Security

Semi-permeable Membranes

David Fletcher, while thinking about the mass of data that security personnel need to analyze, offers this observation:

We also need to detect new wireless access points. They can potentially open up the network in a big way and people all over the state want to add them in order to give users additional capabilities. They can also create huge issues with your security architecture.

Does your security architecture fail if there's a hole in the dike?

The design should, as much as possible, take into account that people will work around limitations you establish.

5:02:44 PM # Google It!
categories: Security

Never Ascribe to Malice

While reading Charles Mann's interview with Bruce Schneier, I was struck by how the security measures he discusses can be read in different ways. On the one hand, you can see these measures as ignorant but well-meaning attempts to address problems with insecure systems. But if these measures are ineffective, and the people proposing them are not ignorant, what problems are they meant to address?

1:35:58 PM # Google It!
categories: Politics, Security

Tools

Tim May, one of the founding members of Cypherpunks, got up and declared before a packed house that his job was not to make anyone's data secure. His job, he figured, was to make bribing the cleaning service more cost-effective than trying to hack in.

....

The thread connecting all of this - Schneier, May, the Gartner analyst - is that technology will never be a panacea. Software can be perfectly suited to the task and still come up short. In the end, the users must be committed to its success.
[tins ::: Rick Klau's weblog]

Would it help if we remembered the etymology of technology?

10:36:14 AM # Google It!
categories: Language, Security