 |
| Image from Pixabay |
“Big bluebottle optimistic about 160th attempt to pound
through the window,” the Dutch satirical website De
Speld reported this week. At times I feel a great connection with that
insect.
Do you that feeling that something is crystal clear to
you yet not at all understood by someone else? I also sometimes sit on the
other side, for example when the children have fun saying "Hey Marco,
great!" and I ask them what the hell they're talking about (it’s a viral
TikTok thing; you don’t need to know more about it).
However, if I myself am surprised because someone really
doesn’t get it, then it is a different story. You need to respond
professionally, whether in your private life or at work. An example of the
former I experienced twice when the children entered high school and were
taught mathematics. I used to help them with math, and when I was dealing with
simple equations, I found that they had no idea what a variable actually is.
Their glazed looks when I said: “Just fill in 2 for x…” spoke volumes. Then you
have to reset yourself, go back to basics and find words to explain something
that is completely self-evident to you. In the meantime, I do wonder how a
teacher could possibly not notice something like this. By the way, it helps if
you've been through a situation like this before – with the second child I
quickly recognized what was going on and wasn't even surprised anymore.
But especially in my work I sometimes feel like the
bluebottle, trying to smash through double glazing. Taking an extra run-up and
hitting that window again at full speed definitely wouldn’t do much good. That
fly doesn't understand. I do. And so I'm going to look for another window that
might be open. Although that takes extra time and effort, it does offer
perspective on achieving my goal.
You have to be open to this phenomenon on both sides.
Yesterday I was in a meeting about how we should deal with the BIO (the Dutch government’s
baseline for information security, fully bases on ISO27002) in a certain
project. After a while I realized that one of the participants might not know
what that BIO is all about. That's why I asked him. In this case, he was well
informed, but it’s also possible that someone completely drops out because they
don't know what you're talking about. On the other hand, if someone talks about
something you don't know, or uses an abbreviation that doesn't mean anything to
you, ask about it. After all, there is only one stupid question: the question
that was never asked.
I've been struggling with passwords for a while now.
Every now and then I run into colleagues who – no doubt with the best
intentions – handle passwords insecurely. Typically, these are system to system
passwords used in testing. These tests are often performed automatically,
sometimes in the middle of the night. Now there are techniques to ensure that
those passwords are in a digital vault, from which they can be retrieved by the
relevant process. Without human interference. And no one knows those passwords,
because they are automatically generated and immediately encrypted and stored
in that vault. Sounds solid, doesn't it?
Unfortunately, there are teams that cannot or do not want
to apply this. They request the password in plaintext and want to store it in their
team password manager access it if necessary. When I hear about that, I'm just
that bluebottle thinking: how come they don't understand that passwords for system
to system access should not be known to people? But of course it is never that
simple. There are always good reasons not to do it the right way. And if
something works, there is usually little incentive to change it. But, I say:
open your window to let the bluebottle through. This results in a win/win
situation: fly happy, you happy. And your operation becomes a bit safer. Even
if it is 'only' in the test environment. Which by the way should be
production-like…
No Security (b)log
next week.
And in the big bad world…
This section contains
a selection of news articles I came across in the past week. Because the
original version of this blog post is aimed at readers in the Netherlands, it
contains some links to articles in Dutch. Where no language is indicated, the
article is in English.
- online platforms, such as Google and Amazon, will no longer be allowed to manipulate their European users.
- Google
will soon offer us a smoother cookie wall. [IN
DUTCH]
- maybe that iOS app is still tracking you.
- Preferably
arrange your privacy before critical questions arise. [IN DUTCH]
- As early as 1971, people were already concerned about the privacy aspects of computer use.
- can
you not report data leaks for a while. [IN
DUTCH]
- finds weaknesses in the security of systems quite a bit of pocket money.
- ill-considered implementation of zero trust can lead to security systems going blind.
- Patient
records, which were stored in the cloud, were inaccessible for hours due to a
DDoS attack. [IN DUTCH]
.jpg)
No comments:
Post a Comment