It is often remarked that Information Security specialists are so good at their work that they lock out all threats, including the users. Meanwhile the rest of the world has moved on and done things like insecure browsing, insecure email, google datawarehousing of every of your clicks, and Facebook. These ideas are worth billions in the right hands!
What happens when Information Security people wake up and smell the future?
I recently was invited to join a social network of Information Security people and got a chance to find out. I entered some few brief details in their browser interface. Let's be clear here, just because I was invited to a social network doesn't mean I am going to expose myself to phishing, mindlessly misdirected employment advertising, and other failures of the information age. So I entered some brief words such as the stuff that you already know from reading the blog.
Unfortunately this wasn't open enough for the newly-socialised IS people:
Could you please provide a more complete biography and photo? We have been trying hard to encourage the social part of the network and that is difficult when people are reluctant to provide information. I'm sure you will appreciate there needs to be a certain amount of disclosure in order to encourage mutual trust.
Just to be clear, *I totally agree with that sentiment!* I've worked all my life in the old meatspace equivalent of social networks - teams - and building trust is something that is done with disclosure. (In an appropriate setting.) So let's just sweep away all the Internet heebie jeebies of Identity theft, win-win negotiation, rule of threes, and so forth, and let me in.
I wanna disclose, guys, I wanna do it like I saw on those Hollywood movies where we all tell our story to a circle of tearful audience! Problem is, I can't:
From: Some nice guy <email@example.com>
To: Iang <firstname.lastname@example.org>
Subject: Some nice guy has sent you a message on Information Security...
Once you have provided this information we will be pleased to grant you access and look forward to you taking an active part in contributing to, and promoting, the network.
To reply to this message, click here: http://infosecuk.ning.com/profile/Some_nice_guy/?xgp=messages
To control which e-mails you receive on Information Security, go to:
I can't reply to the message, or more precisely, all replies to public email addresses are binned. Because of Information Security, as we know -- spamming, etc. OK, so I click on all the links, and it says:
Your Profile is Pending Approval
Hello, Iang (Sign Out)
Your profile details must be approved by the Administrator before you can become a member of Information Security. You will receive an e-mail once your profile is approved.
Clunk. This happened a few weeks ago and I'm now stuck with receiving a stream of well-meaning messages asking me to communicate with them, but they aren't listening. It's like being married; information security has now entered into a deadly embrace with social networking, and the result is enough to make one shave ones head and become a monk.Posted by iang at May 26, 2008 07:06 AM | TrackBack