divisionbyzero

question . authority
21Aug

Full Disk Encryption

brad | Category: Article, Rant | Comments Off
Tags: , , , ,

As you may or may not know, I am gainfully employed by the Federal Government in the area of Information Security. Recently the Bush Administration responded to media hype to issue a Federal Mandate requiring all government owned laptops use encryption technologies to encrypt their data.

There are two interpretations of this memo.

  • Encrypt the ENTIRE disk.
  • Encrypt just the files containing the data.

So, what’s a lowly security administrator to do?! Choices are bad! Obviously you encrypt the entire disk! Right?! no? Why not?
Read the rest of this entry »

26Jul

PHP, Are you serious?

brad | Category: Article, Rant | 2 Comments
Tags: ,

A long time ago, in a galaxy far, far away, I programmed in PHP for a mortgage company. I ended up leaving that job for personal reasons. Apparently, 40 hours/week truly is not enough. I was a Perl programmer prior to that excursion, and I guess I never grew out of it. I always felt uncomfortable there. For a while I thought it might be social, but after further reflection, it’s obvious it was actually PHP’s fault.

To frame this, I just got back from YAPC::NA. I learned all kinds of new techniques and tricks from MJD, chromatic, brian d. foy, Randal Schwartz, Damian Conway, and countless other acquaintances. What’s not to love about Mason, DBIx::Class, and the brain bending functional tricks you can learn from MJD and chromatic? I never knew that @INC could contain a subroutine reference, did you? I also never thought of something so clever as recursively calling an anonymous sub ref contained in a scalar by using another anonymous subroutine that dereferences that ref at runtime.

Read the rest of this entry »

18Jul

Eating your own dog food

brad | Category: Article | Comments Off
Tags: , , ,

Most of the organizations I’ve been a part of, the IT staff usually has exemptions from IT policies if not significantly escalated privileges. This distances them from their users. I also happen to know and test MANY different ways to circumvent the policies and controls in place on the network. You can’t push policies and haphazardly grant exceptions to those policies to the group in charge of making them.

Read the rest of this entry »

12Jul

Trust.

brad | Category: Article | 2 Comments
Tags: , , ,

As a programmer, I’ve had the concept of “DON’T EVER TRUST YOUR USERS” beaten into my head. For programmers, this concept is incredibly important. Users almost always exceed your expectations for creativity with your new application. By planning for unexpected input, and properly cleaning all variables you can theoretically account for abuses of your system by malicious users and provide a graceful failure for users attempting to enter in bogus data.

This concept is key to PROGRAMMING. What I find astounding, is a large majority of corporations are adopting this practice for ALL IT related issues, and it’s even saturating into HR and other areas of employment. Working as a Security Administrator, I’m surprised that most employers have decided to not trust their employees. If you can’t trust them, then why would you hire them?

Read the rest of this entry »

Newer Entries »