Security Data Ukraine

black_redAnother contribution to the Interwebnets containing an email exchange with an old friend. At times this friend brings the best out of me but other times s/he does not. Nomatter. The point is to think, express those thoughts, get them down for re-reading and then figure out what drove worst-moi to write/contribute in the first place. Or something like that. Don’t forget, for proper chronology, start at the bottom. Good luck. Rant on.


Dear Old Friend,

The reason there cannot be a completely different/separate Interwebnet for, as you put it, B2B, is because the Interwebnet protocol is not there. Could someone invent it anew? Maybe. But at this point it’s irrelevant. The reason for that is the environment that gave way to the Interwebnet is gone. No one will take the financial risk to actually try to (re)invent it or duplicate it. And why should they? And don’t forget, the reason the Interwebnet is what it is–is because it is open, it is decentralized. Which also means, no one will ever be able to close it down, either. You might be able to shut parts of it down, by turning off electrical switches and servers, but that will only effect compartments (i.e. countries, phone networks, etc.) Like everybody else using it, businesses have been on a free-ride from the get-go if they use Interwebnet protocols and now that they are being called-out on it, by hackers, it’s too late for them to do anything about it. Hence, all the fear mongering for security is not about you and me being afraid–which is what I’ve never talked about–but about scaring the companies to either invest or buy into the security scam. That’s why the articles and graphs you read are all on sites like MarketWatch and WSJ–fear is the only thing keeping the “markets” going. Which brings me to your point about encryption. Encryption is not the answer. They’ve tried that. They tried it with DVDs, CDs, DRM, etc., and even the credit card swipe devices at Target and Wal-Mart. Encryption will work for the individual and things like email (remember I offered that we try it?) but for the data exchange that is required by the whole Interwebnet, encryption will be too complex to employ at the scale the Interwebnet operates. And get this! The powers-that-be DO NOT want total encryption. Government must ride the slippery slope of ideology and politics dictated by dollars, my friend. As I’m sure you’re aware. Full encryption would mean that government couldn’t monitor everything. And, yes, they (govt.) even monitor and spy on bank transactions. Remember, it’s not only about encrypting the data but also enabling encryption in both software and hardware for the entire Interwebnet. To do that you’re talking about a huge cost, mostly made up of man-hours–and with the level of globalization that we live in, there is no way people would be hired to fulfill the level of man-hours required to make it all happen. Just consider what all — ALLLLLLLL — router/modem manufacturers will have to do to put hardware encryption into their devices. Dude, it is so NOT going to happen. Not to mention the fact that hardware encryption is probably easier to break than software–just ask the the NSA about that. The way we use technology today was not invented by any one person or company–it has grown out of the magic of open-ness and decentralization. That cannot be cracked or broken or controlled.

Cheers


Hey Worst-Writer,

The only thing I can say about the data on the Internet thing is that since I ran my company back in the 1990’s all business was moving that way. All B to B transactions have been on networks for much longer then the average consumer’s interaction with networks. Even if a completely separate network were established for BtoB channels, there are still hacks. There are hacks everywhere but there is no turning back. Everyone expects everything to be accessible. From travel to buying a scarf to looking up tax data or bank accounts. The access is expected and there.

From my perspective, the real technology would be in encryption. I may be wrong but I don’t think it would be hard for companies to pull from networks all but immediately necessary data. Then you massively encrypt all of it. Every log in would have to run algorithms to very or authenticate every “user” access. If someone wants to use a proxy etc. they don’t get access, plain and simple. The only people who get access are the ones that pass a set of protocols and after that, what they can access is limited. Archive data can be obtained but only through a series of proper protocols, which can all be automated… I mean everyone has processing power in their computers that would allow all of this. Internet connections would have to be more robust so places like developing countries and much of the US people would complain and have to find other solutions. But for the most part, It seems to me security should not be the problem it is but till now the approach to security has just not been taken a seriously as it should and what is called “security” is actually just “prevention of access” not true security. Anyway, that is my 2 cents.

I still don’t see the fear mongering cause I don’t know anybody, anybody, anybody who fears anything when it comes to credit card data etc. There is no privacy any more, everything everyone does is monitored and every savvy marketing company knows everything about you, your habits, health, location etc and I don’t know many complaining. There is no fear in security from a consumer perspective. Corporate’s need to do a better job but please tell me WHO benefits from SOME UNNAMED person spreading “fear” about security?

Your Friend


Dear Old Friend,

I can only continuing saying that the whole data-thing is a hoax. I don’t believe a word of it. Do with it what you will. What’s really going on is fear mongering. Fear-mongering to support an industry that thrives and earns on that fear because it’s easy to earn from. The first article I ever published, which was almost fifteen years ago, began with: if your business needs security don’t put your data on open networks. That might be a far cry away from the closed world of credit card fraud but the gist is the same. When I stopped working back in 2002 the only industry that could have potentially hired me was data security. Since then the whole idea of “risk management” has exploded, whether it’s about managing the risk of investment or the risk of a data security breach, the operation of such activity is the same. This is simply what happens when there’s no creativity left in the market, when all business runs on laurels, when everything has been marginalized to the hilt. Game over — so you better at least be secure. It’s all bullshit.

As far as the Ukraine… I think this is a test for Germany. I believe that Merkel has cut a deal with Russia/Putin that leaves the Ukrainians hanging but energy flowing–and the US has approved that deal (because internationally Obama is a few shy of a six-pack). The EU press, the German press and the pacified anti-war hippies are blowing this way out of proportion. Sure, people are dying, but when was that not the case in these countries since the collapse of the Soviet Union (or even before that)? Remember Yugoslavia or Hungary or Georgia? Those in the Ukraine that are “western” oriented have screwed themselves. They have chosen as their leaders people who are probably as brutal if not more-so than Putin. The oligarchs of Ukraine are gorillas, man. I read recently that it was probably one of those gorillas that shot down the Malaysian plane, he was the one who owned the Russian-made missiles capable of doing it–and the nutbags serving him actually thought they were shooting down a Russian spy plane because the pilots of that flight diverted their course to avoid flying over water (Malaysian airlines hasn’t had much luck recently flying over water!) and the guys running the missiles weren’t told that. Also, Ukrainians should have known that Putin wouldn’t allow their country to side with NATO–which is the ultimate threat to Russia, ain’t it? Just look at what happened to Georgia. I think the situation is dire for Ukraine but I don’t think this will turn Europe into pre-ww1 situation. Putin will probably contain this, probably with brute force, but in the end it will be contained. The EU is not going to war over this. Of course, it doesn’t help that the only significant contribution of Ukraine to EU are its ports for energy distribution from Russia.

Cheers


Hey Worst-Writer,

Bloomberg is not fear mongering. This is not MSNBC or FOX this is Bloomberg and corporate america is literally under attack for data. The fact that card data is so prevalent that criminals only get a few cents to at most a couple dollars for every “live” card number shows that. The damage is to merchants not the consumer so this is not fear mongering. Nobody, I mean no individual I know is really afraid of it cause the banks and merchants take a hit not the consumer.

Anyway, my barrage of info on the subject is just to indicate how prevalent it is and how versatile the criminals are.

What the Fuck is up in Ukraine? They are up to like 3,000 dead. There is a fucking war going on there… The markets keep going higher and nobody seems to give a damn. It is real man, this is not Syria or Iraq or Lybia or Yemen… These are Ukrainians, people with real weapons, who know how to make them, not some fuckers who live in mud huts and have no technological means to product a damn microwave let alone weapons. These guys are part of the race of people who can do some real fucking damage when they go to war… It’s got to stop.

Your Friend


Dear Old Friend,

It is an interesting graph… if you like red on black.

So, do you think, because I’m a registered user of Evernote (but I never use the krapp), that that’s how the crooks got my German credit card number this summer and used it to try to buy stuff at a Canadian Target store when I was in Virginia, USA? Numbers that indicate that what-ever million user information was stolen means nothing in the context of these two graphs. If they listed what damage was done to individual card holders I might be interested. Otherwise, again, this is only fear mongering.

Cheers


Hey Worst-Writer,

Look at this graphic: http://www.bloomberg.com/infographics/2014-08-21/top-data-breaches.html

Pretty amazing eh?

Your Friend

Published by

Tom

Just another expat blogger.