nCircle.com >> 360 Security

« Is your Primary Value Proactive? | Main | SCADAGard SIG To Be Established »

CONTEXT IS MANDATORY

If the information you are reviewing has no context, ask for it!

When you seek actionable intelligence from a mountain of data, context is everything. Forgive me for stating the obvious but it is a song worth singing. As we process with our senses, context is fundamental to a proper understanding of the usefulness or utility of the information. Science teaches us to present all the information in whole and promote a discussion so that through reasoning, the truth will be discovered. The inverse is the craft of magic. A magician will present only the information set needed to satisfy the trick. I have always been one to question everything. Some call me paranoid, I like to think that I am just hyper-curious.

Why me? Why do I worry so much about the context of everything? Was it nature or nurture that brought me this hyper-curiosity? The educational system that I experienced and for that matter, the one that my children experience does not make it a priority to question everything. The teach-to-test attitude just makes me want to vomit-the-lunch. My child is being presented history in the context of what point of view? What questions should I ask about what I am learning? How should I explore the spatial and temporal relationships? Enough of this education vendor bashing, what am I going to do about it?

I asked my kid, if I tell you that tomorrow, you will have a headache, is that a positive or a negative thing for you? He says "Dude, that would suck, totally negative dad, Duh!" I replied "You have much to learn my young Padawan" in my best Yoda voice. The problem I explained is that you don't know the context of this headache. You may be experiencing a headache as a result of regaining consciousness after a really bad spill on your skateboard. Realizing that anything north of a coma was a good thing I now earned enough of his attention to give him a few other examples for him to chew on.

Who knew that context-switching would be funny?

Like magicians, the author of a joke will exploit the dual meaning (dual context) of a word. This is a simple example but it will do. Step by step, the joke teller will unfold a narrative toward the first meaning of the word and at he last step, the punch-line, he changes the context to the dimension that supports the second meaning of the word. It has been a long time theory of mine that the brain hungers to be fooled. Go ahead, call me a fool.

Exploiting the soft underbelly through the same joke technique

I'll spare you from all my other examples but you get the point. Now, what does this have to do security and risk? I am so glad you asked. Lets start from the offensive side of the equation. If I am looking for weakness to exploit, I am playing the same game as the joker. Not only do I want to identify weaknesses and vulnerabilities, I'm looking for the states in the network that could have more than one context. The best place realm to explore are systems that were engineered prior to the Internet. The designers of these systems had no concept of TCP/IP networks and there will be dual context galore. The same is happening today as iPods are no longer just a harmless entertainment device. The trick is to look to a technology or a device that has a strong primary context and find its alternate context.

Meta-Data is a beautiful thing

Gregory Bateson said in his book Steps to an Ecology of Mind that "In a strict sense, no data are truly "raw", and every record has been somehow subjected to editing and transformation either by man or by his instruments" I whole heartedly agree with this statement. Given the technology of today, we must make sure that all of the context be explicitly attached to the data as meta-data. It is no longer enough to capture information anymore. The captured data must have meta-data attached to it which describes in great detail the context of how the data was captured - the data about the data. What were the settings when it was captured, the state of other dependent sub-systems at time of capture, basically anything that would set the context for the captured data-set.

What is the point? Without explicit context associated with the data, we end up having to gather it ourselves and if you do a good job of this task, people will start to think your paranoid. :-)

CONTEXT OF THIS BLOG POSTING: TK had 3 hours of sleep last night, a great dinner, just got his kids to bed after story-time and thought he would capture these thoughts for the blog

--Tim "TK" Keanini

Posted on May 12, 2005 9:25 PM |

TrackBack

Listed below are links to weblogs that reference CONTEXT IS MANDATORY:

» Small Bits of Chaos: Airports, Junk Mail and Employment Law (Context-free) from Emergent Chaos
Scared Monkeys asks "Could Iris Scanning be Coming To an Airport Near You?" (As if the TSA hadn't wasted enough money on machines that don't work, or seizing zippo lighter cameras.) Maybe the camera in their iris scanner was... [Read More]

Tracked on May 13, 2005 12:19 PM

Search


About

This page contains a single entry from the blog posted on May 12, 2005 9:25 PM.

The previous post in this blog was Is your Primary Value Proactive?.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]