Dennis Forbes on Pragmatic Software Development   Subscribe to RSS


About the Author
Dennis Forbes is a Toronto-based software architect. While focused primarily on the .NET and SQL Server worlds, Dennis frequently ventures outside of this comfort zone into game development, Linux development, and image processing. He has been published in several industry magazines, has been quoted in the Wall Street Journal and has been interviewed by NPR.

He is a vice president and lead software architect at an innovative New York City hedge fund back-office services firm.

Dennis has been working on solutions for the financial, telecommunications, and power generation markets for over 13 years.


Recent Entries
Jan 08 - The Embarrassing HD-DVD Debacle And Blogging Exile
Dec 31 - The Best and Worst of 2008
May 21 - Imagine If Apple Acquired Sony
Apr 21 - Being "Bad" -or- The Startup Lottery Ticket
Mar 18 - The Hyperinflation of XMLSpy
Feb 22 - Fibonacci Numbers, Recursion, And Terrible Example…
Jan 04 - Hardware Reviews
Jan 01 - 2007 An Introspective Blog Year In Review
Dec 21 - Benchmark Driven Development - Lies, Damn Lies, an…
Dec 07 - Picking A Side In The HD-DVD vs Blu-ray War


The Feed Bag
Jan 08 - SanDisk's upcoming SSD is a game changer (CES)
Jan 08 - CueCat Part II
Jan 08 - Intel revenue plummets
Jan 07 - Why login attempt lockouts are important
Jan 07 - Unsubstantiated early applause for Windows 7 (AKA …
Jan 07 - Saved by the march of technology
Jan 07 - SOA is dead? Long live SOA!
Jan 06 - Toronto's skyline from 43km away
Jan 06 - A good recipe for project disaster
Jan 06 - This project is still ongoing? Schedule DNF in it.
Jan 06 - F# to ship as part of Visual Studio 2010
Jan 06 - No Market for Start-Ups
Jan 06 - Apple Dips on Lackluster Macworld
Jan 06 - End of Wall Street: What Happens Next (Video)
Jan 06 - Dr.Dobb's Journal Decamps From The Magazine Indust…

 
Friday, May 05 2006
How Secure Is Your Data Part II

Came across the following video yesterday, and it serves as a mildly humorous worst-case scenario of the "How Secure Is Your Data?" entry from a bit back.

http://media1.break.com/dnet/media/content/stolenlaptop.wmv

As laughably over-the-top this professor's claims and grandiose threats are, most concerning to me was the obvious lack of confidence he holds in the integrity of data on his computer (a mobile computer no less, of the sort that close to a million per year are stolen in the US alone).

This computer was obviously stolen while unattended, and if even the rudiments of security best practices were followed -- use of some sort of encrypted file system, be it PGP disk, EFS in Windows, or similar technologies -- he should be able to write it off as a costly and inconvenient loss of some hardware. Instead, his hysterical threats make it out to be a matter of national security, to which every scary government agency will soon swoop down in the black helicopters. The perpetrator(s), we are told, must prove that the data hasn't been tampered with, and that it hasn't been copied (how, pray tell, does one prove that? It's the sort of negative proof that's rather difficult to contrive), and maybe then they won't be sent off to secret Eastern European prisons. Okay, I made that last bit up, but it's along the lines of the hyperbole.

From a professional perspective, I find the diatribe by this professor very self incriminating, hinting at terrible neglect in the management of data (purportedly other people's data as well, which should rightly make those third parties very angry). While it is almost certainly a ruse to scare a reluctant thief into confessing, it's akin to claiming that the guy who stole your car is in big trouble, because you just happen to store nuclear warheads in the trunk -- I'd have more of a problem with the guy with nukes in his trunk than with a petty thief.

Protect your data. Acting surprized when hardware loss occurs isn't acceptable, and is tantamount to gross neglect.

[Miles Archer has rightly pointed out in the comments that this video is a couple of years old. Nonetheless, we've had powerful encryption options for a long, long time. A decade ago I got the senior management, accounting and HR departments of a firm using PGPDisk for confidential data, separating the administration of systems (e.g. system ACLs) from the need and ability to access the data. It worked beautifully. Since then we've had numerous new, and more transparent, options for securing our data]

  IT   Software Development 
Comments  Permalink

Reader Comments

This is a couple of years old. I think it's a UC Berkeley prof. Anyway, I find the bluster pretty typical.

Here's another more recent horror story: http://thedailywtf.com/forums/71199/ShowPost.aspx
Miles Archer @ 5/5/2006 9:59:56 AM

Add Comment

Name *:

Email Address:

(your email address is not displayed)
Website:

Comment *:


Dennis Forbes