the magnets made me do it!

Can human morality be manipulated with magnetism?   According to some scientists from some rather august institutions, yes.

It seems that when a particular region of the brains of their test subjects were exposed to powerful magnetic fields, their assessment of how morally correct an action taken by a character in a story shifted from being focused on the morality of the act itself to being more focused on the outcome of the act.

Pretty strange stuff… I wonder how long it is going to take for someone to plead “not guilty by reason of magnetism” in court.  More importantly, does this finding point to a deterministic model of the mind?  Is that hunk of gefilte fish in our heads just a machine that operates using a yet to be discovered program?  Is all of man’s creativity just the “smoke” emitted by that machine?  Will my wife believe that I forgot to take out the garbage due to a fluctuation in the Earth’s magnetic field?  These are the questions which vex me… meanwhile, time for a new hat, just in case…

the magnets made me do it!

a plea to security vendors…

Have I got a deal for you...

Every day, I get at least 5 emails from vendors wanting to set up a meeting or web demo of their latest and greatest product as soon as possible.  Of these, two or three will be totally unrelated to security.  The rest are security related, but almost all of the messages are obviously canned (some with the wrong salutation as a result of mail merge errors).  The vendors sending them have no idea what my company does (no, I don’t care about PCI compliance as we are an institutional brokerage) and tend to be from obscure companies.  I usually ignore these messages, and block the sender from further contact.

Every once in a while, a vendor does something to distinguish themselves from the pack… the other day, a salesman for a vendor who shall remain nameless sent me a canned “I would like to arrange a meeting with you” message, which I opened, looked at and deleted.  There must have been a web bug in the html, because this email was followed by a message which stated that the salesman “noticed I had read the email” and reiterated the request for a meeting.   Bzzzzzt!

I find this kind of behavior invasive and creepy and that particular vendor will need to be offering a machine that turns water into gasoline before I will want to talk to them ever again – and I would insist on a different salesperson.   It is one thing if I visit your web site, provide my contact information and give you permission to email me, but to spam me and then spy on me puts you and your company on the fast track to al-blivion as far as I am concerned.

Salespeople, I understand that you guys have a tough job and that recent economic conditions have made that job tougher.  But please realize that sending spam (while quite effective for dodgy pharmaceutical sales, offers of great wealth from Nigerian princes and attempts to infect PCs with malware) is not how to sell enterprise security products that cost tens or hundreds of thousands of dollars.  Want to sell to me?  Get a good reputation and good PR – I will find you.  If you are going to contact me, take a few minutes to learn something about my company before you email.  And don’t cold call me – all I can think of when I get a cold call from a salesman is Jack Lemmon in Glengarry Glen Ross.

Rant over…

a plea to security vendors…

Der Fuhrer on Cloud Computing Security

Here’s a cute (if somewhat tasteless) video of Hitler learning about Cloud Computing Security in the bunker.  This gem comes from security industry iconoclast Marcus Ranum

On a side note, this scene from the (excellent and disturbing) movie Downfall, has been total Internet gold (warning – some salty language within)…

Hitler responds to the iPad

Hitler gets deleted from Facebook

Hitler’s Nightly Build Fails

There are a million of em…

Der Fuhrer on Cloud Computing Security

CSOs need to walk the walk before they talk the talk

According to this article from CSO Magazine’s web site, “several security execs expressed surprise” over the CISO of the Commonwealth of Pennsylvania found himself unemployed after making a speech at the RSA Security Conference describing a cyber security incident at his state’s motor vehicle agency without getting prior approval.  As a CSO myself, I don’t understand why anyone is surprised – I think that this firing was pretty easy to predict and, unfortunately, deserved.

Yes, the incident that the CSO talked about was pretty minor – it involved what sounds like an application error that allowed some people to jump the line when scheduling driving tests – but that is not the point.  Like most organizations, Pennsylvania’s government has a policy requiring employees to get prior approval before disclosing official matters.  I am sure that the CSO was aware of this policy and as a security professional and as a C level employee, he had a dual responsibility in this matter – to follow policies like any other employee and to set an example for others in his organization to follow in security matters.   He also had a responsibility to protect the image of his organization… at the very least, before speaking about this kind of an incident in public, he should have made sure that management was on board and that there was a public relations plan for any negative blowback.

Could this incident have been discussed in public without the need for firing?  I think so, although the final decision should have come from management.  Had the CSO given them a chance to weigh in, his participation in the RSA panel could have been a positive event for the DMV – showing lessons learned and all that.

If this particular CSO reported to me, I would have some serious questions about their judgment and their ability to safeguard confidential information.    I think it would be really difficult to regain that trust after this kind of incident.

Don’t get me wrong – I feel badly that this person was fired – this was probably one negative incident in a career filled with accomplishment and service.  But in the end, he made the choice that ended his employment.

OK – I just can’t resist one thing…  The Security on this site page of the DMV’s website recommends the use of Netscape Navigator 4.7 or IE 5.0 or greater as secure browsers and then goes on to tout the agency’s use of the “most recent versions of security software”…  DOH!

CSOs need to walk the walk before they talk the talk