Security

7 Bad Habits of CISOs

Leave a comment

Forbes has published an article called “The Seven Habits of Spectacularly Unsuccessful Executives“. These are great conversation starters and topics of investigation, especially when auditing/interviewing executives in charge of enterprise security and/or risk management.

  1. See themselves and their companies as dominating their environment
  2. Identify so completely with the company that there is no clear boundary between their personal interests and their corporation’s interests
  3. Think they have all the answers
  4. Eliminate anyone who isn’t completely behind them
  5. Consummate spokespersons, obsessed with the company image
  6. Underestimate obstacles
  7. Stubbornly rely on what worked for them in the past
Security

Protecting VMs, In the user’s brain

Leave a comment

Ross Anderson and Frank Stajano, in a paper called “It’s the Anthropology Stupid!“, suggest that the study of human culture is necessary to understand insecure behavior and protect virtualization from risk.

And what about mistakes? They matter much more than targeted attacks. […] Mistakes are often caused by getting the context wrong, so if we’re going to make them less likely, our designs should be better at synchronising the user’s mental model better with that of the machine. […] …secure virtualisation isn’t just about ensuring that the right VM in the laptop talks to the right VM in the cloud. It’s about ensuring that the right VM in the laptop (or the cloud) talks to the right VM in the user’s brain. It’s not primarily about the outside attacker, but the insider: and the critical question is which insider.

The point they’re making is that each group and subgroup is defined by its controls. Have you ever shown up to a party wearing the wrong costume?

Something you have, something you know, or something you are will matter when assessing whether you are in the right place at the right time. A gap (mistakes) can easily form between the implementation of segmentation in virtualization technology and its translation to a view or knowledge of the segmentation by a user.

I get asked all the time now “can you give us a reference architecture for segmentation”? This is like asking an anthropologist for a guide to what costume you should wear to the party. Does the outside observer really get to set the insider behavior? Automation without accounting for variables in behavior may only push these gaps wider.

The line of reasoning in this paper reminds me of a movie released in 1968 by Stanley Kubrick as echoed in my 2011 BSidesLV Presentation: A Cloud Odyssey.

Energy, History, Poetry, Security

Vuoi Vuoi Me (Henrik Schwarz Remix)

Leave a comment

A Sámi song by Mari Boine, remixed by Henrik Schwarz.

From the album “It Ain’t Necessarily Evil – Mari Boine Remixed Vol II”

And below is my remix of the translation from a language once banned:

Sami languages, and Sami song-chants, called yoiks, were illegal in Norway from 1773 until 1958…in Russia, Sami children were taken away when aged 1-2 and returned when aged 15-17 with no knowledge of their language and traditional communities.

language and song were considered such a risk that they were banned for centuries.

The Sami chant, the yoik, traditionally had a dual function. On the one hand, it was, and still remains, the distinctive musical expression of the Sami. The yoik is used “to remember people”, to characterize individuals, animals and landscapes. It can be described as a melodic-rhythmic lecture, in which rhythm is paramount and less emphasis is put on the verbal description of the lyrics. The yoiker’s task is to use music and images to create an emotion or atmosphere that then evokes the person, animal or place yoiked. In the pre-Christian religion, the yoik formed an important part of religious ceremonies. In such ceremonies, the shaman added a rhythmic accompaniment to the yoik by beating his drum. This dual function is the reason why some people even today see the yoik as sinful and therefore incompatible with Christian religious life.

As early as the 17th century the yoik was banned by law. Anyone breaking the law was to be punished severely. The reason the yoik was banned and condemned at this time was that the period saw the beginning of Christian missions among the Sami, and the yoik was seen exclusively as an expression of pre-Christian religion.

Finnmark protests 1981Mari Boine explains in the video below how and why she started to recognizes and reclaim her own heritage and sing the yoik.

She mentions the protests and violence in the news at the beginning of the 1980s, as seen in the photo to the right, had a strong effect on her sense of identity; the controversial construction of a hydroelectric power plant on the Alta river in Finnmark, Northern Norway created feelings of anger and rage for her as a Sámi.

Vuoi mu gollelottas
Vuoi mu beaiveidjalottas
giehka ja goaskin
Vuoi mu spalfu
Vuoi mu spalfu
miellevuol besiinis
Vuoi mu idjaloddi
ravddahis geahcastagainis
Vuoivuoi mu
Vuoivuoi mu

Vuoivuoi daid iluid
Vuoivuoi daid iluid
skeaikkigavnnasmeriidisguin
Vuoi daid morrasiid
Vuoi daid morrasiid
salteganjalmearaidisguin
Vuoivuoi daid buollasiid
Vuoivuoi daid buollasiid
vuoi gesiid mearehis bahkaid
Vuoivuoi mu
Vuoivuoi mu

   Vuoi my little yellow bird
Vuoi my summer night bird
cuckoo and eagle
Vuoi my swallow
Vuoi my swallow
with nest under riverbanks
Vuoi night owl
with limitless vision
Vuoivuoi me
Vuoivuoi me

Vuoivuoi joy
Vuoivuoi joy
with hearty laughter
Vuoi sorrow
Vuoi sorrow
with oceans of salty tears
Vuoivuoi winter frost and cold
Vuoivuoi winter frost and cold
vuoi summer with burning hot days
Vuoivuoi me
Vuoivuoi me