Become an IT security guru in 10 steps

Become a legal IT security expert doesn’t need a lot of effort and, with the due care, you can build your legend in a short time-frame following ten easy steps:

  1. learn the lingo (security is a process, not a product; don’t use simply-to-guess password, is your company ISO-27000-1 compliant? and so on),
  2. give yourself an “authoritative” demeanor and look (always talk in a “visionary” way, making people feel like they still live in the stone age) and dress accordingly,
  3. Talk legalese with techies, technical with lawyers,
  4. attend (possibly) international IT technical, legal/management conferences and try to get as much pictures as possible? of you with reputable people although they don’t know you, and regularly update your facebook/google+/blog with those pictures,
  5. try to give a speech at some university students association, so you can claim to be an “invited speaker” at the university (without mentioning the name, of course),
  6. create your own “digital-something organization”, become its chairman (and sole member, BTW) and champion for digital human rights,
  7. flood the newspapers with press-releases that will be regularly ignored until some journalist that is out of time to finish an article stumbles upon your statement, thus promoting you at the level of “source”
  8. try to catch-up with some low-level civil servant involved in trivial stuff related to the trade, give him some vapourware hint that makes him look smart at work, and use him as a source of petty-information that let you look like you’re part of the “inner circle”,
  9. try to have as much as possible Linkedin connection,
  10. get the European Computer Driving License (at least, you must know how to switch on a computer to work in this field, don’t you?)

By following these steps you start a loop where your legend become more and more solid up to a moment when you will be considered a “guru” and nobody will ever check your actual background.

And don’t worry, if you ever get a client, as soon as you stay stick to these ten commandments you’re safe: nobody will ever challenge the outcome (if any) of your work, because nobody will ever admit to having being fooled into hiring a fake…

Why Italy Already Lost the World(Cyber)War

We (Italians) can of course continue to lure ourselves into believing that dealing with “password policies”, “critical infrastructure committees” and “mandatory security measures” – just to name a few buzzwords – is enough to grant a decent level of security for our networks.

We can continue, after twenty years, to listen at – and say – the very same bull… stuff we used to say in the pre-internet era about ICT security (don’t use easy passwords, don’t write it on a post-it, use an anti-virus, etc.)

We can, definitely, keep going in waiting for the next “IT guru” or “magic box” that will make the bad guys disappear from our computers.

But we still continue using flawed software and operating systems without making the software houses pay for their faults (disguised as “features”.)

We still buy things and boxes (read: hardware) believing that just because of that “we are safe”.

And we still keep a blind eye to the actual quality of the IT security in public institutions.

Two options as a conclusion: we’re either stronger than we appear to be or we are incredibly lucky.

But luck doesn’t last forever, and we need to be lucky every single minute of the day, while the attackers, just once.

The Web is ISIS’s Nuclear Bomb

The Web is ISIS’s Nuclear Bomb. This is what Loretta Napoleoni, author of books on the economic side of terrorism, wrote in an article for the leftwinger Italian newspaper Il Fatto Quotidiano.

Napoleoni claims that – as the Marxist ideology did in the past with the “word-of-mouth” or, better, “word-of-book” – ISIS’s propaganda gets its power from a new “ideology-spreading-tool”: the Internet, and thank to the Internet will last, no matter what:

Even though, hypothetically, we should succeed in taking out all of ISIS’s warriors by bombing them and killing al Baghdadi, the ideology that these people have created and their universal message will last on the Internet. 1

I don’t have enough authority to challenge the curious association Napoleoni did between Karl Marx philosophy and ISIS’s vision of the Islamic religion, but I find grossly superficial and offensive for the victims of (every) war to compare “the Web” to a nuclear bomb.

As I wrote in a post, war is made of bullets, and bullets hurt as do (nuclear) bombs. Bombs make carnage, slaughters, shred a human being in pieces, burn, annihilate, vaporize, wipe communities, blindly kill innocents, pollute lands for centuries or millennia (ask Hiroshima and Nagasaki survivors for additional info, just in case.) E-mail, newsgroups, chats, FTP (yes, Napoleoni, the Internet is not only made by HTTP) are tool of freedom designed by free people to give humans a free chance to communicate with no physical and social barrier.

Those like Napoleoni – and her cultural associates, member of the “Internet-as-a-threat Club” – should simply accept the fact that ideas are countered (and sometimes, fought) with ideas and that the worst way to challenge a disturbing statement is to censor it.

The idea that a sole statement might change somebody’s personal philosophy up to turning him into a human bomb carrier is simply wrong. Change of mind happens by way of? tragedies, loneliness, apartheid and injustice and not because of a tweet.

As per the “Internet Patrolling” advocated (not only) by Napoleoni – though sadly labelled by her as ineffective – again, let’s go back to basics: as the East Germany, Russian and Italian political police history show, to fight an enemy and prevent attacks there is no substitute for an actual, massive, ruthless and pervasive physical control. But t this is disturbing and, rightly so, nobody in the Western world is available to give a government so much power.

And here comes the brilliant solution: let’s fall back on the Internet and blame “the Web” as a radicalization tool.

No, Napoleoni, ideologies will not last because of a blog. They will stand until there will be inequality in world, it means until the end of time.

  1. Orginal text in Italian: Anche se, ipoteticamente, riuscissimo a stanare con le bombe tutti i guerrieri dello Stato Islamico e a far fuori al Baghdadi, l?ideologia che costoro hanno creato ed il loro messaggio universale in rete rimarr?

War is fought with bullets

True, the monumental unscrupulousness of the ICT business (which sells systems
without concerns for the security side), and the na?vet? of its clients (trusting hardware instead of good practice and appropriate security processes) built today’s western digital infrastructure as a Colossus with feet of clay.

True, this made the Western World a soft target for computer-related criminals and terrorists.

True, a lot of damage can be done in a short time by a committed digital strike.

But don’t forget that war is fought with bullets, real bullets.

And bullets do hurt.

Italy To Storm Playstation Networks? The Steve Jackson Game Case Strikes Back

According to Andrea Orlando, Italian Minister of Justice, Italy plans to fight? the war on terrorism on Playstations.

In a press conference, Mr. Orlando said that new technologies are exploited by terrorists, and it is imperative to keep pace with the innovation, by allowing the capability to wiretap chat (whatever this means) and Playstations.

Apart from the merit of the issue (we might either agree or not about the strategy, but this is a horse of different colour) what matters is the clear uneasiness of the Minister in? talking about topics he’s clearly not knowledgeable in.

I really wander how the law enforcement agencies will be able to extract something useful by wiretapping network games that deal with assaults, terrorist actions, covert operation and so on.

Will they be able to sort the truth from the game?

Are we on the verge of a new Steve Jackson Games scandal?

The usual approximation showed by a politician in charge of taking the lead on technology-related issues shows that key decision on such a sensitive matters are made elsewhere, by someone else not at all well versed in the matter. And it would be interesting to know who this “Mr. Someoneelse” actually is.

To have a better grasp on the operative issues before talking to the Press,? maybe it wouldn’t had been a bad idea? for the Minister to spend some spare time playing Call of duty or Splinter cell.