Hitachi ID Systems Blogs

Interesting article at:

http://nakedsecurity.sophos.com/2011/02/16/lessons-to-learn-from-the-hbgary-federal-hack/

Seriously? “it’s critical that different passwords are used for different accounts” ?

What ever happened to usability? Real users are human beings, who have enough trouble remembering a single password that changes every couple of months, never mind 20 different passwords.

It’s better to:
(a) synchronize passwords
(b) make the single password strong
(c) change the single password often
(d) find and replace applications where the password database might be compromised

The real problem at HBGary (aside from the unpleasant contract they took on) was their use of a vulnerable CMS. Come on guys – that’s just dumb. Ever heard of vulnerability management? HIDS? NIDS? *That* is where the domino effect started.

Just watched the rest of the first Jeopardy game
between human champions and IBM’s “Watson.”

Brilliant on two levels: as a natural language processing engine and as a marketing campaign for IBM. They managed to inject so much promotional material into the show that they had to spread 1 game over two TV time slots, despite the game being played at lightning speed.

The human players didn’t stand a chance – they probably knew as many correct answers as the computer, but couldn’t ring in as quickly.

I was also impressed by Watson’s programming – they set it up to poke fun at the end, gambling a very small amount on the ‘final jeopardy’ category and (I think) intentionally offering an incorrect answer. A joke? Feigned humility? It was a very human programming decision, in any case.