Blog Directory : Listing Details

Listing Details

Recent Posts:

ID:1473
Title:IT Security: The View From Here
URL:http://robnewby.blogspot.com/
Category:Computers: Security
Description:Rob Newby's blog covers all things security, including PCI. He offers great perspectives and unvarnished, practical commentary.
Dressed to the nines - 2009-09-09 04:55:00
I'm sure it hasn't escaped the notice of the more autistic amongst us that today is 09/09/09. I was praying last week that 09:09 this morning would mark the birth of my son, due last Saturday, and yet to make an appearance. Taking his sweet time, just like his mother.

And so it was this morning when I awoke at 8:30 after another sleepless night waiting for labour to kick in that I decided I would not get out of bed immediately, but wait for 39 minutes to mark this special occasion in the only way that a truly obsessive IT nerd can. Because although to many of you 09:09 on 09/09/09 would be the time to get dressed (as per title), to me "five nines" is very obviously "up time".

Thank you ladies and gentlemen, I'm here all week...
Big holes in code - 2009-07-13 17:18:00
When I started this blog a couple of years ago, I was living and working in Barcelona, Spain. It was a glorious place and a glorious time. I genuinely loved living there, my wife and I have some very happy memories. We're about to have our first child, a boy, in just under 2 months - we haven't got a name yet, but it could have so easily been Pedro...

Sadly, circumstances conspired against us. Sad family circumstances which still echo through our lives on a daily basis - nothing else could have dragged me away from such a beautiful place, such amazing weather and such interesting people, architecture and culture. However, that doesn't stop me from taking the piss.

Catalan is just one dialect of Spanish, spoken widely in Barcelona. Catalans can be quite patriotic about Catalonia, if not dogmatic. Sometimes they are fiercely anti-Castillian, i.e. the rest of Spain. When my mother visited us one week in May, there was a big Catalan rally in town, the idea being that Catalonia was for the Catalans, and the rest of Spain could sod off, or that's the essence of it at least. I'm sure there were high politics involved along the way.

Mrs. N Senior stood and watched the hordes of squat hairy men gruffly shiffling down the main strip, understanding nothing on the signs - Catalan is unpronouncable and untranslatable at the best of times - but wanted to convey support. "Viva L'Espana!" she shouted, something she'd read on a T-shirt or something I guess... the somewhat secular crowd were not impressed. I bundled her into a taxi and we made a swift exit.

Later in the evening, we went to a tapas restaurant, "Tapes Gaudi" on the Avinguda de Gaudi, just near the incredible Sagrada Familia - if you don't know it, look it up, book a ticket to Barcelona and go, it's amazing, and worth the trip alone. Tapes Gaudi is not. The service was poor, the food expensive, and a general let down to the area and the people. A cynical attempt to rip off tourists who could get that at the KFC just down the street. (Yes, the most beautiful cathedral in the world has a KFC and a Burger King within 20 yards).

What Tapes Gaudi IS worth going for is the menu. No, not the taste, but the translation. It is in Castillian, Catalan and English-ish. I stole a copy, I was so impressed, and it still reduces me to tears on occasion. My favourite has to be "Boquerones en Vinagre" - nothing wrong with that in Spanish, the English "Vinegar big holes" leaves a little more to be desired, or maybe less.

So, wondering exactly what Boquerones en Vinagre actually were, we went back to the flat and usedBabelfishto look it up. Babelfish dutifully replied that they were in fact "Vinegar big holes". Hmmm... I wonder how they translated that menu. I genuinely hope they never sort the problem out, I rather like it.

[Boquerones are anchovies by the way, and no, I never did try it, I'm pleased to say.]
What risk isn't - 2009-07-10 02:48:00
Writing blogs and having an opinion are fairly easy things to do, creating and selling a product is not. I've done both, at the same time, in fact that's why this blog exists - a marketing tool for a product I am no longer involved with, but a past-time I enjoy so I carried it on.

Sadly my opinions are still fairly strong on many subjects, and security is one of those. I believe security should be pragmatic, but that doesn't just mean trying 'as hard as you can', making 'best efforts', but getting the best result that can possibly be achieved. A subtle difference, semantic even, but one which I strongly believe in.

The 'bad guys' don't wait around until everyone's on a level playing field, they deliberately make it work in their favour. They are constantly on the attack. So when someone tells me that a product isn't the most secure, but the easiest to use, I want to grab them like a bad puppy and rub their nose in the mess they are leaving behind. I have heard this more times than you may think, and even fairly recently in response to a critical post.

So, I agree that risk is a vital part of security, making the best choice possible based on the cost of available tools, to mitigate the expense of possible attacks that exist without them. What I don't agree with is that when there is an equal cost involved, you should go for the product which is easier to install, understand or operate at the cost of security. This is often dressed up as TCO or some such rubbish. That's what security administrators are for, and actually, it's not that difficult. If you DO choose to do this, you are putting your network, your applications, your users and your data at risk. This is not acceptable for most organisations.

I've worked with some of the most complex encryption technologies out there, and all they take is a little training. Key management is only difficult when people are involved in remembering things, technology was invented for this kind of problem. The best solutions are the ones which offer a trade off where the non-intuitive decisions are made by humans and the repetitive tasks done by the technology.

What more is there to understand?