Is Commercial Technology All That Threatening? Colin Rose Quarter Past Five Limited “The Dual Use of Technology” Wednesday 4 th June 2008 SHAPE Club, Mons

Some Themes Requirements Future Development A Commercial Mindset

Some Themes Requirements Future Development A Commercial Mindset

Requirements Understanding what you want? Commodity – Value Proposition How Secure does it have to be? Available Accurate Exclusive Where do “Features” fit into the requirements?

Understand What You Are Asking For Men are from Mars Women are from Venus Business people speak “board-room” IT people speak “server-room” Political people speak XXXX Military people speak XXXX Military requirements must be met Commercial salesmen WILL NOT SAY NO

Some Themes Requirements Future Development A Commercial Mindset

Future Developments Commercial Technology Services Commerce Small Military Fish in Big Commercial Ocean Commercial Drivers Technological Drivers Economic and Market Drivers Are You Happy Being Connected to the Commercial World? E.g. the ubiquitous product update mindset?

Some Themes Requirements Future Development A Commercial Mindset

Commercial Mindset Feature Rich Fix It When It Goes Wrong Adopt and Adapt Technologies

Questions – Not Answers Is Commercial Technology All That Threatening? Could Be!! Understand Your Requirements Understand Your Supplier Forewarned is Forearmed

An Un-Commercial Mindset Commercial V Mercenary Is the Technology Better or Worse? Does it Matter? Is the Solution Better or Worse? This Matters!

Technology Can Get In The Way More information does not mean more understanding Photocopying lecture notes does not mean that you understood the lecture Quotation Game “Don’t be too proud of this technological terror you have constructed.”  Darth Vader

The Enemy Without - The Enemy WithinThe Enemy Within The Enemy of What? (What is it against?) Securing against something? or- Securing for something? Understand what you are dealing with Define your Systems? Technically and effectively. Making Your Systems Work (not just the technology) Who is on your network -  

Alternative Uses of Technology Google – A Case in Point Unofficial Slogan “Don’t Be Evil” But Is a Spoon Dangerous?

Google Hacking

Google Hacking A Note of Caution

What You Could Get Up To ! The Old Times Copyright Confidentiality Anarchy and theft Credit card fraud Telephone fraud Lock picking

More Old Fun Denial of Service Steganography Spoofs and sucksites Virus creation Password crackers Music & Movies

A Word About The Future (Or is that the past?) People Process Technology No matter how much the technology changes, the individuals change, even how much the environment changes. There are still some things that remain the same

To re-cap…. Technology is ambivalent The solution goes beyond the technology Risk management V Risk avoidance Assess all the factors Progress accordingly Technology Value PropositionCommodity ?

Thank You

What are the drawbacks? Of increased user internet and access “Users; who would have them?” Users do not know what to do Users mess things up Users are lazy Users change things Users are a maverick component

What are the consequences? Of increased user internet and access “Users; what would you do without them?” Users need to be told what to do (and what not to do) Users are the main reason why you have a computer network Users are the larger half of your information systems Users can spot problems Users need to be “configured”, you just need to understand how to “configure” them.

Fred Smith, currently on placement, can always be found hard at work at his desk. Fred works independently, without wasting company time talking to colleagues. Fred never thinks twice about assisting fellow employees, and he always finishes given assignments on time. Often Fred takes extended measures to complete his work, sometimes skipping coffee breaks. Fred is an individual who has absolutely no vanity in spite of his high accomplishments and profound knowledge in his field. I firmly believe that Fred can be classed as a high-caliber asset, the type which cannot be dispensed with. Consequently, I duly recommend that Fred be offered permanent employment here, and a proposal be executed as soon as possible. Steganography

Fred Smith, currently on placement, can always be found wasting company time talking to colleagues. Fred never finishes given assignments on time. Often Fred takes extended breaks. Fred is an individual who has absolutely no knowledge in his field. I firmly believe that Fred can be dispensed with. Consequently, I duly recommend that Fred be executed as soon as possible.

Confidentiality Inadvertent disclosure (MS Word)MS Word Cached information (Hotel Phoenix)Hotel Phoenix Revelation Phishing

We Control The Vertical…….

Anyone Want To Go Shopping?

Getting Personal

Keeping it Personal (Not)

Rumbled  !!

What is Google? It’s a Search Engine! Well – Yes But …. There is a Lot More

What Google Is It has Spiders It is a Database There is a Simple Web Interface a BIG Database

Why is the Google Database Interesting? It Records What You Don’t Want it to Look at Robots Robots It Doesn’t Only Record Web Page Where it is e.g. in Title or in URL Where it is e.g. in Title or in URL It Stores Details From Your Servers Allowing us to find what you might not want us to Allowing us to find what you might not want us to If You Mess Up – It Tells The World It Finds Your Target For You

Google Does Draw The Line Slightly

Robots Clicking on this link

From Disallowed List

For The Truly Lazy Among Us The old “script kiddie” mentality G2P.org

Lock (picking) Guide