 |
| Image: ANWB |
Ten years ago on Friday January 13 I wrote something
about the phenomenon Friday the 13th. Do I have to come up with an
ingenious April fool’s joke today? No, let’s not do that. I can be funny, but let’s
leave thinking up and executing such a good joke to others. Such as the HEMA
department store, where they announced the inside out boxer shorts: the
underpants of today and tomorrow.
So you have been warned: it is April 1. In traffic we
have a special road sign to warn of all kinds of danger: the triangle with a
red border and a solid exclamation mark in the middle (at least, here in
Europe). In the past, there wasn't an exclamation mark, by the way, but just a
thick vertical line, with no dot underneath — as if using a symbol that anyone
could easily understand was forbidden. Just like that garden gate that warns of
crossing trains.
But as the title indicates, I'm mainly going to talk
about exclamation marks. And that's for a reason. I recently did a risk
analysis and asked those present what measures they had taken to protect their
system against a particular threat. Do you know what they said? We've added
exclamation marks in the manual! I like such creativity. It was recognized that
a particular step in the installation manual is important for the security of
the system and this feeling was expressed by using the universal attention
symbol. While that simple symbol, consisting of a line and a dot, is not even
intended for that: according to the Dutch dictionary it is only a “punctuation mark
that is placed after exclamations, commands, claims and wishing phrases”. Oh
wait, maybe wishing phrases is applicable here. They obviously mean phrases
like “Congratulations!”, but if you read “wishes” in a different sense, it
could also mean “I wish you would pay proper attention to this!”
Is it really possible, an exclamation mark as a security
measure? Oh well, it will probably help. But it is, of course, an illusion that
such a character in itself could promote the security of a system. If a measure
is important – whether it has to do with security or something else – then you
need to make sure that the measure is implemented and working. You monitor its
proper functioning, so that an alarm goes off somewhere if something is wrong.
That signal is then automated or human-assessed and action is taken if
necessary.
If all sentences in a text contain exclamation marks,
their attention value is quickly lost! Just like that colleague, who sends all
e-mails marked 'urgent'! In addition, it causes irritation! Okay, you get my
point: too many alarms are not good because a person needs focus, which certain
symbols can help with, unless there are too many. No way everything is super
important. For the same reason, we work with a shopping list in a risk
analysis. At the end of such an analysis, you will of course receive an
overview of all risks with the associated severity (in five steps from 'very
low' to 'very high'), but we also provide a separate list with only the high
and very high risks. Because that's what your focus should be on.
The exclamation mark is also a popular object in
passwords. We are often forced to use 'special characters' in addition to upper
and lower case letters and numbers. Raise your hand if your password for such
an account ends with an exclamation mark. Ah, I see a lot of hands. In 2017, the Washington Post headlined an
article: “You added '!' or '1' to your password, thinking this made
it strong. Science says no.” Despite the article being five
years old, the tips are still current. An important characteristic of a good
password is that it is not obvious. An exclamation mark at the end is
predictable. Psst… in a password you can also have your exclamation mark in the
middle! But of course you have your passwords generated by a password manager,
which knows those kinds of things.
Meanwhile, I inadvertently sit here listening to
Christmas music. Sky Radio has given its April Fool’s joke a special twist.
Yesterday they announced that they would be treating us to a sort of catch-up
white Christmas because of the snowfall (it’s unusual to have snow in this time
of the year in the Netherlands, let alone the quantities we’ve seen yesterday
and today). And then you think: haha, nice, I'm not falling for that. But now
I'm seriously listening to Last Christmas
by Wham! And that exclamation mark goes with the name of the band.
This blog post has
been translated from Dutch to English by Google and edited by the author.
And in the big bad world…
This section contains
a selection of news articles I came across in the past week. Because the
original version of this blog post is aimed at readers in the Netherlands, it
contains some links to articles in Dutch. Where no language is indicated, the
article is in English.
… you can hardly blame the system in question for not
carrying out monitoring. [IN DUTCH]
… European institutions are not well prepared for major
cyber attacks. [IN DUTCH]
... hacked e-mail accounts from law enforcement agencies
are used to request personal data from tech companies in the US.
… a Ukrainian IT worker fights against the Russians with his
keyboard and mouse.
https://edition.cnn.com/2022/03/30/politics/ukraine-hack-russian-ransomware-gang/index.html
… Google says that Microsoft's dominance in US government
is a security threat.
... Log4j still echoes in VMWare Horizon servers.
… criminals looted hundreds of millions from an online
game. [IN DUTCH]
… it is unwise to include passwords in a spreadsheet. [IN
DUTCH]
... 65 email fraudsters worldwide have been arrested in
an international police operation.
https://www.fbi.gov/news/stories/coordinated-operation-disrupts-global-bec-schemes-033022
… fake emails from Europol and the Royal Netherlands
Marechaussee (military police) accuse people of possessing child pornography. [IN
DUTCH]
https://www.fraudehelpdesk.nl/alert/e-mail-europol-en-kmar-over-kinderporno/
… soon free services will also have to comply with
consumer law. [IN DUTCH]
… your Mercedes will share information about the road
with the government. [IN DUTCH]
.jpg)
No comments:
Post a Comment