Bacon Bytes for 13-April

Bacon Bytes

Happy Friday the 13th! Or, as I like to call it, “the one day where we hear the word Triskaidekaphobia mentioned”. I’m writing this edition of Bacon Bytes amongst pillars of spilled salt, having entered my office by walking under a ladder and smashing the mirror on the wall. It’s gonna be a good day, I can feel it.

The big news this week was Mark Zuckerberg testifying before Congress. You can read a full transcript of the testimony here. Buried deep in that transcript is a reference to Facemash, the website that Zuckerberg started because he wanted a way to rate the women on campus by hotness. Missing from the transcript is the time Zuckerberg called users “dumb f****” for handing over their private data willingly. Face it, folks, this is a data security and privacy disaster 20 years in the making. This is not a surprise. But we should not be blaming Facebook for what has happened here. We only have ourselves to blame. We’ve known about these privacy issues and risks for decades, we’ve just never understood the risks. With an attitude of “what’s the worst that can happen”, maybe now we know the worst. Sometimes you have to hit rock bottom. If we aren’t there yet, we are close.

In recent years we have seen how IoT security is anything but secure. One of the reasons for this is that companies do not have a financial incentive to make their devices secure by default. The *do* have a financial incentive to sell as many devices as possible and collect data from each device in the easiest possible way. That leads to shortcuts and bad security options. Microsoft announced they plan to invest $5 billion in IoT over the next 4 years globally, which I hope means we will start to see security as a focus. The article doesn’t talk about security, but Microsoft cannot afford a security risk with IoT and Azure.

There are two main reasons why data security is perceived as being bad today. First, because data security and privacy have a magnifying glass on them today, much like shark stacks a few years back. Second, because companies like retailers are not penalized in any way for their part in a breach. Let’s stop giving retailers a free pass on data breaches speaks to this, detailing numerous events in recent weeks that have been but a blip on the radar. We will not get better security until companies feel a financial burden to provide better security.

A conversation I’ve had from time to time regarding Gmail and how they ignore the “.” in your email name. I always found it odd that Gmail would strip out the dot. Now I find it to be a security risk. The dots do matter: how to scam a Gmail user details one way, and I am certain there are others. I don’t believe this is an issue that Netflix, or any 3rd party, should have to fix on their end. The issue is with Gmail, they need to refactor out the chaos monkey they have created.

Speaking of Google, they lost a ‘right to be forgotten’ case this week. With the GDPR looming over everyone next month, I expect we are going to hear similar cases in the coming months. It seems that Google is making an effort to comply with the user requests. However, Google is in the position of having to decide if the request is against ‘public interest’. In the future, crimes will include a “TTS” in the sentence. TTS is “Time To Search”, stating how long the results of the crime will appear in any internet search result.

As if security wasn’t hard enough, companies need to deal with threats from within as well as external. Security breaches are an inside job 25% of the time according to this research. The results detail human mistakes leading to ransomware, theft of financial motives, and espionage. In short, people are horrible. The sooner we can replace them with robots, the better.

“Is curing patients a sustainable business model?” Suddenly I understand why our heatlhcare is so awful. Companies make far more money by keeping us sick.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.