Charlie's Diary

[ Site Index] [ Feedback ]


Thu, 15 May 2003

Polar bear attacks submarine

(Best read while listening to One of our Submarines is Missing by Thomas Dolby.)

[ Link ][ Discuss dumb ]



posted at: 13:09 | path: /fun | permanent link to this entry

How to improve corporate computer security in one easy move

Y'know, I don't do this stuff for a living no more. I really don't. But this story from Computerworld just rings true on so many levels that it's completely believable.

What's astounding is that this sort of thing still happens. For example, my copy of the UNIX research system papers (tenth edition, from 1990) contains a paper by Fred Grampp and Robert T. Morris (senior) on security that includes the following gem:

The most important and usually the only barrier to the unauthorized use of a UNIX [or other multiuser] system is the password that a user must utter in order to gain access to the system. Much attention has been paid to making the UNIX password scheme as secure as possible against would-be intruders ...

In practice it is easy to write programs that are extremely successful at extracting passwords from password files, and that are also very economical to run. They operate, however, by an indirect method that amounts to guessing what a user's password might be, and then trying over and over until the correct one is found.

Guess what -- this paper came out in the early 80's, when networked interactive timesharing systems (like this Macintosh Powerbook) were becoming common enough that attacks were commencing. And there are still big consultancies -- with responsibility for security at large companies -- where nobody seems to understand it.

It's not stupidity. These folks aren't stupid. But there's clearly a failing here, and I'd ascribe it to institutional culture. My experience of large consulting companies is that their analysts are more focussed on the appearance of professionalism than on the substance, more interested in looking trustworthy to the occupants of the boardroom -- walking the management walk, talking the management talk -- than in actually doing the job. And, just as bad money drives out good, the focus on client relationships drives out competence because clients like predictability, and good security cannot, by its very nature, be allowed to become predictable. (As witness the story in the link below.)

Structures. Human organisations that are fundamentally defective at the job in hand but that are more successful than competent organisations in the market because they're better at winning contracts. Predictability and security. (Is that an itch in my fingertips? I can feel a story coming on ...)

[ Link ][ Discuss geekery ]



posted at: 10:18 | path: /fun | permanent link to this entry

specials:

Is SF About to Go Blind? -- Popular Science article by Greg Mone
Unwirer -- an experiment in weblog mediated collaborative fiction
Inside the MIT Media Lab -- what it's like to spend a a day wandering around the Media Lab
"Nothing like this will be built again" -- inside a nuclear reactor complex


Quick links:

RSS Feed (Moved!)

Who am I?

Contact me


Buy my books: (FAQ)

Missile Gap
Via Subterranean Press (US HC -- due Jan, 2007)

The Jennifer Morgue
Via Golden Gryphon (US HC -- due Nov, 2006)

Glasshouse
Via Amazon.com (US HC -- due June 30, 2006)

The Clan Corporate
Via Amazon.com (US HC -- out now)

Accelerando
Via Amazon.com (US HC)
Via Amazon.com (US PB -- due June 27, 2006)
Via Amazon.co.uk (UK HC)
Via Amazon.co.uk (UK PB)
Free download

The Hidden Family
Via Amazon.com (US HC)
Via Amazon.com (US PB)

The Family Trade
Via Amazon.com (US HC)
Via Amazon.com (US PB)

Iron Sunrise
Via Amazon.com (US HC)
Via Amazon.com (US PB)
Via Amazon.co.uk (UK HC)
Via Amazon.co.uk (UK PB)

The Atrocity Archives
Via Amazon.com (Trade PB)
Via Amazon.co.uk (Trade PB)
Via Golden Gryphon (HC)
Via Amazon.com (HC)
Via Amazon.co.uk (HC)

Singularity Sky
Via Amazon.com (US HC)
Via Amazon.com (US PB)
Via Amazon.com (US ebook)
Via Amazon.co.uk (UK HC)
Via Amazon.co.uk (UK PB)

Toast
Via Amazon.com
Via Amazon.co.uk


Some webby stuff I'm reading:


Engadget ]
Gizmodo ]
The Memory Hole ]
Boing!Boing! ]
Futurismic ]
Walter Jon Williams ]
Making Light (TNH) ]
Crooked Timber ]
Junius (Chris Bertram) ]
Baghdad Burning (Riverbend) ]
Bruce Sterling ]
Ian McDonald ]
Amygdala (Gary Farber) ]
Cyborg Democracy ]
Body and Soul (Jeanne d'Arc)  ]
Atrios ]
The Sideshow (Avedon Carol) ]
This Modern World (Tom Tomorrow) ]
Jesus's General ]
Mick Farren ]
Early days of a Better Nation (Ken MacLeod) ]
Respectful of Otters (Rivka) ]
Tangent Online ]
Grouse Today ]
Hacktivismo ]
Terra Nova ]
Whatever (John Scalzi) ]
GNXP ]
Justine Larbalestier ]
Yankee Fog ]
The Law west of Ealing Broadway ]
Cough the Lot ]
The Yorkshire Ranter ]
Newshog ]
Kung Fu Monkey ]
S1ngularity ]
Pagan Prattle ]
Gwyneth Jones ]
Calpundit ]
Lenin's Tomb ]
Progressive Gold ]
Kathryn Cramer ]
Halfway down the Danube ]
Fistful of Euros ]
Orcinus ]
Shrillblog ]
Steve Gilliard ]
Frankenstein Journal (Chris Lawson) ]
The Panda's Thumb ]
Martin Wisse ]
Kuro5hin ]
Advogato ]
Talking Points Memo ]
The Register ]
Cryptome ]
Juan Cole: Informed comment ]
Global Guerillas (John Robb) ]
Shadow of the Hegemon (Demosthenes) ]
Simon Bisson's Journal ]
Max Sawicky's weblog ]
Guy Kewney's mobile campaign ]
Hitherby Dragons ]
Counterspin Central ]
MetaFilter ]
NTKnow ]
Encyclopaedia Astronautica ]
Fafblog ]
BBC News (Scotland) ]
Pravda ]
Meerkat open wire service ]
Warren Ellis ]
Brad DeLong ]
Hullabaloo (Digby) ]
Jeff Vail ]
The Whiskey Bar (Billmon) ]
Groupthink Central (Yuval Rubinstein) ]
Unmedia (Aziz Poonawalla) ]
Rebecca's Pocket (Rebecca Blood) ]


Older stuff:

June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
(I screwed the pooch in respect of the blosxom entry datestamps on March 28th, 2002, so everything before then shows up as being from the same time)



[ Site Index] [ Feedback ]


Powered by Blosxom!