Security Pie

So Merrill Lynch was not a bargain as one could have gambled for… Mr Thain stepped down as head of BoA global banking and wealth management division. Apparently, Merrill Lynch, which Mr Thain once led, had a $15 billion loss in Q4, and BoA had to ask for more state aid to fund its acquisition of the Wall Street firm.

It also surfaced that Merrill accelerated some $4 billion in bonuses to staff before the completion of the government-backed takeover and that Mr Thain refurbished his office for $1.2M which include a 50k commode and a 1,400 waste basket.

Kenneth Lewis made a bad gamble: So why is Kenneth still the CEO of BoA?

Here’s my suggestion for a rule: If you have the chutzpe to go to congress to ask for my our hard earned cash, I we(?) want a letter of your resignation to accompany the request. To comply with the reduction in paper act, you could have two signature lines on the “Form X-XX: Request a bil form the govt.”: one for the request and one for the resignation.

Go home Kenneth.

JG Ballard likes to discuss the psychological effects of space travel on astronauts. It is one of those topics of inconvenience for NASA, whose spokespeople prefer to shrug at and move to the next question (perhaps about the budget, anyone?). For Ballard, the question stems from a science fiction curiosity. Could man ever do long distance space travel? or are we destined to send robots and machines to do the next step of space exploration. Ballard’s concerns stem from the apparent lack of consistancy in the astronaut’s lives. Most seem unable to move to the next stage (like new jobs), and some, like Armstrong, refrain from discussing what was perhaps man’s greatest achievement – the landing on the moon.

Having listened to an NPR special on PTSD (post traumatic stress disorder) it got me thinking whether that is an angle of the astronaut’s predicament. I am talking about, specifically, the dichotomy between life in the fast lane (Iraq, Investment banking, prepping for space flight, quarter end, etc.) and life in docile Americana. Especially if you don’t live in one of the big cities.

My assumption is, that once a soldier returns or an astronaut lands, life becomes simple. You have done the deed and now it is time to rest. But if you are of astronaut calibre mentality, rest is the farthest thing from your personality. Hence you have conquered your dragon and really have nothing to look forward to. You were used to action and now life is missing rythm. And very few are like John Glen who was both an astronaut and moved to an equally hectic life in politics.

Now I have a feeling that it is the same with most of us who are addicted to our Iphones, emails and facebook updates. For us the constant shaking of the phone, the bling sounds of facebook and the chirp of inbound email becomes a part of our psyche. And when our internet dies – we get the onset of mild PTSD.

You may feel that hurtling down from the ski slopes and catching up on email on the gondola.I felt that during our spa day in Mongolia (during the other days we were bicycling all day and concentrated on that).

And I’ve devised a test for this: If both your oven (appliance important to life) and internet gateway break – who would you fix first?

/Cheers

So here is a distraction from the daily chore: Making Ice Cream.

I am exercising my new PacoJet processor and have noticed an abundant lack of kulfi recipes for the Pacojet. So here is mine:

1.5 litre whole milk
150 grams sugar
5 Whole cardamom seeds
30 grams pistachio nuts
a pinch saffron threads

Boil the milk (stir to prevent burning), and then cook for 45 minutes on low heat until milk is reduced by half. Add sugar to milk.

Shred cardamom seeds, pistachios and saffron threads in food processor (or use the PacoJet coup attachment) and add to milk.

Let milk cool down. For a smoother results, pass mixture through a fine mesh sieve.

Freeze to -20C in a beaker (do not overfill as mixture expands when pacotized) for at least 24 hr.

Pacotize the container and return to freezer to harden for at least 1 hour (Kulfi is better served dense and cold).

Enjoy.

PS – If you don’t own a PacoJet you could just freeze the mixture, but it won’t be as smooth.

lightning will hit the same place more then once

I like to revisit good restaurants. If I like the place they will see me again. In  one or two places I even don’t have to see the menu. I’m using the good restaurant analogy to describe why hackers revisit previously hacked sites: They know the place and feel comfortable. Hackers would return to the “scene of crime” and hack if they can.

Recently one of our salesmen forwarded me a note from one of his prospects that were hacked in the past. The team at that company decided that since they were hacked once, the chances to get hacked again are very low. “Lightning does not hit the same place twice” the prospect wrote.

That’s wrong of course.  Lightning can strike any location more than once. It’s not just statistical, given enough time, it is actually inevitable. Some places (like high radio towers) will get hit several time within a single lightning storm.  See also here

Poorly secured applications and databases are for hackers like radio towers to lightning. They will get hit several times.  One cannot change the weather or prevent a lightning storm but he sure can prevent the next hack, data theft and lose of data.

January – It’s this time of the year. Sales Kick Off. SKO. Many high technology companies are having their annual or bi annual sales meeting this week.  Flights to the Silicon Valley are fully booked, hotels are crowded and the bartenders are busy.  The company I’m working for is not different. We’ll have our bi annual meeting event in one of the Silicon Valley’s finest hotel later this week.  Some of us gathered together at the hotel to have more in depth discussion before the entire sales and marketing force will arrive. 

This hotel was chosen by a different company as their SKO launch pad. Apparently, this company competes with one of our products. At the same time, we are also very synergetic. (Think about PCI 6.6 WAF + VA synergy).  Keeping the insider threat and the real enemy in mind, those who run sales for this company should take a look at Brian’s book (link to Amazon) 

Read the rest of this entry »

 Picture taken few days ago on HWY 280 north, not far from Palo Alto.

Add Your Caption Here

I usually do not like to quote films. But once in a while I see an old quote in a new light. In the superbly geeky Matrix trilogy there is a very likable character called “the Merovingian” or “the Frenchman” which falls nicely into the stereotypical bucket of a hedonist philosophical french person (in reality, the hedonism cloud has long left Gaul land and has settled nicely on the far East, and as for philosophy, well, it is in French, you know…).

In the following discussion (from “The Matrix Reloaded”, 2003) the Merovingian refuses to give up the keymaker to Morpheus, Trinity, and Mr. Anderson:

Merovingian: The question is, do *you* know why you are here?
Morpheus: We are looking for the Keymaker.
Merovingian: Oh, yes. It is true. The Keymaker. Of course. But this is not a reason. This is not a “why”. The Keymaker himself – his very nature is a means. It is not an end. And so to look for him is to be looking for a means to do… what?

The Merovingian think deterministically. He believes in causality. He believes that there is a reason for everything and that the answer to all questions lies in having all historical data and mining this data to understand the cause and effect. His belief is useless for untangling the complexity of real life, but serves well in the security world.

Merovingian and Persephone

Technical security does not care about the “Why”. Why is irrelevant. A spyware is a spyware, a bot is a bot, and a virus is a virus. None of these have any reason to be on any network (with the sole exception of the quarantined research labs of security vendors and security researchers), and wherever they are found they are promptly disposed of. They are the online equivalents of rats in the kitchen: the cook chases them with a hatchet.

However, when attempting to secure the business it is the “Why” that is important. Why does the employee need access to Facebook?  What is the risk associated with this access? And how does the security team empower (i.e. allow) the employees to do their job and make money – safely?

Why do employees leak data, need administrator privileges, or access websites? Well, in most cases it is to get their job done. Or to augment an employee 2.0 lifestyle with extracurricular activities. Whatever it is, it has a reason, a business process, or a habit behind it.

Without the “Why” business security is blind and can cause as much harm as good.

 The Merovingian also said: ”I love French wine, like I the French language. I have sampled every language, French is my favorite. Fantastic language. Especially to curse with. Nom de dieu de putain de bordel de merde de saloperie de connard d’enculé de ta mère. It’s like wiping your arse with silk. I love it. ”

Couldn’t agree more.

Previously, we sent our reporters on a first class mission. Now, we are reporting from coach. Names removed to protect the innocent.

Hi, we had a delay of one hour. I’ll probably arrive to you place around midnight. If it’s too late can you please leave the keys outside?

No problem. I’ll wait for you. Is it tonight or tomorrow? 

Tonight… In flight internet is awesome…

Is it really IN flight internet? Can you see porn?

When my “neighbors” will sleep I’ll definitely try it…

You need protection.  For the next flight buy one of those 3com protection screens… 

So that’s the real reason you need it…

I’m thinking about a smart answer, since this conversation is being blogged….. 
 

In my opinion, this post speaks for itself.