smart thinking about IM security issues
Grok Headline matches for smart thinking about IM security issues
some smart thinking about Linux software
dependencies and packaging
some smart thinking about Linux software
dependencies and packaging
06/17/2004 07:25 PMHavoc "no permalinks" Pennington has
some smart thinking
about Linux software dependencies and packaging. I think you have
to go even further and consider each Linux distribution to be a
separate operating system which application developers must port to,
test, and support. And there's still the problem of apps that are
included in some distributions but not in others.
Shark Tank: At least SOMEBODY is
thinking about security
Shark Tank: At least SOMEBODY is
thinking about security
12/04/2003 12:07 AMIt's the monthly joint meeting of this company's desktop and server
support departments, and everything is fine, says a pilot fish on the
server side. That is, until the desktop guys announce a new project.
Domestic Security: Some Complex Thinking
Domestic Security: Some Complex Thinking
03/29/2005 11:30 PM
The Idea:
Maybe the reason we can't agree on how to deal with terrorism is that
we're all using illogical, inappropriate and overly simplistic
thinking. If we used 'complex thinking' would we stop arguing and
start
getting somewhere?
It is likely that the
Department
of Homeland Security (which is now the largest state-run organization
on the planet) will go down in history as the poorest investment in
human history -- an operation that has churned through trillions of
dollars (possibly enough to eradicate world poverty and a dozen of the
biggest killer diseases on the planet at the same time), and
accomplished absolutely nothing. The insidious nature of such
'security' programs is that no one can ever say for sure they haven't
or might not yet prevent a catastrophe -- US government intelligence
is
now a black hole that sucks up money and from which nothing ever
escapes.
A recent article by
John Tirman argues that progressives have missed a great opportunity
to
stake out an alternative strategy for security that would be modestly
less expensive than the conservative strategy that has been used since
Bush took office, more effective, and provide a host of other social
and environmental benefits in the process. The gist of his argument is
shown in the first three columns below. I've added as a fourth column
the preventative strategy that I have argued for on these pages, which
has also been advocated in a number of European newspapers.
SECURITY
AGENDA
|
Conservative
|
Progressive - Domestic
Focus
|
Progressive -
International Focus
|
Domestic Security Strategy
|
Offensive: Preemptively attack foreign nations that
might threaten domestic security
|
Defensive: Improve domestic infrastructure to
enhance preparedness
|
Preventative: Improve global infrastructure to
reduce animosity
|
Spending Priority
|
Defense, 'intelligence'-gathering, prisons and
interrogation
|
Domestic health, education
|
Humanitarian and infrastructure aid globally and
domestically
|
Investment in Direct Security
|
Massive and unprecedented
|
Significant
|
Negligible
|
Response Strategy
|
Bolster police and emergency services, suspend
civil liberties as expendable
|
Bolster police and emergency services but balance
against need to protect civil liberties
|
No
response: The world is too big to protect against all such threats,
and
civil liberties are sacrosanct (that's what we're defending)
|
Treatment of Domestic and
Border-Crossing Minorities
|
Persecute, prosecute and deport without due
process
|
Heightened bureaucracy but with due process
|
Treated like everyone else
|
Principal Political Means of
Galvanizing Support
|
Emotional: Fear-mongering
|
Rational: Reasonable measures commensurate with the
threat
|
Emotional: Show how these people live abroad and
you'll understand their desperation
|
Approach to Protecting Energy
Supply
|
Increase
security at power plants & refineries, seize foreign oil supplies,
eliminate environmental restrictions on exploration
|
Shift to renewable energy sources and hence
decentralize sources of supply
|
Shift to renewable energy sources and hence
decentralize sources of supply |
Approach to Protecting Public
Health
|
Increased security at major health facilities,
disaster and evacuation plans, bioterror 'research'
|
Upgrade, network and decentralize public health
infrastructure
|
Upgrade, network and decentralize public health
infrastructure |
Approach to Protecting
Transportation
|
Increased security in transportation hubs, ban
identification of vehicles carrying hazmat
|
Improve mass transit and restrict transportation of
hazmat
|
Reduce transportation needs by encouraging 'buy
local' and restrict transportation of hazmat
|
Effect: Preparedness for Another
Domestic Attack
|
By their own reports, not at all prepared
|
Would be modestly better prepared
|
Not even attempting to prepare
|
My recent study of complex systems (and the politics of international
terrorism are nothing if not complex) and the approaches to dealing
with them have given me pause. All of the agendas above are designed
for complicated systems, not
complex
ones. They all presume to have a monopoly on understanding of the
cause-and-effect relationships behind acts of terror. The very terms
'deterrence', 'preemption' and 'prevention' are rooted in complicated
systems theory, and are meaningless and perhaps even dangerous when
applied to complex systems. They are all about trying to understand and exercise control over
a system that is simply unknowable and uncontrollable. Perhaps this is
why neocons and all previous imperialists have striven to impose
homogeneity over global culture, with the unattainable objective of
making us all so much alike that civilization becomes a predictable,
merely complicated system. Diversity is a dirty word to conservatives.
Progressives support diversity as a matter of principle, but have been
notoriously poor at understanding its implications -- resulting in
bizarre behaviours like 'political correctness', which no one seems to like.
Here's a quote from Dave Snowden talking over on AOK
about another social issue where conservatives and progressives
disagree completely and have tried to impose policies based on
different cause-and-effect oversimplifications. The issue is capital
punishment:
Order in complex systems emerges
from the interaction of multiple identities over time, within
boundaries around attractors. If we want to see change then it will
arise from multiple bottom-up initiatives which change the context and
make certain types of negative pattern unsustainable. To take a
political example, capital punishment has become largely an
unsustainable approach for European governments over the last fifty
years, but the same phenomenon has not yet impacted on the bulk of the
US (or several regimes who the US regard as uncivilized). In Europe
this is a pattern that has emerged from multiple interactions: cases
of
the wrong people being convicted, a gradual change to liberalization
in
multiple fields of human thinking which create a framework within
which
leaders and politicians are able to operate. For some reason this has
not happened in the US despite similar evidence plus the general data
on racial/social bias on who actually gets killed (lets not use the
word execute: it hides the reality). With the notable exception of the
film Dead Man Walking most interactions in US society create a
different type of entrainment which is the opposite of the European
position. From a personal perspective I feel a physical sense of
horror at the whole idea that you can take a human being and kill them
in some public ritual, but that is partly because of the society in
which I grew up, the political influences of a family deeply committed
to politics and an historical age which allowed that thinking to take
place.
Now this is not an argument that Europe is more enlightened that the
US
because it isn’t (although it is more liberal), it's an argument
that
many different things are connected and social systems arise from
multiple interactions which cannot
be directed top down,
and it would not make a scrap of difference if you changed the mind
set
of senior leaders because their patterns personal and collective will
respond to the emergent patterns of the societies in which they
operate. The Grameen bank case that I quote in the article
is a great example of complex thinking – its bottom up, no one
changed
leaders to some model of thinking, someone just went out and did
something simple which created change – the more people do that
the
more chance the world has.
Apply this thinking to the Schiavo case and it will make your head
spin.
The article cited above explains the Grameen bank case as follows:
The Grameen Bank was created in
Bangladesh to provide small loans to poor people. The name Grameen
comes from the Bangla word for village. This is a market which the
conventional banking system finds unattractive. Most commercial and
private loans are based on credit scoring, an ordered concept in which
the characteristics of good and bad debtors are identified and used as
predictors and therefore controls for future lending. This increases
the cost of lending as the various processes have to be administered,
and small loans this become uneconomic. In the Grameen Bank everyone
who took out a loan was required to be a part of a self regulating
borrowers’ group in which each member of the group had to take
responsibility for the debts of the others. This simple rule which
costs little to administer produced a 97% repayment rate comparable
with best achievements of the large banks; there are now over two
million clients of the Grameen bank and the approach has proved both
scalable and portable. I find the Grameen Bank an inspiring case, and
an illustration of the great benefits that complex or unordered
thinking can bring. Managing the
starting conditions not an idealized end state
can produce lower cost more effective solutions. Complex thinking is
not a nice to have in modern management, it is a fundamental
necessity.
It is a new and exciting way of thinking about the world
Some of the techniques for 'complex thinking' he suggests:
- Manage by monitoring for the emergence of pattern to
sustain or disrupt, rather than managing by objective, to plan or to a
model;
- Focus on effectiveness (with requisite diversity and
allowance for inefficiency for adaptability) rather than efficiency;
- Explore don't exploit;
- Strive for resilience and adaptability not stability;
- Measure the stability of 'barriers' and 'identities',
and
the attractiveness of 'attractors', rather than using reductionist
measures like ROI;
- Simulate emergence to see the patterns of
possibility, rather than analyzing and relying on 'experts';
- Understand that our different 'identities' make
decisions
based on personal experience and stories representing collective
knowledge (we usually think of individuals making decisions based on
enlightened self-interest).
So how might we apply 'complex thinking' to domestic security? Rather
than trying to solve causality, or rank and address all of the
potential security risks, how could we discover and 'disrupt the
patterns' of acts of terror? Does this imply that until/unless we can
discover the patterns, it's a waste of time and money doing anything?
Decentralizing targets and diversifying sources of supply would seem
to
be a good way to build resilience into critical systems. What else
could we do? If we acknowledge that the barriers we have erected at
borders are unstable (and next to useless for combating terrorism,
while particularly effective at disrupting commerce and tourism), are
there other barriers we could use instead? Are there 'attractors' we
could put in place that would draw those with an axe to grind against
the West elsewhere (Iraq seems to be an unexpectedly good attractor
these days)? What kinds of simulation could we run that might help us
see what the impact on terrorist activity might be of various
interventions -- would building good schools in the Mideast help or
hurt for example? And what kind of stories can we surface and tell
that
would inform the decisions of those inclined to loathe us and act on
that loathing?
|
Fundamental re-thinking network security
Fundamental re-thinking network security
02/18/2004 07:59 PMIn my time as a security professional, I have been faced with hundreds
of scenarios in which someone asks me the question that goes something
like this: “I have this network that has all of these specific
services and needs,...
SQL Security Issues
SQL Security Issues
04/24/2004 10:35 PMCan An Apple A Day Keep Security Issues
At Bay?
Can An Apple A Day Keep Security Issues
At Bay?
06/03/2004 06:42 AM
By Mathew Schwartz, Security Wire Perspectives (via MyAppleMenu)
Other News: Security Issues
Other News: Security Issues
09/27/2004 09:27 AMWe link to several articles about serious security threats and the
Mac's position vs. Windows.
Are we just living with Security Issues?
Are we just living with Security Issues?
12/30/2003 01:22 AMSince August 17th, we have had thousands of computers hit with the
Nachi or Blaster worms. Over the past few months, we have only seen an
increase in the number of hosts infected. It seems as though the
Internet IT...
Smart Guest Book Security Issue
Smart Guest Book Security Issue
08/30/2004 12:00 PMDirect and Related Links for 'Smart
Guest Book Security Issue'
“Critical: Moderately critical Impact: Exposure of sensitive
information Where: From remote Solution Status: Unpatched Software:
Smart Guest Book 2.x A security issue has been reported in Smart Guest
Book, which may allow malicious people to gain knowledge of sensitive
information. The problem is that the database file
“SmartGuestBook.mdb” by default is accessible by anyone.
This may disclose various information including the administrative
username and password by downloading the file from an affected web
site. Solution:…
Apple issues Mac OS X security patch
Apple issues Mac OS X security patch
05/21/2004 06:49 PMMicrosoft Issues Security Patches
Microsoft Issues Security Patches
11/11/2003 10:17 PMPC Magazine Nov 11 2003 9:32PM ET
Yahoo issues security patch for IM
Yahoo issues security patch for IM
08/13/2004 12:45 PMWeb giant releases fix for vulnerability stemming from open-source
graphics code.
Security Issues in Rediff Bol Messenger
Security Issues in Rediff Bol Messenger
01/01/2004 04:31 AMS G Masood (Jan 22 2003)
The continuing saga of IE Security
Issues
The continuing saga of IE Security
Issues
04/09/2004 07:57 PMI have a simple question. Why can't a company that has 50 billion
dollars in reserve cash fix their damn...
abuse & security issues > Israel
abuse & security issues > Israel
03/29/2005 08:40 PMGadi Evron (Mar 29 2005)
Notes and Tips: Security Issues
Notes and Tips: Security Issues
06/10/2004 09:59 AMHere's one more note about Mac OS X security vulnerabilities following
the latest Apple update.
Microsoft issues security update
Microsoft issues security update
07/03/2004 10:00 AMUSA Today Jul 3 2004 2:31PM GMT
Security issues of using shared code
Security issues of using shared code
08/02/2004 03:25 PMDirect and Related Links for
'Security issues of using shared code'
“If you’ve ever written a lot of code, you’ve
probably found yourself thinking, ‘Someone must have already
tackled this problem.’ You may even have gone a step further and
done a Google search for relevant code that you might be able to
incorporate into your project. But have you ever stopped to think
about the security ramifications of using this type of code? If not,
you should!…
Cisco issues another security warning
Cisco issues another security warning
04/16/2004 01:13 PMThe networking giant warns customers of a security vulnerability
associated with its Cisco 3000 VPN Concentrator.
It now appears that all of OS's have
security issues
It now appears that all of OS's have
security issues
12/12/2003 06:52 AMJaguar and Panther equally vulnerable .. Macs are not Invulnarable ..
this rather weak article .. this recent
story
abcnews.go.com/sections/scitech/ZDM/mac_vulnerablility_pcmag_0
31211.html
track this
site | 5 links
phpBB Issues Security Update
phpBB Issues Security Update
12/19/2004 03:07 PMCompany to license smart-card security
tools
Company to license smart-card security
tools
04/19/2004 12:13 AMCNET Apr 19 2004 4:16AM GMT
Apple issues iChat security fix
(MacCentral)
Apple issues iChat security fix
(MacCentral)
09/17/2004 10:47 AMMacCentral - Apple Computer Inc. on Thursday released its third
security update in recent days. Security Update 2004-09-16 fixes a
security issue with Apple's iChat application that allowed Remote
iChat participants can send "links" that can start local programs if
clicked.
Mac or PC? Windows' security issues help
some users choose
Mac or PC? Windows' security issues help
some users choose
09/21/2004 10:11 PMUSA Today Sep 22 2004 2:19AM GMT
Microsoft issues seven security patches,
two critical
Microsoft issues seven security patches,
two critical
07/13/2004 05:08 PMSoftware updates released today by Microsoft include fixes for
previously unknown flaws in the Windows OS, including critical holes
in the Windows Task Manager and HTML help features.
Apple issues revised security update
Apple issues revised security update
09/13/2004 09:42 PMApple has released a revised version of last week's
Security Update
2004-09-07, which fixes problems with Safari & FTP server in the
original security update. The new update is now available via the
Software Update panel and can be installed over the previous update.
Sybase ASE Multiple Security Issues
(#NISR05042005)
Sybase ASE Multiple Security Issues
(#NISR05042005)
04/05/2005 05:38 PMNGSSoftware Insight Security Research
Microsoft issues April security updates
Microsoft issues April security updates
04/13/2005 11:59 AMComputer Shopper Apr 13 2005 3:48PM GMT
Apple issues QuickTime security patch
Apple issues QuickTime security patch
05/06/2004 10:03 AMApple Will Be Patching Jaguar Security
Issues
Apple Will Be Patching Jaguar Security
Issues
10/31/2003 04:07 PM@Stake issues security advisories for
Jaguar
@Stake issues security advisories for
Jaguar
10/29/2003 02:47 PMInternet security firm @Stake issued three security advisories for Mac
OS X on Tuesday...
@Stake issues security advisories for OS
X Jaguar
@Stake issues security advisories for OS
X Jaguar
10/29/2003 02:45 PMSecurity consulting firm,
@Stake
issued
three
security advisories for Apple's Mac OS X operating system late
last night. The advisories affect Mac OS X 10.2.8 and lower and do not
appear to affect the company's recently released Panther operating
system. In fact, @Stake is recommending users upgrade to Panther as a
fix for the problems.
New Online Ventures Get Help With
Internet Security Issues
New Online Ventures Get Help With
Internet Security Issues
08/19/2004 02:11 AMMSTBIE, an online business solutions provider, today has announced
their partnership with Geeks In A Flash! providing new business with
additional options for ensuring the safe and successful launch of
their online business ventures. [PRWEB Aug 19, 2004]
NIST Issues Windows XP Security Guide
NIST Issues Windows XP Security Guide
07/06/2004 01:22 PMPaper maker documents key IT security
issues
Paper maker documents key IT security
issues
03/28/2005 06:16 AMJames Cupps, a former network engineer and information security
officer for the U.S. Navy, is now on his second tour of duty with
Sappi Fine Paper North America, a division of a $4.7 billion South
African manufacturing company. Cupps, the North American division's
information security officer and Sappi's global security lead,
recently shared his thoughts with Network World Executive News Editor
Bob Brown.
Opera Problems -- Security Issues, New
Version
Opera Problems -- Security Issues, New
Version
03/14/2003 12:25 AMReport: Security Issues Hamper
E-Commerce
Report: Security Issues Hamper
E-Commerce
06/24/2005 09:02 PMEnterprise Security Today Jun 23 2005 6:27PM GMT
Windows-Based PCs Plagued By Security
Issues
Windows-Based PCs Plagued By Security
Issues
12/28/2004 03:41 PMRed Nova Dec 28 2004 8:09PM GMT
Cisco issues wireless Lan security alert
Cisco issues wireless Lan security alert
12/04/2003 09:38 AMvnunet.com Dec 4 2003 8:48AM ET
Grok Description matches for smart thinking about IM security issues
GrokA matches for smart thinking about IM security issues
smart thinking about IM security issues
