More Proof Microsoft is Run by Monkeys

No, I am not talking about the video of Steve Ballmer doing the monkey dance — showing his dislike of creationism.

And I also am not talking about the theory that Shakespeare’s work could be replicated if you put enough monkeys on keyboards.

I am talking about the simple fact that if you are asked to secure a network environment, you will inevitably end up facing a Microsoft system setup to be a primary source of authentication, yet at great risk from attackers. You want to help, but every security expert knows Microsoft is a mess to work around.

It’s like being asked by a king to secure a castle after his keep was built with open doors at the top of stairs that terminate all over the place, often outside the perimeter walls. Imagine having to say “This design allows the village idiot to walk right into your bedroom and sleep with the queen. You didn’t know you were paying for that?”

Companies have to pay a hefty fee to make it safe after the fact, and in some cases the only way to make it safe it to tear it out and replace it. Can you believe Windows 98 was even allowed to be put on the market?

“Cheep, cheep” comes to mind.

Could monkeys stand in for Shakespeare? Interesting question, but perhaps more interesting is why people think it is fine for monkeys to manage software products.

Maybe Eliza Griswold’s Monkey poem explains this somehow:

Last week, the children ate his mother—

dashed her head against the breadfruit.

A young girl soldier laughs,

tears the baby from my leg

and hurls him toward the tree.

Corporate politics? Primitive product testing?

Men’s gold tub missing

A hotel in Japan has reported missing one of two 18K gold tubs. The BBC picked up the story:

Staff reported the tub was missing on Wednesday at the Kominato Hotel Mikazuki, a resort overlooking the Pacific Ocean, east of Tokyo.

Police said they had no idea how it was stolen, saying they had found no sign it was dragged on the floor.

The tub weighed 80kg (175lb) and was made of 18-carat gold.

It was normally chained to the door and padlocked when the room was closed, Japanese TV reported.

I think two people could easily carry 200lbs, and they certainly could lift it onto a dolly. The bigger question might be why the only control for a million dollar gold object was a chain and padlock. It wasn’t locked to the floor with secure bolts? Even for earthquake safety? Dual-purpose controls are often easier to justify in terms of expense, especially when there are regulations driving one.

One might think a camera would be in place in a hotel, but since this object involved bathing, perhaps someone thought privacy would be at risk. Fair enough, but the trade-off should have led to compensating controls rather than none at all.

In terms of suspects, the article does mention that only the men’s bathtub disappeared…

Cat in the Sink

by Get Fuzzy

Water,
water,
everywhere…
I didn’t do it.

Many thanks to the readers who forwarded the link to me. Here is another one — the hilarious run-up cell that gives a taste of Fuzzy’s logic:

S: You wrote a poem?
F: “Wrote”? Sir, I am bloated with steamy wonderousness. My poems are not so much written as they are excreted.

Visualizing Numbers

I often use metrics in security, and I am always trying to find ways to represent the numbers in a compelling/meaningful style.

Chris Jordan has taken this challenge to heart and created a stunning, if only a bit cheesy, online exhibit called “Running the Numbers: An American Self-Porait“:

This new series looks at contemporary American culture through the austere lens of statistics. Each image portrays a specific quantity of something: fifteen million sheets of office paper (five minutes of paper use); 106,000 aluminum cans (thirty seconds of can consumption) and so on. My hope is that images representing these quantities might have a different effect than the raw numbers alone, such as we find daily in articles and books. Statistics can feel abstract and anesthetizing, making it difficult to connect with and make meaning of 3.6 million SUV sales in one year, for example, or 2.3 million Americans in prison, or 426,000 cell phones retired every day. This project visually examines these vast and bizarre measures of our society, in large intricately detailed prints assembled from thousands of smaller photographs.

Have to think about how to incorporate these ideas of visual representation into security awareness such as slogans and posters. How would you depict the number of blocked connections, or brute-force attempts, on your systems?

Incidentally, this project reminds me that people rarely notice large amounts of similar/smaller sets of data, but magnitude relative to themselves has an impact. I expect someone to say they are impressed when standing at the base of Everest because of the overall size of the mountain compared to their own height/mass and not because of numbers of accumulated snowflakes, dirt, etc.. So Jordan’s exhibit should do well if he uses a really, really, really large format to convey the message.