Friday Apr 17, 2009

The Knowledge Distortion Field

Whispering

I'm sure there's a better term for this - the Knowledge Distortion Field is an observable effect created by those who know something that they are unable to share.

I've noticed it more as a manager as I'm privy to more confidential information such as personal details and management decisions. It's particularly noticeable when you yourself are also aware of the confidential information.

Probing the KDF is a little like the old Black Box game. Asking direct questions isn't allowed, or at least won't get you anywhere. Asking indirect questions or observing actions taken allows you to build up a picture.

Why do I mention this? It's simply something to be aware of no matter which side of the fence you sit. If you are in possession of confidential information be wary of any KDF you generate. If you are seeking that confidential information then quiet observation and indirect probing may help.

If anyone knows a better way of describing this I'd love to hear about it.

Thursday Apr 16, 2009

Why security bugs are different to other bugs

Red Light Way back in 2000 I had the following insight on security bugs and had this weird urge nine years later to share it. I can't believe it's original...

Security fixes are different from every other kind of fix. As every good troubleshooter knows, when problems occur something almost invariably has changed. For most bugs it is something like load, configuration and so on which can be undone.

With security bugs it is knowledge that has changed and a security weakness can't be unlearned by the world at large.

I don't have insights like that very often :-)

About

PeteH

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today