« Munger Interview with Stanford Law | Main | Schadenfreude in the Cloud »



OMG! All I hear all day long is how we don't need encryption on the "trusted internal network". Now we don't need it outside the internal network either? I'm closing all my accounts and putting my money in my mattress.


T. Rob - rest easy, Nebraska Furniture Mart introduced a "Nervous Nellie Mattress" with a night depository slot to keep all your money in your mattress



another thing about the "trusted internal network", you frequently hear this from companies with 50,000 or so employees, hundreds of b2b connections and web-facing front ends. I usually ask - if you lived in a town 50,000 people would you lock your door? would you have a police force? would you leave your jewelry on the front lawn?

I have never understood why people are so good in the physical at developing separate protection models for jewelry and hockey sticks, but in the digital world the jewelry and hockey sticks get the same "trusted internal" treatment.


Lots of random thoughts in response...

Got to get me some o' dat Nervous Nellie mattress! I suppose the bearer bonds are not included. :-( I must admit, when I first read "mattress with a night depository slot" I thought you were going somewhere else. Although, I suppose that model would be a top seller. Patent time!

And I love the town analogy. I may start using that. Up to now I've been comparing it to sending mail in post cards versus envelopes. Nobody making these recommendations pays their bills on post cards. They send the checks inside of envelopes and that's a messaging system with at least an order of magnitude less exposure.

I once toured the police station with a pack of scouts. You know the police have lockers with locks on them? You might think that shouldn't be necessary but sometimes it's as much about accountability as it is about security.

According to this post at BankInfoSecurity ( http://www.bankinfosecurity.com/articles.php?art_id=1455&pg=1 ) VISA are looking at end-to-end message-level encryption. Someone should tell them about physical access controls and background checks before they waste a lot of time and money.

On the up side, this job wouldn't be nearly so rewarding if it wasn't also challenging.


wow -- can you say copyright violation?

The comments to this entry are closed.