?

Even more: The higher the pressure (that the straightjackets on subjects can take), the more fluid everything becomes. The more zealous, zealotic, crazy (outright that word, yes) compliance efforts micromanage (lest the ‘manage’ part which is utterly ridiculous if used in this sense), the more devious and deceptional will the business be, caused by this very reason of compliance efforts. LIBORgate, anyone ..?

‘Trust, but verify’ is a lie. Since only the slightest hint of the latter, immediately completely destroys the former ..! As the former is a two-way street! Seek out those that support this lie, and you’ll find the true culprits of the above.

So far, so good for a Monday morning’s rant, right ..? I’ll stop now, with:
20151008_123437
[Rigid, but colourful, the max you can achieve; Nieuwegein]

Disciplined away from bureaucracy

After some thought on bureaucracy on either side of the Big Pond, it suddenly dawned on me how to explain the seeming (of course) paradox:

  • At the Western shores, a lot of military with front line battle experience (and some, only a bit less so), possibly out of reserve functions in mundane business, have gone (back) over to the dark side of commercial business, with their discipline and cutthroat ‘competition’ (using not secondhand car salespeople but live ammo) as main assets / gathered experience to bring to bear.
  • On the East oceanboards, not so much, and a love for egalitarian Rhineland ideas might have persisted, giving flexibility and care for customers (‘s souls), and much room for ‘Millennials’ (let’s all drop that most empty of phrases though you get my drift) in the workplace.
  • On the point of competition effectiveness, Westeros beats Essos hand down.

But, the critical points for resolution are:

  • US businesses have been taken away from petty-rule-based (only) bureaucracy that they were in (yes they were, even with the freedom-seeking escapism rampant throughout), by the infusion with serious doses of Mission Command (a.k.a. Commander’s Intent) flexibility in goal achievement over procedural justice / form-over-substance.
  • European corps had nothing to counter Power Corrupts style demise unto totalitarian bureaucracies with their headless-chicken compliance.

So, it really is no contest but we would need a (not present) ref to break it off. To bad, and:
DSC_0608
[Oh how cutiepie, Doesburg defenses]

Untrained accountants

Somewhere in Rise of the Robots (approximately p.253, 2nd line from the top), ever infamous [but very, very right] Carr is ideaquoted about pilots not getting enough experience with flying and (well, mostly: continue to keep on …) flying in adverse conditions and hence are paradoxically (much) less capable to handle the few exceptional situations for which they are kept aboard on ever more fully automated flights. [Except from the passengers’ comfort, but if only they knew the previous…] The Shallows, indeed…

Now, how would this compare to accountancy …? Ever encountered an assistant auditor that would recognize, let alone be able to do himself, double-entry bookkeeping ..? Which is of course already quite fully automated or will be in the very near future. All of accountancy/audit (in many worlds except a few slackers, this can and will be used mixedly though the latter is so much more ..!) that is stacked on top of such simple things, like checking on the bookkeeping let alone at the other end of the spectrum concluding that ‘the books’ represent a true and fair view (to the dime) of business performance (sic; more that just having debit=credit; author knows of a bank where this proved literally Impossible to do, with all the latest overfully automated bookkeeping information systems with a margin of € 1B e-ve-ry month, wiping the slate clean with a one-sided journal entry…!!), will come into question qua ability — in particular where the once usual decades of training was needed to establish sufficient experience to be able to, with an error margin always still!, declare the True and Fair parts, and now, such experience can be had less and less, with the disruption starting from the bottom with audit automation turning into big data (process) analyses supported by IT audits and what have we.

There simply aren’t the entry-level experience gainers jobs anymore; any complete-greenhorn (and uni grads are that, more and more it seems; just ask them to write a simple business report…) will have to jump to an immediate medior-level performance level. So what does one end up with? Mostly n00bs posing as l33ts. Posing, as content-wise performance is … well …

Oh well, it’ll get worse, much worse before it gets better. And:
DSC_0695
[Graciously having opened my back garden to the public (but this is Het Loo of course)]

Emerging degrees of privacy

Given that ‘privacy’ is a property that emerges from good Security, more particularly from Confidentiality (and Integrity), there’s two avenues to succeed in this field:

  1. If quick and maybe even too dirty: Data minimalisation (as e.g., here, in Dutch)
  2. Else (OR?): Fine-grained protection, also against the default Read all down the stack (user / end point / comms channels / applications / middleware / servers / storage — with the latter maybe crawling up and down the stack again when virtualizing in the cloud)
  3. Because binary’s not my thing and keeping it real (i.e. (!) not being consistent) is: Would any of you have pointers to some science on possible degrees or levels of privacy ..?
    The idea keeps floating around in my skull. Including degrees of invasion! Where sometimes, the required degree (as set by the subject) would be less than the degree for some government agency so everything goes … for this some data point only. Yes, Value creeps in as a boring subject but isn’t everything. Should be a field of study …?

Thanks anyway for all your pointers on the last item… (none); hence:
DSC_0732
[It’s watching over your shoulder….! Het Loo]

Repeat: Trawling for noise

So… Legal developments go at glacial ‘speed’, thus mumbling critical oversight to sleep. Happened, once again, in NL. Mass collection (sic) of and trawling through all sorts of data ‘out there’ is free game for gov’t agencies.
NO the oversight committee will not do anything. Anyone saying so, plainly and simply lies under oath to overthrow the constitution (isn’t that high treason?)

But what will happen of course, is that those that in the past weren’t able to connect the dots (proven fact), will now be swamped in enormously bigger piles of noise data. At the very very best (??) they’ll find bucketloads of false positives — ruining perfectly normal, perfectly legally operating citizens’ lives, of course without any serious recourse or restitution of lost life’s pleasure and happiness…
And the false negatives will also explode, induced by the very ‘countermeasures’.
So, also those that propose and implement and work with such ‘solutions’ quod non, will be culpable to.

Oh well Or well was right. Plus:
DSC_0516
[I don’t want or like, but do expect, a similar thing again; for different reasons but with no really different methods — Prinsenhof Delft ya’know]

Maverisk / Étoiles du Nord