<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Like many of you, I went to the theater with a child much too young
and re-watched new and more awesome 3D-Jurrassic Park until they
cried loudly enough to annoy the other theater-goers and wanted to
leave. Because in 3D, those big dinosaur things are scary. And also
that dude gets eaten while on the toilet. <br>
<br>
And, honestly, looking at a lot of the security problems my friends
are dealing with on the defensive side makes me re-iterate that I'd
rather be eaten, while on the toilet if necessary, by a large
reptile than ever try to convince someone that "cloud security" was
possible. How are you going to do anything securely in the cloud,
when the core problem of performance isolation is basically just a
lot of hands waving over a lot of CPU's in the basic architecture of
perfidy that Seymore Cray would have cried to have even dreamed
about. <br>
<br>
I know you all feel the same way about sitting through any
presentations on Internet Scale Performance - except all your IO is
going over a cleartext leased line through both China and Russia
before coming back to you, on machines whose hypervisors are all
corrupted by malware that "can't possibly exist". <br>
<br>
And, of course, what my friends often want to know about is "the
root cause". You can probably see the
former-Saudi-contruction-project-managers that make up a lot of Al
Quada's command structure thinking the same thing. "Maybe if we just
stop using cell phones so much we'll stop getting eating by the
giant beasts that are hunting us?" And you can see Target's new team
using that same tone of voice except in a much nicer cave somewhere
in suburbia. "Hey, if we switch to whitelisting our point of sales
systems, will that prevent hackers from stealing all the credit
cards that people still use to buy their kids giant book bags that
can double as Go Karts?"<br>
<br>
And the answer, is of course, that if you put lots of sugar in a
bowl, flies will find a way to eat it. Life will find a way! It's
the Jurassic Park rule, and it applies equally to credit card
numbers, RSA token key information and State Department cables. The
way to secure your data is not to add layers of encryption and
whitelisting, but in fact, just to make it less valuable. You can
see <a
href="https://www.youtube.com/watch?v=8KAVZEiIjk8&feature=kp">Archer
</a>saying "This is why we get Ants" right here, and it's not a
coincidence that <a
href="https://www.immunitysec.com/products-innuendo.shtml">INNUENDO</a>'s
logo is a big ant head. <br>
<br>
-dave<br>
<br>
</body>
</html>