And one more conference for April....The Global Security Solutions (GSS) Identity Management and Privacy Conference 2008. Details are at http://www.idm2008.net. GSS is a South African based company specialising in the process and people issues around security. They are a good crew of people who deliver a unique set of services complementary to any of the offerings from the mainstream software and services companies operating in this space. I will be giving the day one keynote for the conference, and while down in South Africa, plan to visit some of the main industry players and IT sites. This is a part of the world that has a lot of interesting activities going on, and is also one that will benefit enormously from expanded capability in the virtual presence communications arena.
Monday, 28 January 2008
Identity Management Conference
And one more conference for April....The Global Security Solutions (GSS) Identity Management and Privacy Conference 2008. Details are at http://www.idm2008.net. GSS is a South African based company specialising in the process and people issues around security. They are a good crew of people who deliver a unique set of services complementary to any of the offerings from the mainstream software and services companies operating in this space. I will be giving the day one keynote for the conference, and while down in South Africa, plan to visit some of the main industry players and IT sites. This is a part of the world that has a lot of interesting activities going on, and is also one that will benefit enormously from expanded capability in the virtual presence communications arena.
ISGIG 2008
March is proving to be a busy month for conferences. I am very pleased to have accepted an invitation give the keynote presentation on the second day of ISGIG 2008, in Pisa, Italy. See http://isgig.org/index.shtml. Co-sponsored by ICST, Europe's largest scientific society, and CreateNet, one of the largest European research consortia, ISGIG 2008 aims to promote the understanding of information governance challenges and their debate among government, business, academia, and technology stakeholders to increase understanding of the issues affecting each stakeholder. ISGIG 2008 will host high-level keynotes from government, technical and business thought leaders, targeted case-studies and the presentation of applied research on these topics as conducted by the key stakeholder groups. The symposium will attract industry and business leaders, executive and government heads in an attempt to unravel complex issues of crossover business in addressing and resolving data protection, crossborder security and privacy.
I plan to speak about an area that I have been looking at in some detail; the implications to working life under the requirements for businesses to reduce their fully loaded carbon emission levels. Advanced teleconferencing, home working, tele-presence and virtual reality based presence are all areas where ICT can actually enable an alternative to reliance on commuting and business travel. But not without challenges around security, privacy, and information governance. This keynote will provide the backdrop to second day of conference which will include a realistic case study using Second Life as the case in which these same issues of security and privacy are put to the test. I look forward to seeing you there.
NetID '08
One of the great conferences I am involved in this year is the 2008 Net-ID conference, taking place March 3rd to 4th in Basel, Switzerland. See http://www.computas.de/flyernetid082.pdf for all the details. As well as participating in a panel discussion regarding Identity Management infrastructure interoperability, I am also presenting on the second day, and I'll be taking dissecting what is real, and what is
Extra! Extra! Read all about it
Announcing "SecurityExtra" (www.securityextra.com), a brand new information portal for the security professional. SecurityExtra will track news on both information security and physical security. In our view these are two aspects of the business of security that for too long have been treated separately when really they are the same.
SecurityExtra is the brainchild of Dan Ilett, a good friend and a long time critical reporter of the security industry. We are also joined by Richard Starnes, who is Director of the managed security operation at C&W, and familiar to many as a speaker on the conference circuit here in the England.
Thursday, 24 January 2008
A virtual chat with the CEO of MyCyberTwin
Meet the other me
One of the companies I have been looking at in the context of the virtualisation of business communications is "MyCyberTwin". MyCyberTwin allows you to create an avatar that will represent you while yo are physically offline. Interesting concept with strong potential in the areas of sales, marketing and service desks. You can chat to the other me here:
Chat to my CyberTwin online now!
Monday, 21 January 2008
Service restored
Seems the "UNIX problems" my service provider (Network Solutions) was experiencing are now resolved and ThinkingString.com is back alive again. Must have been a huge problem to take 72+ hours to resolve.
Sunday, 20 January 2008
Service Denied
ThinkingString.com unavailable since some time Friday morning. Network Solutions the service provider for that domain plus several others I own, apparently having a "UNIX problem" that prevent Europe from accessing "some domains". Or so says the not very helpful help desk person I manage to speak to earlier in the morning. As he is based in the Philippines he has no problem getting to the site. Well that IS good news isn't it.
Saturday, 19 January 2008
We will fight them in their breaches
Unfortunately for me, on Christmas Eve just passed one of society's less balanced members decided it a great way to celebrate the impending day by smashing 5 windows on a classic Volvo that I own. My neighbour, who was out to walk his dog with his non hoodie wearing teenage son on Christmas morning, knocked on my door and delivered the news that my vehicle now had a great deal more ventilation than it had 24 hours earlier, interrupting my morning coffee. Not a great way to start Christmas Day. At least I can console myself however that nothing was subsequently stolen from the car, something like, say, a laptop, or even a box or two of sensitive printouts. You see, unlike the UK Ministry of Defence, I don't think that a car is a good place to store such records. Not even for an hour or two, and certainly not for any extended period of time. I know that the Ministry of Defence knows quite a bit about blowing things up, and it would be fair to say that they know quite a bit about defending
things; the name would certainly suggest so. But they don't seem to know that a car is not an ideal place to put a valuable item of electronics, nor that a laptop isn't actually a good place to store sensitive records in the first place. Reports indicate that between the laptop and the printouts, the data 'secured' in the vehicle included files regarding incapacity benefit; files relating to pensions and job seekers allowance; bank statements; files relating to home loans; national insurance numbers; addresses and dates of birth; passport documents, and even copies of passports. Even Jeremy Clarkson wouldn't be stupid enough to publish all of those personal details. It wouldn't be at all helpful if I did not try to offer some advice for the Ministry of Defence in their time of obvious need, so I do suggest that they contact the Thames Valley police, which is the constabulary in my local area, and who seem to know quite a bit more about what to leave in a vehicle and what not to.
PS. And if anyone has a driver's side window for a 1972 Volvo P1800ES, I still need one.
things; the name would certainly suggest so. But they don't seem to know that a car is not an ideal place to put a valuable item of electronics, nor that a laptop isn't actually a good place to store sensitive records in the first place. Reports indicate that between the laptop and the printouts, the data 'secured' in the vehicle included files regarding incapacity benefit; files relating to pensions and job seekers allowance; bank statements; files relating to home loans; national insurance numbers; addresses and dates of birth; passport documents, and even copies of passports. Even Jeremy Clarkson wouldn't be stupid enough to publish all of those personal details. It wouldn't be at all helpful if I did not try to offer some advice for the Ministry of Defence in their time of obvious need, so I do suggest that they contact the Thames Valley police, which is the constabulary in my local area, and who seem to know quite a bit more about what to leave in a vehicle and what not to.PS. And if anyone has a driver's side window for a 1972 Volvo P1800ES, I still need one.
Thursday, 17 January 2008
Superbroadband enabled teleconferencing
So far, much of the discussions regarding 'GreenIT' have centered on two areas: firstly reducing the electricity load, and thus the carbon footprint of the ongoing operations of a large data centre; and secondly in reducing the environmental impact of the production and eventual retirement of electronic equipment. Both very worthy efforts, and both topics that I will address in detail in separate posts at another time. However there is a third area that is actually a topic that is in my view, one of the most interesting ones associated with IT and sustainability, and that is "How will IT adapt to, and enable the changed working models that may evolve from how society reacts to the requirements of a lower-carbon-emissions world?". This is an area that I have given considerable thought to over the last year, and I am currently in the midst of consolidating my thinking and research around that question into a paper which I'll publish soon. One of the basic ideas is that working models must change due to the requirement to reduce the CO2 generated by both commuting traffic, as well as that generated by flights. Cutting out a lot of detail for now, the basic premise is that we will see a lot less commuting to large central offices, and a lot more telecommuting and remote working. We will see a pressure to reduce flights across the board, whether passengers are flying for holiday / personal purposes, or whether passengers are flying for business.
While business associated travel accounts for far less actual seats on planes than personal travel, it is very profitable for airlines. The airline industry does very well out of charging premium rates for travel booked by executives and sales people who book late, are relatively inflexible as far as their travel times go, tend to travel all at the same times (anyone who has ever dealt with Heathrow on a Monday morning will know the truth of this), are less price sensitive as they are spending company money not their own money, and have a higher expectation of service than most budget holiday travel (laptops need room to be opened and places to be plugged into, even sexy 4mm thick Apple ones). While holiday travelers may be tempted to go to an alternate destination, avoiding the need for any air travel at all, business travelers are driven by the needs of sales techniques, face to face negotiation and business communications.
It is my view that the only viable alternatives to that sort of travel is uber-capable video based conferencing. That is why the announcement of the successful testing of super-broadband intercontinental linkages, combined with high definition videoconferencing is interesting. See http://www.smh.com.au/news/technology/video-conferencing-on-steroids/2008/01/16/1200419926879.html. Videoconferencing is nothing new, and of course we have seen it touted as being the 'next big thing' a few times; I recall after the September 11 attacks against the US and the subsequent chaos in the airline industry that a lot of hyping went on regarding the capabilities of videoconferencing. However it has always been seen as a poor cousin to the face-to-face meeting due to the constraints of the technology. If it is to be adopted as a viable alternative it must provide instant response, and crystal clear audio and visual display. Early stages so far, but the so called "video conferencing on steroids" is a great step in the required direction.
While business associated travel accounts for far less actual seats on planes than personal travel, it is very profitable for airlines. The airline industry does very well out of charging premium rates for travel booked by executives and sales people who book late, are relatively inflexible as far as their travel times go, tend to travel all at the same times (anyone who has ever dealt with Heathrow on a Monday morning will know the truth of this), are less price sensitive as they are spending company money not their own money, and have a higher expectation of service than most budget holiday travel (laptops need room to be opened and places to be plugged into, even sexy 4mm thick Apple ones). While holiday travelers may be tempted to go to an alternate destination, avoiding the need for any air travel at all, business travelers are driven by the needs of sales techniques, face to face negotiation and business communications.
It is my view that the only viable alternatives to that sort of travel is uber-capable video based conferencing. That is why the announcement of the successful testing of super-broadband intercontinental linkages, combined with high definition videoconferencing is interesting. See http://www.smh.com.au/news/technology/video-conferencing-on-steroids/2008/01/16/1200419926879.html. Videoconferencing is nothing new, and of course we have seen it touted as being the 'next big thing' a few times; I recall after the September 11 attacks against the US and the subsequent chaos in the airline industry that a lot of hyping went on regarding the capabilities of videoconferencing. However it has always been seen as a poor cousin to the face-to-face meeting due to the constraints of the technology. If it is to be adopted as a viable alternative it must provide instant response, and crystal clear audio and visual display. Early stages so far, but the so called "video conferencing on steroids" is a great step in the required direction.
Sunday, 13 January 2008
How to hack a wine bottle
Forget about airplane flight controls being taken over by some crazed passenger, we now have really serious problems. Wine bottle screw caps are proving to be hackable. Personally I am a fan of corks in wine bottles, but I understand the various benefits of the screw cap design, which is becoming more common. Call me a romantic but in my mind you can't beat the satisfying pop when a cork comes free of a good bottle of Cabernet Sauvignon...but I digress. One of the features of the screw cap is that it is by designed to be tamper-proof, with the screwable section being attached to the sleeve section by way of breakable 'lugs' that snap when the cap is removed; leaving the sleeve around the neck of the bottle while the cap is removed. I am sure that this design is familiar to you. A week or so ago I went to open a bottle of wine, which was sealed with a screwcap rather than a cork, and to my surprise the entire closure simply unscrewed off the bottle, leaving the sleeve attached to the screwable section. At the time I thought it merely an aberration and it was soon forgotten after the first mouthful of wine (a very nice South African Chardonnay if I recall correctly). T
hen a week later, I opened another bottle of wine and the same thing happened. This second bottle was from a different wine maker, ruling out the problem being simply confined to one bad batch of closures. When it happened a second time I took notice however. Here is a picture of the complete screw cap closure, sitting on top of the newly opened bottle. As you can see the cap has failed to break free of the sleeve, and it can easily be replaced back on the bottle with no-one being any wiser. Of course once the seal has been broken the wine will quickly spoil, so if anything untoward were added to the wine (GHB or another 'date-rape' drug, or a dangerous material such as a poison) and then the bottle returned to a store shelf, it is likely that the actual wine contents will have spoiled by the time the bottle is subsequently and legitimately opened, thus lessening the risk somewhat. Nevertheless we are 'trained' to expect that a tamper-proof cap that appears unopened is indeed unopened. Without a doubt a cap with this fault could easily be removed, something maliciously added to the wine bottle, the cap replaced intact, and the wine subsequently opened in such a way as to then break the tabs such that it appears that the bottle is freshly opened. As I did here: 
If the wine is served before spoiling could occur then the drinker would none the wiser, until the maliciously added contents hit them. I suppose there is nothing for it than for me to take on a public duty and keep sampling random bottles of wine, in order to gauge whether this is simply two bad screw cap closures or a widespread problem. Meanwhile, drink responsibly.
hen a week later, I opened another bottle of wine and the same thing happened. This second bottle was from a different wine maker, ruling out the problem being simply confined to one bad batch of closures. When it happened a second time I took notice however. Here is a picture of the complete screw cap closure, sitting on top of the newly opened bottle. As you can see the cap has failed to break free of the sleeve, and it can easily be replaced back on the bottle with no-one being any wiser. Of course once the seal has been broken the wine will quickly spoil, so if anything untoward were added to the wine (GHB or another 'date-rape' drug, or a dangerous material such as a poison) and then the bottle returned to a store shelf, it is likely that the actual wine contents will have spoiled by the time the bottle is subsequently and legitimately opened, thus lessening the risk somewhat. Nevertheless we are 'trained' to expect that a tamper-proof cap that appears unopened is indeed unopened. Without a doubt a cap with this fault could easily be removed, something maliciously added to the wine bottle, the cap replaced intact, and the wine subsequently opened in such a way as to then break the tabs such that it appears that the bottle is freshly opened. As I did here: 
If the wine is served before spoiling could occur then the drinker would none the wiser, until the maliciously added contents hit them. I suppose there is nothing for it than for me to take on a public duty and keep sampling random bottles of wine, in order to gauge whether this is simply two bad screw cap closures or a widespread problem. Meanwhile, drink responsibly.Thursday, 10 January 2008
Branding security
I recently had a conversation regarding USB sticks that I thought interesting enough to write about. Anonymised to protect the innocent:
This company has an ambitious and praiseworthy plan to address and improve many aspects of their information security strategy. Included in their plan are the provision of secure USB sticks to all staff (with hardware based encryption to secure the stick contents), and also a widespread training program to improve the awareness of security amongst all staff members.
One question was whether to externally brand the USB sticks with the company logo versus printing each one with a simple and anonymous "if found please return to ...." message, much as you might find printed on a staff ID badge that might be used for visual identification of an employee as well as acting as a door key by way of a proximity badge reader. The concern was that printing the sticks with the company name might compromise security.
While the obvious answer might be to print the sticks with an anonymous message, after some consideration this is a case where by I do believe that the advantages of branding outweigh the possible security disadvantages. Here's why. Firstly, I am sure you would agree that "security through obscurity" has never been an effective strategy. If we look at staff ID badges where the anonymous message is an effective and common strategy the situation seems similar at first brush, however in my view significant differences exist in the use cases that weaken the analogy.
Lets look at staff ID badges for a moment. It is worth remembering that badges are an authentication mechanism whereas the sticks (in this use case) will be a file storage mechanism. Let’s consider how a badge that has fallen into the wrong hands might be used. Staff badges might be subverted by tampering with them to change the photo and / or the name of the staff member. This act of course is irrelevant unless the finder knew which 'door' the badge gave access to ie. which organisation they matched. Preventing the easy matching of the key with the door is the reason for obscuring the door ID (meaning the identification of the owning organization) by removing the name of the owning organisation from the key - ie. having the key be printed with only an anonymous "if found please return to ...." message. The (potentially still) fully functional badge is rendered basically useless because the finder does not know which door it gives access to. Clearly as soon as a badge is known to be lost it should be registered as such and thus deactivated back in the registry of the badge reader system, but experience tells me that in practice, all too often this doesn’t happens quickly. Also because it is a key, and because it is both a physical and logical identifier (a guard may glance at a badge to see if it looks valid while a proximity reader may electronically check the card's validity) the card remains a risk whilst it remains lost if it could be matched to the door-set. You can deactivate the electronic aspect of the key by flagging it invalid as far as the proximity reader goes, but it is nigh impossible to render the card invalid from the point of the view of the casual glance from a guard/colleague. So there is a (minor) security advantage in reclaiming lost ID badges regardless of how long after the loss the reclaim occurs in as far as it reduces the chance of it being used as a supporting method for a social engineering based attack.
Now lets look at the USB sticks. Whilst badges are an authentication mechanism, the sticks are a storage mechanism. Whereas the badges must be matched with a particular set of doors in order to be effective, the stick only needs to be matched with a ubiquitous reader device - the USB slot – in order to be useful. If someone finds a lost stick, they're likely going to insert it into their own USB slot regardless of what is printed on the outside, whether through curiosity, because they wish to retain and reuse the stick for their own purposes, or whether they wish to steal the contents. You can't control access to the availability of the USB slot. Hence obscuring the owning organisation serves no purpose as far as rendering the device non functional. What will render the device non functional for the finder is the use of hardware encryption. Lets assume that the encryption used on the stick is an effective protection mechanism (for the purposes of this story we can assume that the effectiveness of the encryption is a primary required characteristic of the chosen stick model and manufacturer). So if the effectiveness of the encryption is in question and not trusted then perhaps the sticks should be issued at all.
Remember that once a stick has been lost from the control of the issuing organization then unless you can guarantee that the contents (encrypted or otherwise) have not been copied then the return serves no purpose. If the finder copies the encrypted contents then without further content control mechanisms such as timed-data-self-destruction the finder is then at liberty to brute force attack the file structure in an offline location for as long as they wish. Of course there are other reasons that the issuing company may still wish to have the stick returned to them in case of loss. Possibly there is an economic benefit inherent in reclaiming a lost stick (the cost of replacing a lost stick being more than the cost of reclaiming a lost stick), So in my view NOT branding the keys does nothing useful in this case, save perhaps reducing the cost of each key by a small amount. So to encourage return it may still be desirable to print a "please return..." message on the stick - more thoughts on that below.
Meanwhile, branding the keys might serve at least two positive purposes: 1. it can play a useful role in supporting a general staff security awareness program. Make the sticks as obviously branded as possible and it becomes very visible when doing a desk sweep whether a non authorised (not branded) USB device is present. 2. In order to encourage the return of found sticks it ma be desirable to offer some sort of reward, such as a redeemable sales voucher. Of course keys may be physically returned in at least two ways; postally or if the owning company has a widespread branch network, back to any of the branches. If we assume that a reward voucher would be offered to encourage return, and we assume that the branch network allowed the voucher to be immediately spent then out of those two return methods there are actually a number of advantages to encouraging the return of the sticks to the branch rather than having them sent back via the post. For example it would be possible to immediately check the validity of the stick; the cost of the reward program might be reduced somewhat as the cost of postage is avoided, and you now have the finder IN THE BRANCH ready to spend their reward voucher meaning that you are more likely at that immediate instance to capture the voucher money back into the company's revenue loop.
Of course an in-branch return means the finder will need to know that it is associated with the owning company meaning it MUST be branded as such, but as per above anonymising the stick ownership serves no useful security purpose anyway. Meanwhile branding it encourages return of a lost key to the branch network (meanwhile driving traffic to the branch) and whilst doing so send a subtle message that the organisation takes security seriously.
Also remember that if someone is to return a stick and claim that voucher you're going to have to worry about 'stick fraud' meaning you only wish to redeem a genuinely lost stick. So whether returned postally or in-branch redeeming the stick for a voucher implies that you need to check the stick is valid and validly lost before redeeming it for the voucher.
So in conclusion, this is an interesting exercise where the obvious branding of a secure device can have added benefits. At worse it diminishes the security state by zero, and possibly has some benefits which actually support the overall security strategy.
(And just for clarity let me state that I have no financial connection of any sort with any provider of USB sticks or USB reader technology.)
This company has an ambitious and praiseworthy plan to address and improve many aspects of their information security strategy. Included in their plan are the provision of secure USB sticks to all staff (with hardware based encryption to secure the stick contents), and also a widespread training program to improve the awareness of security amongst all staff members.
One question was whether to externally brand the USB sticks with the company logo versus printing each one with a simple and anonymous "if found please return to ...." message, much as you might find printed on a staff ID badge that might be used for visual identification of an employee as well as acting as a door key by way of a proximity badge reader. The concern was that printing the sticks with the company name might compromise security.
While the obvious answer might be to print the sticks with an anonymous message, after some consideration this is a case where by I do believe that the advantages of branding outweigh the possible security disadvantages. Here's why. Firstly, I am sure you would agree that "security through obscurity" has never been an effective strategy. If we look at staff ID badges where the anonymous message is an effective and common strategy the situation seems similar at first brush, however in my view significant differences exist in the use cases that weaken the analogy.
Lets look at staff ID badges for a moment. It is worth remembering that badges are an authentication mechanism whereas the sticks (in this use case) will be a file storage mechanism. Let’s consider how a badge that has fallen into the wrong hands might be used. Staff badges might be subverted by tampering with them to change the photo and / or the name of the staff member. This act of course is irrelevant unless the finder knew which 'door' the badge gave access to ie. which organisation they matched. Preventing the easy matching of the key with the door is the reason for obscuring the door ID (meaning the identification of the owning organization) by removing the name of the owning organisation from the key - ie. having the key be printed with only an anonymous "if found please return to ...." message. The (potentially still) fully functional badge is rendered basically useless because the finder does not know which door it gives access to. Clearly as soon as a badge is known to be lost it should be registered as such and thus deactivated back in the registry of the badge reader system, but experience tells me that in practice, all too often this doesn’t happens quickly. Also because it is a key, and because it is both a physical and logical identifier (a guard may glance at a badge to see if it looks valid while a proximity reader may electronically check the card's validity) the card remains a risk whilst it remains lost if it could be matched to the door-set. You can deactivate the electronic aspect of the key by flagging it invalid as far as the proximity reader goes, but it is nigh impossible to render the card invalid from the point of the view of the casual glance from a guard/colleague. So there is a (minor) security advantage in reclaiming lost ID badges regardless of how long after the loss the reclaim occurs in as far as it reduces the chance of it being used as a supporting method for a social engineering based attack.
Now lets look at the USB sticks. Whilst badges are an authentication mechanism, the sticks are a storage mechanism. Whereas the badges must be matched with a particular set of doors in order to be effective, the stick only needs to be matched with a ubiquitous reader device - the USB slot – in order to be useful. If someone finds a lost stick, they're likely going to insert it into their own USB slot regardless of what is printed on the outside, whether through curiosity, because they wish to retain and reuse the stick for their own purposes, or whether they wish to steal the contents. You can't control access to the availability of the USB slot. Hence obscuring the owning organisation serves no purpose as far as rendering the device non functional. What will render the device non functional for the finder is the use of hardware encryption. Lets assume that the encryption used on the stick is an effective protection mechanism (for the purposes of this story we can assume that the effectiveness of the encryption is a primary required characteristic of the chosen stick model and manufacturer). So if the effectiveness of the encryption is in question and not trusted then perhaps the sticks should be issued at all.
Remember that once a stick has been lost from the control of the issuing organization then unless you can guarantee that the contents (encrypted or otherwise) have not been copied then the return serves no purpose. If the finder copies the encrypted contents then without further content control mechanisms such as timed-data-self-destruction the finder is then at liberty to brute force attack the file structure in an offline location for as long as they wish. Of course there are other reasons that the issuing company may still wish to have the stick returned to them in case of loss. Possibly there is an economic benefit inherent in reclaiming a lost stick (the cost of replacing a lost stick being more than the cost of reclaiming a lost stick), So in my view NOT branding the keys does nothing useful in this case, save perhaps reducing the cost of each key by a small amount. So to encourage return it may still be desirable to print a "please return..." message on the stick - more thoughts on that below.
Meanwhile, branding the keys might serve at least two positive purposes: 1. it can play a useful role in supporting a general staff security awareness program. Make the sticks as obviously branded as possible and it becomes very visible when doing a desk sweep whether a non authorised (not branded) USB device is present. 2. In order to encourage the return of found sticks it ma be desirable to offer some sort of reward, such as a redeemable sales voucher. Of course keys may be physically returned in at least two ways; postally or if the owning company has a widespread branch network, back to any of the branches. If we assume that a reward voucher would be offered to encourage return, and we assume that the branch network allowed the voucher to be immediately spent then out of those two return methods there are actually a number of advantages to encouraging the return of the sticks to the branch rather than having them sent back via the post. For example it would be possible to immediately check the validity of the stick; the cost of the reward program might be reduced somewhat as the cost of postage is avoided, and you now have the finder IN THE BRANCH ready to spend their reward voucher meaning that you are more likely at that immediate instance to capture the voucher money back into the company's revenue loop.
Of course an in-branch return means the finder will need to know that it is associated with the owning company meaning it MUST be branded as such, but as per above anonymising the stick ownership serves no useful security purpose anyway. Meanwhile branding it encourages return of a lost key to the branch network (meanwhile driving traffic to the branch) and whilst doing so send a subtle message that the organisation takes security seriously.
Also remember that if someone is to return a stick and claim that voucher you're going to have to worry about 'stick fraud' meaning you only wish to redeem a genuinely lost stick. So whether returned postally or in-branch redeeming the stick for a voucher implies that you need to check the stick is valid and validly lost before redeeming it for the voucher.
So in conclusion, this is an interesting exercise where the obvious branding of a secure device can have added benefits. At worse it diminishes the security state by zero, and possibly has some benefits which actually support the overall security strategy.
(And just for clarity let me state that I have no financial connection of any sort with any provider of USB sticks or USB reader technology.)
Wednesday, 9 January 2008
Communicating climate change
After many years of ignoring the issue, most individuals and some corporations and governments have woken up to the issue of climate change. Indeed the UK's Department for Environment Food and Rural Affairs (DEFRA) says that "Climate change is the greatest environmental challenge facing the world today." (source: http://www.defra.gov.uk/ENVIRONMENT/climatechange/). Indeed, even George W. Bush says "...global warming is a serious problem". Curious to see how this issue is being communicated to the average, interested UK citizen I have signed myself up to the Winter Season of discussion, training and action run by the Climate Outreach and Information Network, in conjunction with The Environment Council (see: www.coinet.org.uk/news/tecnews). This program is designed to communicate the basic facts around climate change, and also teach people how to engage with others and communicate to them the facts, the impact to the biosphere of an unchecked rise in global temperatures, and what actions we can all take in order to reduce our environmental impact. I will write more on the program as it progresses.
Tuesday, 8 January 2008
A whole new meaning to "Server Crash"
For business travellers, being stuck in an aircraft for hours on end is a dead hole of disconnection, cut off from corporate email, other corporate applications that would otherwise be available via a VPN connection, and news of the outside world. I can say from experience that there is nothing worse than being entirely up to date on leaving home, then being disconnected for something between a few hours and half a day, only to arrive into a meeting at the other end to discover the shape of the business landscape has changed around me. Online on an airline is therefore a highly desirable state of being for most business travellers, and many personal travellers as well. With both Airbus and Boeing launching a new generation of their long distance equipment, the time is perfect to lay in the infrastructure necessary to support connectivity services at airframe build time.
However, despite this perfect window of opportunity, it seems that as usual the pressure to save a few dollars and a small amount of time is again going to result in security being put last. According to this: (http://www.theage.com.au/articles/2008/01/07/1199554534790.html) the new Boeing Dreamliner has been built with the passenger internet connectivity backbone and the flight control systems sharing enough common components to enable transveral from one t the other. Early penetration tests indicate that it is possible to hack into the flight control systems from the passenger network. This brings a new meaning to the term “Server crash”.
According to Boeing, these early reports have been blown all out of proportion, and according to them, by the time the planes go into general production they will have separated the systems using hardware and software filtering and control systems. Not good enough. These two systems should never have been designed and built to share components in the first place. An air gap would ensure that it would be nigh on impossible to transverse from one network to the other. The temptation to hack into the control systems from the passenger network is going to be high, and the consequences are clearly not good. I have no doubt that Boeing will indeed implement a robust set of SW and HW based controls between the two networks, but given the consequences of those systems being compromised, it is shameful that they are forced to rely on these add-on security mechanisms in the place. This is a clear case for ‘secure by design’ as opposed to ‘made secure’.
However, despite this perfect window of opportunity, it seems that as usual the pressure to save a few dollars and a small amount of time is again going to result in security being put last. According to this: (http://www.theage.com.au/articles/2008/01/07/1199554534790.html) the new Boeing Dreamliner has been built with the passenger internet connectivity backbone and the flight control systems sharing enough common components to enable transveral from one t the other. Early penetration tests indicate that it is possible to hack into the flight control systems from the passenger network. This brings a new meaning to the term “Server crash”.
According to Boeing, these early reports have been blown all out of proportion, and according to them, by the time the planes go into general production they will have separated the systems using hardware and software filtering and control systems. Not good enough. These two systems should never have been designed and built to share components in the first place. An air gap would ensure that it would be nigh on impossible to transverse from one network to the other. The temptation to hack into the control systems from the passenger network is going to be high, and the consequences are clearly not good. I have no doubt that Boeing will indeed implement a robust set of SW and HW based controls between the two networks, but given the consequences of those systems being compromised, it is shameful that they are forced to rely on these add-on security mechanisms in the place. This is a clear case for ‘secure by design’ as opposed to ‘made secure’.
Subscribe to:
Posts (Atom)