Underrättelser is a Swedish term for a "correction from below", this is instructive to computer security. In the good old days, information security wrote a top down policy, spun up a few hundred network firewalls, SSL, and generally patched and prayed their way to "security."
Now we know that those top down ivory tower "security" architectures, don't cut it. The corrections in the security architecture come from much lower levels - static analysis to find bugs in the code, secure coding practices to reduce the flaws, and message level security to shrink your security perimeter.
Nice one, and here's another:
Shibboleth.
"Shibboleth is the Hebrew word that literally means “ear of wheat”. In the Hebrew Bible, pronunciation of this word was used to distinguish members of a group whose dialect lacked a “sh” sound from members of a group whose dialect included such a sound. The consequences of getting it wrong were fatal: Today, “shibboleth” refers to words and phrases that can be used in a similar way—to distinguish members of a group from outsiders."
So basically, a Shibboleth is something that you prompt for, and based on the way the response is given you can tell whether the person is part of the secret club or not. The cool part about it is that, at least in the traditional sense, the person being tested was not physically able to say the password correctly.
Very cool stuff.
Posted by: Daniel Miessler | February 22, 2007 at 10:48 AM