 |
| Image from Unsplash |
Freezing rain had been forecast. On the radar you could see a mighty precipitation area rolling in from the south. Like many colleagues, I decided to go home early. I got home dry and, more importantly, without slipping, and spent the rest of the afternoon watching how, in this region, things didn’t get nearly as bad as expected.
After work
I was supposed to go for a run. However, the threat of freezing rain still
lingered in the air (even though I hadn’t seen anyone slip in my street). So I
decided not to run outside and instead put my treadmill into action. Safely
exercising indoors. Added bonus: inside it was about twenty degrees (36 °F) warmer. Shorts and a light shirt would do just fine.
After
twelve minutes and fifty seconds my athletic ambitions came to an abrupt end. I
made a misstep: my right foot didn’t land on the belt but on the edge of the
machine. The entire right side of my body suddenly stopped, while the next step – with the left foot – was already underway. You can imagine this
didn’t end well. First my left knee hit the moving belt, then the right one. My
left foot had meanwhile planted itself on the ground behind the treadmill.
Which meant I stood still. While the belt kept running underneath me. With my
knees still on it. It burned quite a bit.
Treadmills
have a safety cord. One end has a clip you attach to your clothing, the other
end a plug you stick into the control panel. If you fall, the plug should be
pulled out by the cord so the belt stops. The cord turned out to be slightly
too long for the position I had ended up in – the safety plug stayed in place. The belt kept
spinning until I pulled the cord by hand.
My wife and
daughter rushed in, worried, and a bit dazed I asked for two wet washcloths to
cool my knees. Three days later, the left one is almost healed, but on the
right one I’m currently missing about four centimeters (1.5”) of skin. Nothing
dramatic, it’s just the occasional sting and the healing wound pulling a bit.
I learned
two things. First: organizational measures can backfire. I chose not to go
outside because I didn’t want to fall. And that is exactly what happened. Of
course I try to project this onto my work (this is still the Security (b)log,
right). Do we sometimes make decisions there that ultimately cause the very
thing we tried to prevent? Those decisions are usually well thought-out,
thoroughly discussed, and we’ve slept on them. We’re currently revising our
password requirements. Obviously with the intention of making our employees’
accounts more secure. But we must be careful not to make things so difficult
that people get ‘creative’. Communication and support are crucial when
implementing changes that affect everyone personally.
Second: if
technical security measures are not implemented well, they won’t work in every
situation. The safety cord works perfectly if you fall straight backward off
the belt, but not if your fall stops halfway. You have to be very clear about
the purpose of a measure, and you must examine all possible scenarios. Only
then may you expect the measure to do what you intended. Example: we’ve been
encrypting our data and communications for years. But if you don’t take the
coming of the quantum computer into account – one that can crack today’s encryption with ease – you remain vulnerable. Maybe not today, but
certainly when the data you send now can be decrypted by unauthorized parties a
few years from now.
Our
daughter is celebrating her eighteenth birthday today and wants to drive to
school*. We’ve taken all kinds of measures: she got her driver’s license, we
practiced extensively with her, we agreed on rules. The car was recently
checked. And we have expressed our trust in her. And yet, as parents, you’re
relieved when she gets home safely. Because you know that measures don’t always
work.
*: In the Netherlands, you can take driving
lessons from the age of 16.5. Once you get your license, until your 18th
birthday you have to be accompanied by a registered driver who must be no
younger than 27 years.
And in the big bad world…
- Banning ransom payments is being reconsidered as a measure that may have unintended consequences.
- The Netherlands is exploring the French alternative for video conferencing. [DUTCH]
- Your notepad turns out to be hacked.
- AI worms are on the way.
- Azure is (finally) discontinuing outdated TLS versions.
- Nearly a third of ads in Meta apps are malicious.
- State‑sponsored hackers are exploiting vulnerabilities faster than ever.
- The Netherlands won’t have a minister for digital affairs, but we’ll have a ‘cyber ranger’. [DUTCH]
- Even Vatican media express concern about the lack of transparency in the use of AI.
