Category: Uncategorized

Seeing the Big Picture

This quote from Bob Iger, head of Disney, is quite interesting for his perspective as a leader of a big company:

There is a human side to it that I try to apply and consider. [But] the harder thing is to balance with the reality that not everything is perfect. In the normal course of running a company this big, you’re going to see, every day, things that are not as great as you would have hoped or wanted them to be. You have to figure out how to absorb that without losing your sense of optimism, which is part of leadership — without losing faith, without wanting to go under the covers and not come out, without being down or angry to a counterproductive level, and without demanding something of people that is unfair, inhuman, impossible. (“Bob Iger on Shanghai Disney, Parting With His Chosen Successor, and His Pursuit of Perfection“, Variety)

Note that he’s not saying ignore the problems; he’s not saying don’t get angry; he’s not saying don’t demand improvement. He’s saying don’t get so angry that it’s counterproductive. He’s saying be demanding, but be demanding in a fair way. He’s also saying that you can remain optimistic in the face of problems.

There’s lessons here for security professionals.

Do Games Teach Security?

There’s a new paper from Mark Thompson and Hassan Takabi of the University of North Texas. The title captures the question:
Effectiveness Of Using Card Games To Teach Threat Modeling For Secure Web Application Developments

Gamification of classroom assignments and online tools has grown significantly in recent years. There have been a number of card games designed for teaching various cybersecurity concepts. However, effectiveness of these card games is unknown for the most part and there is no study on evaluating their effectiveness. In this paper, we evaluate effectiveness of one such game, namely the OWASP Cornucopia card game which is designed to assist software development teams identify security requirements in Agile, conventional and formal development
processes. We performed an experiment where sections of graduate students and undergraduate students in a security related course at our university were split into two groups, one of which played the Cornucopia card game, and one of which did not. Quizzes were administered both before and after the activity, and a survey was taken to measure student attitudes toward the exercise. The results show that while students found the activity useful and would like to see this activity and more similar exercises integrated into the classroom, the game was not easy to understand. We need to spend enough time to familiarize the students with the game and prepare them for the exercises using the game to get the best results.

I’m very glad to see games like Cornucopia evaluated. If we’re going to push the use of Cornucopia (or Elevation of Privilege) for teaching, then we ought to be thinking about how well they work in comparison to other techniques. We have anecdotes, but to improve, we must test and measure.

Incentives, Insurance and Root Cause

Over the decade or so since The New School book came out, there’s been a sea change in how we talk about breaches, and how we talk about those who got breached. We agree that understanding what’s going wrong should be a bigger part of how we learn. I’m pleased to have played some part in that movement.

As I consider where we are today, a question that we can’t answer sufficiently is “what’s in it for me?” “Why should I spend time on this?” The benefits may take too long to appear. And so we should ask what we could do about that. In that context, I am very excited to see a proposal from Rob Knake on “Creating a Federally Sponsored Cyber Insurance Program.”

He suggests that a full root cause analysis would be a condition of Federal insurance backstop:

The federally backstopped cyber insurance program should mandate that companies allow full breach investigations, which include on-site gathering of data on why the attack succeeded, to help other companies prevent similar attacks. This function would be similar to that performed by the National Transportation Safety Board (NTSB) for aviation incidents. When an incident occurs, the NTSB establishes the facts of the incident and makes recommendations to prevent similar incidents from occurring. Although regulators typically establish new requirements upon the basis of NTSB recommendations, most air carriers implement recommendations on a voluntary basis. Such a virtuous cycle could happen in cybersecurity if companies covered by a federal cyber insurance program had their incidents investigated by a new NTSB-like entity, which could be run by the private sector and funded by insurance companies.

Electoral Chaos

[Dec 15: Note that there are 4 updates to the post with additional links after writing.]

The Green Party is driving a set of recounts that might change the outcome in one or more swing states. Simultaneously, there is a growing movement to ask the Electoral College to choose a candidate other than Donald Trump to be the next President of the United States. Some surprisingly serious people are publicly making arguments for the Electoral College taking an active role, including law professors Sandy Levinson and Lawrence Lessig. Lessig’s essay at the Washington Post starts:

Conventional wisdom tells us that the electoral college requires that the person who lost the popular vote this year must nonetheless become our president. That view is an insult to our framers. It is compelled by nothing in our Constitution. It should be rejected by anyone with any understanding of our democratic traditions  — most important, the electors themselves. (“The Constitution lets the electoral college choose the winner. They should choose Clinton,” Lawrence Lessig)

Lessig’s piece links to Federalist #68, written by the newly popular Hamilton. Having the electoral college not vote for Trump, after Clinton conceded, and after the current President met with him, seems problematic at best. Trump promised to respect the results if he was elected, but yesterday tweeted claims that “millions” had voted illegally, which might lead one to expect that some had voted illegally for him, adding legitimacy to a recount or re-evaluation of results.

A Electoral College outcome other than Trump will be labeled a “stolen election,” and there have already been threats of violence by surprisingly serious people. Some of those who might engage in violence are already are engaged in disgraceful and un-American attacks on their fellow citizens based on race, creed, color, gender, or sexual orientation. They seem to treat the election as a “great disinhibition.” However, as horrifiying as those attacks are, and as many as there are, there are people who would not engage in such attacks but would call the election stolen. That would further undercut the legitimacy of the Federal government. (Chaos and legitimacy is topic that’s been occupying my thoughts for a while, but I have relatively little to say which is new.)

My take: the Electoral College exists for a reason. (See the above-linked Federalist #68). The best choice from a very bad set of possibilities is a “caretaker” government. The country is roughly evenly divided in hating either Clinton, Trump, or both. We should select a President who will not push for large changes or mess things up, and can start to address the real class issues which were exposed by the election. A middle of the road Republican and Democrat might be less unpalatable than other options.

Some relevant and interesting links:

Please keep comments civil. Additional interesting links are welcome.

[Update Dec 2: This is a thoughtful, left-wing consideration of the election, which makes the point that no single explanation is dominant. “Everything mattered: lessons from 2016’s bizarre presidential election.” Also, seven electors are now looking to strike a deal: “Teen becomes seventh ‘faithless elector’ to protest Trump as president-elect.” By the way, there’s probably an interesting story in how a 19 year old becomes a member of the Electoral College. Lastly, the Economist has an article on “Why an electoral college rebellion would be a bad idea.”]

[Update Dec 8: “Dump the electoral college? Bad idea, says Al Gore’s former campaign chairman.,” which includes the argument “it forces candidates to campaign in a variety of closely contested races, where political debate is typically robust.” Despite that, Texas Republican Elector Christopher Suprun has written “Why I Will Not Cast My Electoral Vote for Donald Trump.”]

[Update Dec 12: Videos: from one of the Hamilton Electors, Tucker Carlson vs. 2 Electors. “Electors demand intelligence briefing before Electoral College vote.”]

[Update Dec 15: “Virginia congressman calls for delay in electoral college vote,” and the open letter “Bipartisan Electors Ask James Clapper: Release Facts on Outside Interference in U.S. Election” now has over 50 signatures, and NBC is reporting that “Putin Personally Involved in U.S. Election Hack,” and that has to play into questions about legitimacy and the choice of Electors.]

Mac Command Line: Turning Apps into Commands

I moved to MacOS X because it offers both a unix command line and graphical interfaces, and I almost exclusively use the command line as I switch between tasks. If you use a terminal and aren’t familiar with the open command, I urge you to take a look.

I tend to open documents with open ~/Do[tab]… I wanted a way to open more things like this. I wanted to treat every app as if it were a command. I did this a little while back, and recently had to use a Mac without these little aliases and it was annoying! (We know that mousing was objectively faster and cognitively slower than keyboard use.

So I thought I’d share. This works great in a .tcshrc. I spent a minute translating into bash, but the escaping escaped me. Also, I suppose there might be a more elegant approach to the MS apps, but it was easier to write 5 specific aliases than to figure it out.

Anyway, here’s the code:

foreach f (/Applications/*.app /Applications/Utilities/*.app)
    set t=`basename -a $f`
	# Does not work if your app has a shell metachar in the name. Lookin' at you, superduper!
    set w=`echo $t | sed  -e 's/ //g' -e  's/.app$//'  | tr '[A-Z]' '[a-z]'`
    alias $w open -a \""$f"\"

alias excel open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\"
alias word open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\"
alias powerpoint open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\"
alias ppt powerpoint
alias xls excel

(Previously: Adding emacs keybindings to Word.)

Election 2016

This election has been hard to take on all sorts of levels, and I’m not going to write about the crap. Everything to be said has been said, along which much that never should have been said, and much that should disqualify those who said it from running for President. I thought about endorsing Jill Stein, the way we endorsed McCain-Palin in 2008, but even the Onion is having trouble being funny.

One thing which makes the American election system less functional is the electoral college system, which means that essentially a small number of states decide the election.

There is an effort underway to change that to a national popular vote, and there’s a group working towards that by getting states to agree amongst themselves to allocate their electoral college votes towards the winner of the national popular vote, once enough states have made that commitment to control the results of the elections. Its a pretty neat approach to patching the Constitution, and you can learn more at National Popular Vote.

Also in the spirit of nice things to see today, WROC in Rochester is streaming from the resting place of Susan B Anthony, whose tombstone has been covered with “I voted” stickers, and as I watch, people are reading the Seneca Falls Declaration.

The Breach Response Market Is Broken (and what could be done)

Much of what Andrew and I wrote about in the New School has come to pass. Disclosing breaches is no longer as scary, nor as shocking, as it was. But one thing we expected to happen was the emergence of a robust market of services for breach victims. That’s not happened, and I’ve been thinking about why that is, and what we might do about it.

I submitted a short (1 1/2 page) comment for the FTC’s PrivacyCon, and the FTC has published that here.

[Update Oct 19: I wrote a blog post for IANS, “After the Breach: Making Your Response Count“]

[Update Nov 21: the folks at Abine decided to run a survey, and asked 500 people what they’d like to see a breach notice letter. Their blog post.]

Secure Development or Backdoors: Pick One

In “Threat Modeling Crypto Back Doors,” I wrote:

In the same vein, the requests and implementations for such back-doors may be confidential or classified. If that’s the case, the features may not go through normal tracking for implementation, testing, or review, again reducing the odds that they are secure. Of course, because such a system is designed to bypass other security controls, any weaknesses are likely to have outsized impact.

It sounds like exactly what I predicted has occurred. As Joseph Menn reports in “Yahoo secretly scanned customer emails for U.S. intelligence:”

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

(I should add that I did not see anything like this at Microsoft, but had thought about how it might have unfolded as I wrote what I wrote in the book excerpt above.)

Crypto back doors are a bad idea, and we cannot implement them without breaking the security of the internet.