Security

Catching my eye

I did a quick scan of news headlines this week and I found these to be eye-catching:

These headlines speak to me as the events of the last few weeks in my life somewhat relate. The first two send a message to me that no matter how hard I try, I am not going to be able to build a system that is impenetrable if someone wants in bad enough. Second, I should build my systems with the expectation that they will be breached and, therefore, mitigate damage ahead of time, working my way backwards through a multilayer defense.

That's an interesting concept actually; the opposite approach is to try to prevent others from getting in. Not that you don't need to do both, but it makes for an interesting exercise: "Okay, my data has been compromised - what did they take and why?" From that point you can begin to look at your data and systems from the perspective of: "Why do I need that data? How can I store it differently or not at all? What are the consequences of the data getting out?"

On the other hand, security headlines like those above also aggravate the heck out of me because I have to invest so much time and effort in security with the realization that despite my best efforts, I cannot 100 percent rid my systems of vulnerabilities - as they may not be mine at all but the underlying tools that they depend on. It also bugs the %$#@ out of me that people have so much time on their hands to find and exploit vulnerabilities.

As much as people like to bash Microsoft (myself included), having your products in the limelight all the time and being the target of concerted efforts to find every possible vulnerability has to be tiresome.

In regards to the iPhone, its battery issues will probably cause them more consternation than the hacking, but you know that folks at Apple are irritated that the phone was cracked this quickly. (Just in case you didn't know - to replace the battery in an iPhone, you have to send it back to Apple.)

The headline regarding Scooter Libby reminds me that, at the end of the day, it's a gamble as to whether or not loyalty will be rewarded or forgotten when the chips are down. In Libby's case, the President has Scooter's back (at the moment anyway) and whether you agree or not that Scooter did wrong, the President has taken care of him (again - for the moment anyway).

An acquaintance of mine was recently "thrown under the bus," so to speak, when they were put in a position of putting their word against their bosses in a public forum. Based on conversations with my acquaintance, they were doing what they were "told" to do but had nothing to back that up. Their boss, however, denied everything and - poof! - they were unemployed. Nobody had his "back" and history shows that more often than not, that's the way it is going to be. I believe that is why they invented the term "plausible deniability."

All of this serves as a good reminder that the world is not black and white, but the consequences often are, and you had better remember that when you step into gray areas. If there is doubt - get it in writing - or perhaps more importantly, don't do it if it tingles your "Spidey Sense."

Lastly, kudos to Sun for working to get true ODF support into MS Office. Alas, I believe the effort is a pebble in a pond, and I still believe that the way to win this battle is to out-innovate MS. This only helps a little. Linux needs that killer application that won't run elsewhere before the tide will begin to turn - OR - Google may end up creating the app that will run EVERYWHERE and make the platform irrelevant. I'm betting on Google.

Editor's Picks

Free Newsletters, In your Inbox