Pick Category

Nym Wars aka Hailstorm Revisited

 Identity, Security  No Responses »
Sep 012011
 

This is a bit of a follow-up to my earlier post “Google+ Primarily an Identity Service?” though these posts elevate the topic to a more serious level that I did in that post, which was purely from a simple end-user perspective.  From a professional, where’s-online-identity-going standpoint, this is a very interesting touchpoint and Doc Searls puts it in great historical and technological perspective in his post, Circling Around Your Wallet.  The ultimate online battle for the ultimate killer app is… you.  This means your identity in whatever guise identity ends up being defined as, which means who defines it matters.  Hailstorm / Passport from Microsoft was dead on launch because no one wanted to trust such a definition and resultant architecture to come from MS.  As I finished up my last post on this topic, it comes down to trust.

Do we trust Google to get this definition and resultant architecture right?  Just because they have the self-aggrandizing motto “do no harm”, that just isn’t possible once you get to where they and a few others have gotten, where a lot of what you do will inevitably harm some community.  Clearly, there are use cases where using a real name will be actually, dangerous to you in the real world.  Google, by taking this stand indicates, “accept risk or get lost”.  Certainly, their product, their right.

However, do we trust Google, or any other entity to be in a position to enforce their idea of accountability?  Hear Eric Schmidt’s own words:

“If we knew that it was a real person, then we could sort of hold them accountable, we could check them, we could give them things, we could you know bill them, you know we could have credit cards and so forth and so on.”

“There are people who do really really evil and wrong things on the Internet, and it would be useful if we had strong identity so we could weed them out.”

 Meg Worley in her post, say no to the meat wallet rightly calls out the word “accountability” as “one of the darkest words in the English language”.  Combine accountable with “we could weed them out” and you don’t have to be too big a conspiracy theorist to get a bit of a shiver down your spine.  Apparently, Google has decided with their real names policy has decided to preemptively weed out those that don’t fit the definition of “you” they see as best commoditized in their business model.

To many, this all sounds like a lot of furor over nothing and trying over-intellectualize the issue, but there is a lot at stake here.  Bonnie Nadri does a good job highlighting the real practical issues we should all be thinking about now.

Only the players have changed since the early 2000′s when MS made their bid.  Now its Google and Facebook and others.  The real point is that one of the players hasn’t changed and isn’t going to change and that’s YOU.  Yep, the you that does and should define you in the real world and the virtual and anywhere they intersect.

 Posted by Tim at 2:19 pm

5 Most-Ignored IT Security Best Practices (InformationWeek)

 Digital Life, Rant, Security, Tim's Opinion  No Responses »
Aug 182011
 

5 Most-Ignored IT Security Best Practices — InformationWeek5 Most-Ignored IT Security Best Practices – security Blog.

Not too much to quibble with here except for #2, “Train Users in Best Practices”.  Why?  Why what?, you may ask.  Why is this in the top 5 and certainly if it is a top 5 item, why is it #2?

How much training do users need to be safe on the internet?  Other studies have shown that high percentages of IT professionals and even IT Security professionals get hacked.  Are they not going to be the trainers of the less savvy?  If they are vulnerable are they qualified to be trainers?

How many articles, local and national news broadcasts, radio discussions and gazillions of online articles do users have to see to know:

  1. They should change their password
  2. They shouldn’t use the same password everywhere
  3. They shouldn’t open attachments at all or at least not from anyone they don’t know and expect an attachment from
  4. Clicking links in emails is baaaaad
  5. etc., etc., blah, blah…  I can’t type out anymore I’m nodding off thinking through all the “common-sense” items
It is time for us arguably professional IT folks to quit dumping our problems on our users and give them the tools they need to be safe.  Most of these “tools” should actually be invisible to users as the more they have to interact with and learn, the more they will actively work to work around us and defeat our efforts.
Yes, these tools and functions aren’t free and yes, some of them won’t be completely transparent to users and they’ll whine a bit.  However, if you keep it to a minimum and the pain items actually result in a better, safer, more enjoyable experience, the whining will die off.  Imagine if the whining were only around items such as, “this process is different, I liked the previous one” vs. all the phone calls to the help desk beginning with, “I accidentally clicked this link in my email and now my PC does / doesn’t do…”.
I throw this advice out to enterprise IT folks as well as to the consumer players and to the internet infrastructure and standards groups.  If we just used the tools, technologies and inventions that already, exist the internet could be secured.  Isn’t anyone else weary of being told, “that’s too hard”, and “you can’t boil the ocean”?  Big dreams got us this far and only grabbing for the next big one keeps us going at record speeds.
 Posted by Tim at 3:42 pm

Why Facebook and Google’s Concept of ‘Real Names’ Is Revolutionary – Alexis Madrigal – Technology – The Atlantic

 Digital Life, Identity, Security  No Responses »
Aug 052011
 

Why Facebook and Google’s Concept of ‘Real Names’ Is Revolutionary – Alexis Madrigal – Technology – The Atlantic.

Well worth reading and definitely lays out many of my thoughts and rationale for being against “real names”.  I’ve held this position since day 1 on the internet and am glad that this gent, Alexis was able to work through all the politically correct hype and come to his own rationale.

What do you think?

 Posted by Tim at 2:08 pm

Time to Get Out of the Password Business – Janrain

 Digital Life, Security  No Responses »
Aug 012011
 

Time to Get Out of the Password Business | Janrain.

Google Identity Toolkit (GITkit) and Janrain Login Helper links included for more information on their play in this space.

 Posted by Tim at 10:54 am

6 Reasons SaaS May Mean A Return To Silos

 Digital Life, Hot Links, Security, Software  1 Response »
Jul 292011
 

6 Reasons SaaS May Mean A Return To Silos.

Enterprise IT integration is a completely different world than Web 1.0 / 2.0 / Social Web.  One is built from the viewpoint of being behind high, guarded walls to serve a closed community that is provided windows to the outside world as needed.  Moving to the cloud means blasting the windows open to being full two-way roads to the outside world.  At that point, the walls are effectively down and now the pain is how to integrate the inside and outside  the former wall items.  Which “standards” do I pick as my standard?  Which standards am I going to be forced to use because they are used by the services I must support?  What middle-ware / middle-service is available to help me integrate / interface what exists today and help me continue to migrate / evolve into the future?

 Posted by Tim at 12:01 pm

Court rules Internet IP addresses are not people | ZDNet

 Digital Life, Security  No Responses »
May 042011
 

Court rules Internet IP addresses are not people | ZDNet.

Corollary to “secure your WiFi so people don’t download illegal movies and get you in trouble” is that with this ruling you should perhaps leave your WiFi unlocked so you can always viably claim that someone else downloaded the illegal movie, not you.

 Posted by Tim at 2:40 pm

Reverse Engineering RSA’s “Statement” | Steve Gibson

 Security  No Responses »
Mar 252011
 

Reverse Engineering RSA’s “Statement” | Steve GRC Gibsons Blog.

Well reasoned, though self-admittedly still a speculative article on the topic.

 Posted by Tim at 10:42 am

Microsoft warns: Fraudulent digital certificates issued for high-value websites

 Security  No Responses »
Mar 232011
 

Microsoft warns: Fraudulent digital certificates issued for high-value websites | ZDNet.

So like the nuclear challenges in Tokyo another “catastrophe” that isn’t.  Protections and technologies in place to prevent challenges from turning into catastrophes work.

However, on other levels this is an interesting event given the potential geo-theo-political implications which may be reality or just a clever ruse to cover the tracks of a common net-criminal.

 Posted by Tim at 1:46 pm

Apple plugs 57 major security holes in iTunes

 Security, Software, Tim's Opinion  No Responses »
Mar 162011
 

Apple plugs 57 major security holes in iTunes | ZDNet.

57!?  Wow, no wonder I hate that piece of software.

Like I’ve always said, Apple is given way too much credit for being “more secure” than MS.  Truth is that there hasn’t and still isn’t enough of a userbase to provide enough ROI for attackers to focus on attacking it.  If the user community sizes were reversed, MS would have the claim to “more secure”.

 Posted by Tim at 10:56 am

Security basics and defense in depth

 Security  No Responses »
Feb 182011
 

All the best technology in the world implemented sparsely and improperly without bothering with the basics will still get you hacked.  Interesting that “behavioral” tech figured prominently in the article.  Some behavioral bits are basic, but moving forward this will get more and more specialized as the “beat behavioral arms race” fully engages.

NSA cryptography expert says focus on people, not technology.

 Posted by Tim at 11:58 am
 Older Entries
© 2012 Who is Hahleq? Suffusion theme by Sayontan Sinha