Bravo Perspectives: Risks by Sam C. Chan

April 28, 2014


As you can see, the odds of a category 4 user being breached on any given day is 1 in 50,000. That is: under extremely lax, near-zero IT control—has admin password to elevate, no perimeter firewall outbound restriction, no group policy, no proxy server, no URL blocking, and OS auto-updates disabled.

Yeah, yeah... we're constantly bracing for the onslaught of the next wave of victims. But, that's life... yawn...

  New Victims expected within...

Next Yearly Next Day
Internet users worldwide 35,000,000,000 210,000,000    700,000
Internet users in the USA 275,000,000 1,650,000    5,500

Ignore the noise.

My industry is worse than the auto repair trade of the 80s and pretty much just like the medical industry at the turn of the century. Vast majority of the practitioners range from mediocre to fraudulent.

High fudgeability + ubiquity = charlatans aplenty


Sam C. Chan  2004, on Technology


Once in a great while, a real and applicable issue comes along, and those garden variety mountebanks hardly bat an eyelid, as they fundamentally lack comprehension. They prefer instead, to hop on the bandwagon and milk the sensational talking points all they can.

My partial list of pertinent concepts:

  • attacker's perspective: impetus, payoff vs. efforts threshold
  • targeted attacks vs. random exploits vs. pranks
  • exploiting technical vulnerabilities—naturally ineffective, thus oft eschewed
  • social engineering
  • low-hanging fruits
  • defense in depth—delay, alarm, discourage, isolate, preserve
  • scenario applicability
  • security in obscurity
  • futility of brute force, both in offense and defense
  • irrelevance of particular products—it's the nature of things, stupid!
  • invincibility is illusive (and needless in the first place)
  • perils of promiscuous patching
  • dearth of basic comprehension and perspectives
  • don't conflate "authority"/publicity with knowledge
  • perfect air-tight system of perpetual waste, deceptions & mutual destructions (government, media, pundits, click revenue generators, product vendors, consultants, IT directors, hobbyists and computer handymen)

Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us