Some notes following the Identity Management Europe event, 14 March 2019, Frankfurt.

  • Ever wondered which are the biggest risks that we face? According to the World Economic Forum, a massive data fraud/theft or a large scale cyber attack rank in Top 5 most likely global risks, while the large scale cyber attack has the 7th most devastating impact. Worrying, no?
  • The fraud triangle: pressure (motive) – rationalisation – opportunity
  • Need-to-know – has strictly limited use cases (it comes from the military). In real life, we want the information to flow – don’t kill the business. There is always a fine balance between over-entitlement (leading to security risk) and under-entitlement (business risk).
  • MFA with yubikeys is the Graal of authentication – superior to everything else.
  • NIH: Not invented here: the strong bias against ideas from the outside.
  • Build vs buy: the main advantage of ‘buy’ is the fact that it allows the customer to concentrate on their core business.
  • In the cloud infrastructure there is the concept of zero trust. Deny all by default. Never trust. Always verify. Never trust the client. Never trust the server. Never trust the network.
  • Friendly reminder that the cybercrime became a 1.5 trillion business

Some emerging technologies:

Finally, some notes on automation:

  • Robotic process automation can be used for automatic testing (auto-filling of forms)
  • DevOPS (combining responsibilities of DEV, Q&A and OPS) – only possible if a big chunk of the work is automated
  • Workflow: Code > Build > Test > Deploy > Monitor – all of this automated (maybe except for the coding part 🙂 )
  • Remediation using automation: service not responding: auto-restart; load spike: auto scale instances; service fail: redeploy a new instance
  • Use automatic monitoring tools to detect bugs before your users (Splunk)
Rainy Frankfurt

Random links #12

Written on 12 March 2019, 09:27am

Tagged with: , ,

I believe that the Airpods success can be explained by the bandwagon effect: “the rate of uptake of […] trends increases the more that they have already been adopted by others“. They slowly made their way from mockery to status symbol.

~~~

At first sight, a bank card with a built-in fingerprint reader seems to be an excellent idea, right? You trade the PIN code (something that you know) for your fingerprint (something that you are). From an usability point of view, it’s a major step forward (PIN codes can be forgotten, misplaced, shoulder-surfed, reused, social engineered, etc). But from a privacy point of view things don’t look so good anymore. The initial plans indicate that the users still have to walk in a branch to enroll their fingerprints – which
(probably) means that the bank will get to know your biometric data. Which cannot be reset, as we all know.
A possible alternative is to ditch the bank card altogether and use something that you have with you all the time: your smartphone (see Apple Pay, Google Pay) – in addition to your biometric data which never leaves your device. But this solution is not inclusive: not everybody owns a smartphone.

~~~

The results of this study are really sad and shows that in reality, we are far, far away from secure-by-design principles. “Researchers asked 43 freelance developers to code the user registration for a web app and assessed how they implemented password storage. 26 devs initially chose to leave passwords as plaintext ” (via)

~~~

Read this thread in full. Brilliant

~~~

In the last day of the year, it’s time to look back at the year and highlight the things that enjoyed in 2018. For reference, here is the list from the last year.

1. Two books: Daemon and Freedom, by Daniel Suarez. Absolutely brilliant, I don’t know how I missed them for so many years. Here’s an excerpt:

The Code book from Simon Singh was probably the runner-up – a few months ago I ordered the printed version and read it again after 5 years.

2. My new notebook: Huawei Matebook x Pro. Say what you want about Huawei, but they came up with a brilliant device. Miles ahead of the premium-priced Macbooks, it fundamentally changed my workflow. Never been a tablet guy and probably never be, so the combination of an iPhone + an ultrabook like the Matebook works best for me.

3. WorkFlowy: an exponent of the makers (*) culture, WorkFlowy is a dead-simple, cross-platform note-taking app. The hierarchical structure of the notes makes it compatible with mind-mapping and I found myself using it in a variety of ways. For instance, I drafted the outline of this post in WorkFlowy. Others wrote books with it:

(*) the makers culture: Peter Levels https://levels.io/ https://makebook.io/
https://twitter.com/ajlkn https://carrd.co/

4. A place: the Austrian Alps in the summer time. I had the chance to spend about a week in the mountains. The combination of mountains, clean air, outdoor activities and clear blue sky is amazing. Just have a look:

5. Security. There were plenty of security things that I learned in 2018. Went to a few classroom training sessions (CISM, CISSP, TLS), passed some challenging certification exams, and realized that (IT) security is a fascinating domain with a lot of brilliant people.

The IT industry rocks (as one of the security guys that I follow said today), and on top of that, the security aspects make things much more interesting to watch.

6. Simona Halep: not only for finally winning her Grand Slam, but also for having the capacity to remain competitive for a long time: never dropped out of the top 10 for over 5 years and currently number 1 for more than a year (with a brief 4-weeks interruption). Well deserved and very inspirational.

Simona Halep, Roland Garros 2018, Simple Dames, Finale, Photo : Nicolas Gouhier / FFT

7. Two series: Breaking Bad and Better Call Saul. I enjoyed watching Breaking Bad when it was released on Netflix, and found the Better Call Saul a very good continuation of the series. Now that Better Call Saul is over, I went back to re-watch Breaking Bad – it’s amazing how a few years and another prequel change the perspective.

https://breakingbad.fandom.com/wiki/Mike_Ehrmantraut

8. Jurgen Klopp. He joined Liverpool 3 years ago and built an amazing team around him. One can learn a lot about leadership just by listening to his interviews. Humble and determined, he’s a perfect fit for Liverpool and you can sense how everybody around the club loves him.

https://twitter.com/stuffIfc/status/1079432962062671873/photo/1

9. The iPhone X – because the dimensions are finally right, and, more importantly, because its camera allowed me to take some amazing photos throughout the year: https://www.flickr.com/photos/dorin_moise

10. Tesla Model S. Finally, I left this at the end because it offered me some very mixed feelings. As I said in a recent post, the car is really amazing and it offers an experience that you will not find anywhere else. But the quality of the support services is disappointing here in Belgium. I hope that things will improve, even though I’m not holding my breath.

Here’s for a brilliant 2019 and remember, in the end it’s all about getting better.