Israeli Software

Ian Fleming once remarked how American road signs were so sexy – “winding curves” and “soft shoulders”.

I was thinking of Ian Fleming  taking an unexpected 5K walk at night on the shoulders of a 6 line freeway.

Last night I was driving my daughter’s car on Route 6.   There was a leak in the water pump, engine overheated and I stopped by the side of road and called a tow.

Visualize.  Route 6 South, 2km before the Kfar Daniel interchange. 7pm at night

The tow company (Derachim) told me – up to 3 hours + 60 sheqel surcharge for service on Route 6 – they asked me how I would like to pay and I said – “cash”.  After 1 1/2 hours – the tow shows up, takes the car and instead of taking the car (and me) to our garage in Shilat – he left me by the road side and drove off “to pick up another car in Rishon”.    I started walking, after a brisk 5 km hike – I got a ride from a woman who stopped by the side to change her shoes…. I got my wife on the horn and we rendezvou’d at the gas station at Latrun.

The icing on the cake was a series of phone messages on my cell from the tow company at 1130 pm – saying that they understood I was supposed to pay the Route 6 surchage by credit card….

Help protect your baby by protecting yourself. Our daughter and son-in-law stayed with us over the weekend recently – listening to one of the babies cough, I realized that there is a lot more to life than enterprise information protection and cost-effective data loss prevention.

Walking down the street this afternoon – I could not believe my eyes.

I see this  bike streak by down the main street.

A father riding a bike (with a helmet) and baby in back seat (with helmet) – talking on a cell phone.

Now That’s Foolish and Dangerous.

It just occurred to me – as our partner in Poland was getting ready to drive from Warsaw to Łęczyca for a sales call – that novel H1N1 (swine flu) and seasonal influenza is a great reason to use social media and Web conferencing for customer contacts, sales and support and reduce physical contact and risk of exposure.

Don’t ask me why, but I was invited (and joined) the Pakistan Networkers group on LinkedIn.  I see all kinds of cool job opportunities in the Emirates which I can’t really take but the traffic is interesting.

I saw this picture in a post today from the Pakistan Networkers group. It graphically describes the complexity of ObamaCare:  the Obama health care reform bill.   I then sat down and started to learn more about this proposed solution to the US health care system that will cost over a trillion dollars in the next 10 years.

The Obama Health plan and the problems the administration is currently facing getting it through Congress is second page news here in Israel (front pages this weekend in Israeli papers are how Obama and Rahm are throwing their weight around and dictating to the Jews where they can live and not live….)

I started reading about the House Tri-committee Health Care bill and my eyes started popping at the cost and complexity of the proposal. I then read the response of the Mayo Clinic – Mayo Clinic’s reaction to House Tri-Committee bill and I finally realized that just like in Cyber Security and data loss prevention – the Obama administration is more interested in compliance and big government than customers and health, safety and security.

I’ve been arguing for basing data security product purchasing decisions on value at risk and cost-effectiveness of the DLP product in reducing the value at risk of a data breach. Therefore, it is  obvious to me that the notion of a value-based decision is an important cornerstone in redefining health care – see a discussion on pay for value in health care in the open letter to congress

Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons

Hellman proposes that we need a  third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been reduced by several orders of magnitude from today to an acceptable level.

This makes sense and it’s an intriguing idea as an exercise in risk analysis of information security and data protection to see if there is a third state of reduced risk that where the risk of data breach and major data loss events is reduced to acceptable levels.

That’s one thing that got me thinking.

The second thing is the quote from Fyodr Burlatsky, one of Khrushchev’s speechwriters and close advisors, as well as a man who was in the forefront of the Soviet reform movement:

In Krushchev’s eyes [America insisting on getting its way on certain issues] was not only an example of Americans’ traditional strong arm policy, but also an underestimation of Soviet might. … Khrushchev was infuriated by the Americans’ … continuing to behave as if the Soviet Union was still trailing far behind.

So here we are – 2009 and President Obama is insisting on getting his way on certain issues with the  Iranians, who pose a serious nuclear threat to the world.  But no only Ahmadenijad – the Russians and the North Koreans are also  infuriated by the Americans’ … continuing to behave as if they are still trailing far behind.

If you thought that working in high-tech  is  rough – just consider how tough it is to be a musician in Afghanistan.

JALALABAD, Afghanistan (Reuters) – Taliban fighters beat musicians, shaved their heads and left them tied to trees overnight because they performed at an Afghan wedding, a village tribal chief said Monday, a sign of the fighters’ growing influence. While in power from 1996-2001, the Taliban banned music as un-Islamic.

The militants have returned to areas in the east and south of the country, where violence has sharply spiked in recent years. They attack government officials, Afghan police, foreign troops and schools that teach girls, another practice they forbid.

“A party was going on when a group of Taliban grabbed five musicians and started beating them and smashing their musical instruments,” said Rahmatullah Khan, a head of Merke Khel village in the east of the country.

“The musicians were tied up with rope to trees last night and villagers found them in the morning when going out for prayers,” Khan said.

Khan said Taliban fighters shaved the heads of the musicians and made them take oaths in the presence of villagers that they would not sing or play music at weddings again.

Afghan weddings and engagement parties in rural areas are traditionally celebrated with hundreds of guests, music and singing that often continues until late at night.

(Reporting by Rafiq Sherzad; Writing by Hamid Shalizi)

The Verizon Business Report on data breaches 2009 was released – the data breach investigations report headlines with 285 million data records breached in 2008:

• 91% of attackers were organized crime
• 74% of attacks by malicious outsiders
• 67% of vulnerabilities due to system defects
• 32% implicated business partners

The report must be particularly disturbing to endpoint DLP vendors focused on preventing data loss by trusted insiders on  PCs (  99.6% of data was breached by  attackers attacking servers…. )

My experience with clients in the past 5 years in the data loss/extrusion prevention business has been focused on discovering internal security vulnerabilities and implementing cost-effective security countermeasures.  Our findings (summarized in our Business Threat Modeling white paper) were based on analyzing empirical data of 167 data loss events points a finger at software defects as a key data loss vulnerability. The Verizon business study appears to suggest that the situation has only gotten much worse – i.e. data breachs are rising as software quality is declining.

A conservative estimate in our research showed that 49% of the events exploited software defects as shown in the below table. Theoretically we can mitigate half of the risk by removing software defects in existing applications. The question, which we  answer in the white paper is how.

The Carnegie Mellon Software Engineering Institute (SEI) reports that 90 percent of all software vulnerabilities are due to well-known defect types (for example using a hard coded server password or writing temporary work files with world read privileges). All of the SANS Top 20 Internet Security vulnerabilities are the result of “poor coding, testing and sloppy software engineering

My friend Jacob Richman wrote a page on his web site explaining why he will vote Ichud Leumi (NUP). As a person who has traditionally voted for religious/Zionist parties – I feel compelled to answer Jacob in public.

There are a number of flaws in his argumentations regarding the National Union Party (NUP)

1. The NUP doesn’t have a national agenda – i.e. they don’t have positions on economics, industry, trade, energy, environment, transportation and healthcare in their platform.  They are a “one trick pony”
The country runs on taxes  – without a strong economy the entire question is moot.   I believe that our future is at stake on the economic issues and since the NUP doesn’t even have an economic platform – they are non-starters in my book.

2. The NUP has neither  electoral power nor post-elections political power – which brings me to my third point

3. They are politically weak (and whatever political clout they have is generally wasted on the usual internecine politics endemic to the right and religious parties).  As a result – they will never be able to keep their promise of preserving Erez Israel to their voters.  It’s like me promising you that I’ll go to the supermarket and shop for you without having enough money to  pay for the groceries at the checkout counter.

4. The country is better served with 2 large parties with clear national agendas that represent large portions of the electorate. By supporting the continued existence of small parties like the NUP we weaken the democratic process not strenghten it. Crucial national  decisions must be decided on the basis of a majority vote not on the basis of coalition in-fighting and log-rolling.

Nihilism asserts that objective morality does not exist: therefore -  there is no objective moral value with which to uphold a rule or to logically prefer one action over another.

The wave of the liberal left which swept Western Europe and is now growing in US as the Obama administration takes office, asserts that there is moral equivalence between Hamas terrorists and Israeli citizens in Ashkelon.  In the information security space – by taking a purely defensive posture, we  assert moral equality between  hackers and malicious insiders and the owners of company assets.  You can hack us, manipulate our financial reports or steal our most precious assets, but we will never mount a counter-attack on you – we’ll only take defensive security countermeasures like firewalls, anti-virus and DLP technology and regulatory compliance for privacy and corporate governance.

The wave of what I will “nihilistic security” is washing up the shores of Israel as well. Israeli media are gushing over civilian casualties in Gaza – with the Jewish mothers of the media aiding and abetting the enemy instead of giving succor to the citizens of their own country.

בימים אלו כשבובליל ושפרה הם כבר פאסה יש לנו דמויות חדשות על המסך

Read more…