It seems that when a particular region of the brains of their test subjects were exposed to powerful magnetic fields, their assessment of how morally correct an action taken by a character in a story shifted from being focused on the morality of the act itself to being more focused on the outcome of the act.
Pretty strange stuff… I wonder how long it is going to take for someone to plead “not guilty by reason of magnetism” in court. More importantly, does this finding point to a deterministic model of the mind? Is that hunk of gefilte fish in our heads just a machine that operates using a yet to be discovered program? Is all of man’s creativity just the “smoke” emitted by that machine? Will my wife believe that I forgot to take out the garbage due to a fluctuation in the Earth’s magnetic field? These are the questions which vex me… meanwhile, time for a new hat, just in case…
Every day, I get at least 5 emails from vendors wanting to set up a meeting or web demo of their latest and greatest product as soon as possible. Of these, two or three will be totally unrelated to security. The rest are security related, but almost all of the messages are obviously canned (some with the wrong salutation as a result of mail merge errors). The vendors sending them have no idea what my company does (no, I don’t care about PCI compliance as we are an institutional brokerage) and tend to be from obscure companies. I usually ignore these messages, and block the sender from further contact.
Every once in a while, a vendor does something to distinguish themselves from the pack… the other day, a salesman for a vendor who shall remain nameless sent me a canned “I would like to arrange a meeting with you” message, which I opened, looked at and deleted. There must have been a web bug in the html, because this email was followed by a message which stated that the salesman “noticed I had read the email” and reiterated the request for a meeting. Bzzzzzt!
I find this kind of behavior invasive and creepy and that particular vendor will need to be offering a machine that turns water into gasoline before I will want to talk to them ever again – and I would insist on a different salesperson. It is one thing if I visit your web site, provide my contact information and give you permission to email me, but to spam me and then spy on me puts you and your company on the fast track to al-blivion as far as I am concerned.
Salespeople, I understand that you guys have a tough job and that recent economic conditions have made that job tougher. But please realize that sending spam (while quite effective for dodgy pharmaceutical sales, offers of great wealth from Nigerian princes and attempts to infect PCs with malware) is not how to sell enterprise security products that cost tens or hundreds of thousands of dollars. Want to sell to me? Get a good reputation and good PR – I will find you. If you are going to contact me, take a few minutes to learn something about my company before you email. And don’t cold call me – all I can think of when I get a cold call from a salesman is Jack Lemmon in Glengarry Glen Ross.
According to this article from CSO Magazine’s web site, “several security execs expressed surprise” over the CISO of the Commonwealth of Pennsylvania found himself unemployed after making a speech at the RSA Security Conference describing a cyber security incident at his state’s motor vehicle agency without getting prior approval. As a CSO myself, I don’t understand why anyone is surprised – I think that this firing was pretty easy to predict and, unfortunately, deserved.
Yes, the incident that the CSO talked about was pretty minor – it involved what sounds like an application error that allowed some people to jump the line when scheduling driving tests – but that is not the point. Like most organizations, Pennsylvania’s government has a policy requiring employees to get prior approval before disclosing official matters. I am sure that the CSO was aware of this policy and as a security professional and as a C level employee, he had a dual responsibility in this matter – to follow policies like any other employee and to set an example for others in his organization to follow in security matters. He also had a responsibility to protect the image of his organization… at the very least, before speaking about this kind of an incident in public, he should have made sure that management was on board and that there was a public relations plan for any negative blowback.
Could this incident have been discussed in public without the need for firing? I think so, although the final decision should have come from management. Had the CSO given them a chance to weigh in, his participation in the RSA panel could have been a positive event for the DMV – showing lessons learned and all that.
If this particular CSO reported to me, I would have some serious questions about their judgment and their ability to safeguard confidential information. I think it would be really difficult to regain that trust after this kind of incident.
Don’t get me wrong – I feel badly that this person was fired – this was probably one negative incident in a career filled with accomplishment and service. But in the end, he made the choice that ended his employment.
OK – I just can’t resist one thing… The Security on this site page of the DMV’s website recommends the use of Netscape Navigator 4.7 or IE 5.0 or greater as secure browsers and then goes on to tout the agency’s use of the “most recent versions of security software”… DOH!