The CSI: franchise has been a very successful television endeavor, combining entertainment with a view into how forensic science is used to identify and prosecute criminals. Needless to say, creative liberty is taken to fit a story into a 42 minute episode, but it never pretended to be instructional. It's TV, not a college class. I have no training in pathology or chemical analysis, and only a basic background in the physics of force and motion, but I've been involved in cyber technologies since before "cyber" was a household term.
There has been considerable complaint from my industry over the way CSI: Cyber sensationalizes real events, and invents wholly unrealistic threats, for the sake of entertainment. I get it - I really do. The daily grind of a real cyber expert is not nearly as exciting as an action-packed TV episode. Hours of digging through logs or interpreting a pcap (a record of network traffic) wouldn't make for very exciting television. As researcher/hacker Charlie Miller recently said on Twitter, real hacking doesn't happen in the span of a 42-minute made-for-TV episode. It is the result of days, weeks, or even years of research, learning, and poking at a topic.
Thursday, April 30, 2015
Tuesday, April 28, 2015
How you handle a conflict speaks loudly
Tuesday, April 14, 2015
What if Jesus was a hacker?
It's interesting the ways faith and security intersect. This weekend I attended an information security conference in which one speaker talked about the often-strained relationship between hackers / researchers and reporters. Author / blogger / journalist Violet Blue (warning: in many cases very much NSFW) gave a talk entitled "Everything They Don't Tell You: When Hackers Talk to the Press" that was quite eye-opening. A key point was that so many (not all, but a significant majority of) reporters think career first, and are more interested in being *first* with a story than in being *right* with a story. Interviewees may be manipulated into giving statements that fit the story the reporter is trying to tell, by reporters that don't really understand the technologies and security threats they are writing about. The end result is that hackers need to be very careful in whom they talk with.
Tuesday, April 7, 2015
Don't get pwned by a former service provider
The growth of the Internet from a novel idea into a business necessity created a new market for online service providers. Large corporations have the resources to run their own web servers and to hire professional staff to keep them running well and (hopefully) secure. When you run a small business though - and in particular, a business that is not in a computer technology field - more often than not you are dependent on third parties to provide such services. If your company is in the business of collecting and disposing of garbage, you might expect to invest heavily in trucks and landfill property. A company web site through which to offer online bill payment may not be at the top of your in-house priority list.
There's absolutely nothing wrong with that.Why try to be something you are not? Doing what you do, well, and paying someone else to do the rest can be an effective business model. Alas, outsourcing isn't (or at least shouldn't be) a "choose someone and forget about it" decision.
There's absolutely nothing wrong with that.Why try to be something you are not? Doing what you do, well, and paying someone else to do the rest can be an effective business model. Alas, outsourcing isn't (or at least shouldn't be) a "choose someone and forget about it" decision.