links for 2005-09-07

The keys to your data

It has been a while since I tapped out a post on security and privacy but today I read several posts that got me inspired again.

Bruce Schneier (thanks for Kim Cameron for the pointer) picked up on the two sets of stolen keys for the Sydney train system that allowed the thieves access to all trainings on the City Rail network. Now the inspiring portion. I read the story and thought how funny, Bruce saw a completely different take global secrets. Now after reading Bruce’s item on global secrets I can now see correlation back in the HR/Payroll space (personally I find this cool how ideas build on each other but that could just be me).

A global secret for all of the non technical readers is a secret that once known either allows you access to everything and you either have or you don’t. Kind of security talk for you are either “in” or “out”. For obvious reasons they are bad, but you would be surprised how often they are used. For example how many people use the same password everywhere, this is your own personal global secret, once the password is compromised then everything is compromised.

Now within an HR/Payroll space this gets interesting. Now I don’t want to scare anyone but you need to beware of the security landscape for your core HR/Payroll system. Is there a global secret for your core system? Do you use your own personal global secret for the access to the core system? Now taking this further what about your IT department. Do they operate with a global secret for the database or your application? Maybe you should ask.

Another item that got me pumped was Kim Cameron’s experience with being tracked by his bluetooth phone! During a recent conference a series of scanning devices installed in the presentation rooms as an experiment to track conference participants. While Kim seemed a little miffed he understood where they were coming from and was in fact used as an example during one of the last sessions where on a presentation slide mapped his movements during the conference, including when he ducked out to take a phone call.

Now that is scary! But apparently easy to do, the average IT geek could probably hack together such a system in your office without you knowing. Where does that leave the company and you from a privacy point of view, what sort of industrial issues could it create if not properly managed.

More on GoDaddy

Well after a week of going around the table I have cancelled the GoDaddy service. I guess it was just not for me.

I ended up having to use a command line interface for FTP as the 3 different FTP clients kept dropping connections and then immediately trying to reconnect. When they tried to reconnect they seemed to trip the limit set by GoDaddy of 3 concurrent connections for FTP traffic. Once this happened I was locked out of the account for anywhere between 10 minutes and 1 hour depending on how many connection attempts the FTP client undertook before I closed it down. I just do not know why this is the case, maybe there is some for of queuing going on.

I also conducted several trace routes for technical support. Which seemed to me to be fine on my side but according to them there was a problem with my ISP causing latency. In looking further the issue does not seem to be with my ISP, the packets leave them on the 3rd hop, and go off the Sprint undersea cables between Australia and US which is where the latency begins.

There also seemed to be some confusion within the support team ab0ut which services support DNS wildcard aliases and which did not, a service I really need and was willing to pay for.

Anyway to cut a long story short I have cancelled the service and will look somewhere else. I filled in the survey as to why I cancelled, and they refunded my money. So we are all square which it great. In hindsight maybe I am just a difficult customer or maybe I did not research the service enough. I guess I will never know.

In a real positive spin I have also received an email from Laurie Anderson from the “Office of the President” for GoDaddy looking for feedback on the issue. Great kudos for this and thank you.

Students who actually think!

Anne Bartlett-Bragg (one of the organisers of BlogTalk Downunder) was interviewed recently by Anna Salleh from ABC Science Online about her research in blogs and education that she has been conducting for her PhD. Her quote “I say, I’m sorry, I’m making you think. Isn’t that why we’re here?” made me laugh, so many people just don’t want to think as it is hard!

While only a short item it did raise several points about blogs, while the research is focused on students I suspect the findings would also hold true for general blogging (apologise to Anne if she has found they don’t).

  • They help people think more critically
  • They are interactive
  • They engage people in debate, even people how normally sit on the sidelines
  • They have to be responsible about what they post
  • Not all blogs are credible, and just cause it is published doesn’t mean it is true
  • They help you manage your ideas in a way never done before

links for 2005-09-06

links for 2005-09-04