Blog – Page 95 – Andrea Monti

March 28, 2014

Iphone for Business? At Your Own Risk

Buying a Iphone as a business tool from a mobile operator is – at least in Italy – a problematic issue.

As I have personally experienced, if the devices breaks after the first, Apple granted, warranty period, you can’t do anything else but drop it in a local store, having shipped to a repair facility, and hope for the best, without being given a spare device.

The conclusion is: before subscribing a plan that includes an Iphone, do check if the mobile carrier is offering some insurance or other form of assistance (of course, at extra-cost) that doesn’t let you naked in the middle of Trafalgar Square on New Years Eve.

Here are the facts:
– On Nov. 2012 I purchased from Vodafone Italia an Iphone 5 with a 24month voice and data plan,
– The warranty is on behalf of Apple for the first 12 months, and on behalf of Vodafone for the next 12
– The battery of the phone died and I asked an official Apple centre if they could change (upon payment) the battery,
– The Apple Centre told me that since the phone is now under Vodafone warranty they can’t even touch it,
– I called Vodafone and they told me to give them the phone, with no actual idea of the time needed for the repair (to be on the safe side, it shouldn’t be less than a month) without giving me a back up phone.

That said, my option are:
– stay possibly one month waiting for the Iphone to come back. But this is impossible: it’s a work tool, so I should buy another Iphone in the meantime. Why should I care – then – to repair the first one?
– buy a new smartphone. Again, why should I repair the old one?
– change the battery on my own, losing what lasts of the warranty and risking to break it. Spend money, finally buy a new phone.

Thus, whatever the option, to solve my problem I’m supposed to buy a new Iphone just because there is no way to just change a died battery of an otherwise perfectly working device. Maybe this business strategy might work for a consumer that can just wait for the smartphone to come back from the repair garage, but it is non acceptable for a business user.

March 26, 2014

The Italian Approach on Cyberwarfare: paper-based security

From time to time, cyberwarfare surfaces on the ocean of the useless Italian political and sub-political talks.

Last week, waiting my turn to talk in a conference, I’ve heard a speaker claiming to “knows best” ? that said that in five year Italy will have its set of actual guidelines to enforce ENISA standards, advocating a stronger tie between industries and a government committee on critical infrastructure and all the usual vaporware that comes with the topic.

I stayed speechless while losing the count of the times that – in about 27 years on the field – I’ve heard such kind of nonsenses. These people care about the colour of the windows’ curtains while there a house still to be built. They think in term of “national committee”, “global report”, “breach notification” while they still have to succeed in convincing people in not leaving passwords on a monitor-stuck post-it. This reminds me a sketch from “I Maniaci“, an Italian movie from the Sixties, where His Excellence Micozzi, ministry of defense (actor Raimondo Vianello) alwyas followed the journalists questions’ by saying “we shall appoint a committee to look further into the matter”, even the day he was cautioned for alleged wrongdoing.

While the movie was supposed to by a comedy, seeing it today doesn’t elicit a laugh. The security issue ? is serious because, when the Echelon scandal exploded, we could claim that it was a relative threat to Italy since our communication infrastructure and our reliance upon were from stone-age. But now things have changed enough to allow an attack(er) to actually endanger Italy as a country. And I can’t stop thinking of ? the Italian approach being like a politburo of some (former) Eastern Block country, talking about Marxist orthodoxy while people in the squares was taking down Lenin’s statues.

We shall appoint a committee to look further into the matter.

March 23, 2014

The Security Excuse

This is a close-up of a banner belonging to the Prefecture de police, Paris, Rue de la citè.

Actually this banner says nothing special but what a public police power is supposed to do; nevertheless ? – as I wrote commenting the picture – I don’t know why, but every time I hear a public power saying that he cares about me I feel a bit worried.

March 21, 2014March 21, 2014

Security is not a process, is a product

No, I didn’t do a mistake. I actually meant that security is product and not – as the mantra we hear since decades – a process. Truth is that company departments are governed by this god called “budget” and failing to fully spend it means that at the next round the financial controller will bash it, thus lowering the status and the power of the involved IT or security manager.

So monies have to be spent but how? Not on consulting or security management, of course. When incidents happen (as they do, more often that we may imagine or hope) the barrel starts rolling and everybody in the company keep it rolling on somebody else’s shoulders. And here comes the catch: nobody will ever be fired for having purchased stacks of “security-branded” boxes like firewalls, intrusion detections tools etc. even if these boxes aren’t properly deployed.

It’s easy to address the incident meeting with the CEO, the HR head and the legals by saying: “look, we purchased the best things on the market, and to be sure that we were safe, we doubled all the components – you know, redundancy, high-availability and those other things required by our security certification. Unfortunately these fucking balcanian hackers know better then the devil itself. But I have already managed how to fix the problem: our supplier has been asked to provide its latest device that will protect us better than ever. BTW, since we’re talking about that, though I got a fair price cut, the thing is costly and I need my budget to be extended. Is for security sake!”

Now compare this statement with what follows: “well, as you know, we didn’t need to spend money on hardware. Our firewalls are still capable and fit, so I focused on the internal checks. I hired a consulting firm to do penetration test once-a-year (can’t do it more often because the company complained that these activities slow down the business), than I had another company to monitor and analyze the daily flow of the traffic we generate (but we have been prevented by the legals to dive much too deep into the origin of the connections, so we don’t actually know where did the trojan come from), I then hired an auditor to check the software installed on each computer in use, but the HR told us that we couldn’t do it on the high level management laptop.”

And here comes the final question: which one security manager is gonna be fired?

March 16, 2014March 17, 2014

The Danger of the New Crusaders and the Risk for the Medical Research

Repubblica.it, an Italian online newspaper, accounts for the cancellation of a fund-raising initiative to collect money for the research on rare disease. The cancellation has been motivated by the fear of riots provoked by animalist activists who object living animals to be used in medical research. This form of terrorism is a dangerous growing trend in Italy, and one of the reasons for this growing is that extreme animalism is not perceived as bad as its “political” sibling (thank to the support given by teen-agers oriented TV channels, politicians and artists.) I don’t see how the opinion of (former)models, self-professed experts with no impact-factor or citation-index or bloggers-on-a-mission should prevail over the facts stated by the major Italian research institution.

Anyway the consequence is that police authorities and the government aren’t taking seriously this issue letting activists to continue threatening the medical and biotech research in Italy. Of course I don’t claim that “every animalist is a terrorist” and I don’t want to enter into the semantics of both words. What I do not find fair is the justification for the use of violence in the name of an idea: the field of history is crossed by enormous rivers of blood because somebody bleieved to be absolutely right, thus taking the burden to “convert” those who disagreed.

As often happens in Italy, this is the result of the a confusion between “ethics” (that is a personal matter) and “law” (that is – or is supposed to be – a tool for balancing contradictory interests.) This confusion is likely to badly affects the feasibility of the scientific research in Italy. I still haven’t collected enough information about how big a disincentive this animalist threat is for the health companies who want to invest in Italy, but the very first hints don’t let imagine a bright future.