• Ace (unregistered)

    ..and that kind of sums up security in most companies I've worked in.

  • Nagesh (unregistered)

    Linguiça is a popular sausage in Goa state originate in Protugal.

  • Harrow (unregistered)

    "The last step in my performance was to show how much faster their solution was in real-world use. The new smart card unlocked the session in less than a second and Sebastian beamed with pride."

    I think you should have changed one more "my" to "Sebastian's".

    -Harrow.

  • frits (cs)

    The new smart cards, whose distinguishing factor was holding twice as many certificates, are also significantly faster. I'd want those too...

  • Coyne (cs)

    What to say about this?

    I long ago lost count of the number of people I've encountered who were "concerned about security" that have accepted lapses like this.

    I once got in trouble for not locking a door that was adjacent (no kidding: ad-jac-ent) to a door that was permanently unlocked (didn't even have a lock).

  • PedanticPatrickPicksPronounProblemsProperly (unregistered) in reply to Harrow
    Harrow:
    "The last step in my performance was to show how much faster their solution was in real-world use. The new smart card unlocked the session in less than a second and Sebastian beamed with pride."

    I think you should have changed one more "my" to "Sebastian's".

    -Harrow.

    "He was about to apologize and grab an old card from my stock..."

    ...and this "my" to "his"

  • jb (unregistered)

    HPCs. The real WTFs.

  • WC (unregistered)

    Did it 'flat out not work' or did they just not implement it correctly?

    Because if it didn't work, the smart card company should cover the dead cards.

    But of course, it DID work, because he used one at the end to demonstrate.

  • HP PhaserJet (unregistered) in reply to PedanticPatrickPicksPronounProblemsProperly
    PedanticPatrickPicksPronounProblemsProperly:
    Harrow:
    "The last step in my performance was to show how much faster their solution was in real-world use. The new smart card unlocked the session in less than a second and Sebastian beamed with pride."

    I think you should have changed one more "my" to "Sebastian's".

    -Harrow.

    "He was about to apologize and grab an old card from my stock..."

    ...and this "my" to "his"

    PedanticPatrickPuffsPeriodontistPenisPreciously

  • Power Troll (cs)

    My jowls were quivering after I read this article.

  • airdrik (unregistered) in reply to WC
    WC:
    Did it 'flat out not work' or did they just not implement it correctly?

    Because if it didn't work, the smart card company should cover the dead cards.

    But of course, it DID work, because he used one at the end to demonstrate.

    I believe the rhetoric implies that using the working cards with their software system as implemented thus-far (which worked with the previous generation of cards) resulted in nothing happening (or maybe error messages about something being incompatible), because the interface was different between the old and new cards.

  • English Major (unregistered) in reply to PedanticPatrickPicksPronounProblemsProperly
    PedanticPatrickPicksPronounProblemsProperly:
    Harrow:
    "The last step in my performance was to show how much faster their solution was in real-world use. The new smart card unlocked the session in less than a second and Sebastian beamed with pride."

    I think you should have changed one more "my" to "Sebastian's".

    -Harrow.

    "He was about to apologize and grab an old card from my stock..."

    ...and this "my" to "his"

    Not to mention the head of globel security was introduced twice in this story. Really confusing.

  • Mcoder (cs) in reply to WC
    WC:
    Did it 'flat out not work' or did they just not implement it correctly?

    Because if it didn't work, the smart card company should cover the dead cards.

    But of course, it DID work, because he used one at the end to demonstrate.

    The software did 'flat out not work' with the card. Nowhere there it is saying that the card didn't work.

  • LiterateCoward (unregistered)

    Also, maybe my brain just isn't that big- but this was very confusing.

    ..final month of the year-long project, well, that is presumably except for Simon. Up until 48 hours prior, he was the consulting company's corporate liaison who had decided to unexpectedly exit from the project. His departure left Sebastian, a former corporate IT drop-out himself, the project's only possible option to fill his shoes two days before an all-manager status meeting.

    I don't know why it was difficult to comprehend, it just seemed very oddly worded.

  • boog (cs)
    ...two days before an all-manager status meeting.

    This meeting sounds like a total sausage fest.
  • Someone You Know (cs)

    Mark Bowytz, punctuation is important. We can't hear the way the words sound in your head.

  • Matt Westwood (unregistered)

    "I can't, I just can't," he heaved deeply...

    I tell you, if I had a nickle for every time I've heard that...

  • boog (cs)
    "I recently read an in-depth white paper about a new, ultra-secure card that holds double the amount of certificates that your company is implementing."
    By "in-depth white paper", do you suppose he just means an ordinary advertisement he saw in an IT magazine? Maybe a page with the text "New! NEW!! Get the new CardTronix DX400!!! It's faster! It's more in-depth! It's doubleized the number of certificates since the DX200!!!" next to a picture of charts and tables behind secure-looking bars with a giant lock?

    Or maybe the background on the page was white, and he thought that's all that was needed?

  • Spoc42 (unregistered) in reply to Harrow
    Harrow:
    "The last step in my performance was to show how much faster their solution was in real-world use. The new smart card unlocked the session in less than a second and Sebastian beamed with pride."

    I think you should have changed one more "my" to "Sebastian's".

    -Harrow.

    "He was about to apologize and grab an old card from my stock, ..."

    Make that at least 2 "my"'s into "Sebastians"

  • C-Octothorpe (cs) in reply to boog
    boog:
    "I recently read an in-depth white paper about a new, ultra-secure card that holds double the amount of certificates that your company is implementing."
    By "in-depth white paper", do you suppose he just means an ordinary advertisement he saw in an IT magazine? Maybe a page with the text "New! NEW!! Get the new CardTronix DX400!!! It's faster! It's more in-depth! It's doubleized the number of certificates since the DX200!!!" next to a picture of charts and tables behind secure-looking bars with a giant lock?

    Or maybe the background on the page was white, and he thought that's all that was needed?

    Hey, the DX400 was certified by Toilette themselves against, um, back-door cryptographic deserialization double penetration replay injection attacks! . . . Isn't it enough that the card has a pretty hologram with keys or lightening or something else cool looking?

  • kktkkr (unregistered)

    I've learnt not to repeat the same mistake. My luggage combination is on the inside of my luggage.

  • HP PhaserJet (unregistered) in reply to Matt Westwood
    Matt Westwood:
    "I can't, I just can't," he heaved deeply...

    I tell you, if I had a nickle for every time I've heard that...

    ...from boyfriends with performance anxiety? Or is it that they can't finish?

  • ih8u (unregistered) in reply to Coyne
    Coyne:
    What to say about this?

    I long ago lost count of the number of people I've encountered who were "concerned about security" that have accepted lapses like this.

    I once got in trouble for not locking a door that was adjacent (no kidding: ad-jac-ent) to a door that was permanently unlocked (didn't even have a lock).

    I know what you mean. I was about to go upstairs to bed when I locked the closet door. To be sure it was adjacent (no kidding: ad-jac-ent) to the front door, which I left unlocked.

    Here's my address:



    **********, ** *****

  • BentFranklin (cs)

    Good joke, marred by poor delivery.

    By the time I read the last few paragraphs two or three times trying to understand what happened, teh funnay had flown away like the sound of geese as they fly behind a hill.

    I still smirked a little anyway once I got it, but this could have been chortle-worthy.

  • ih8u (unregistered) in reply to English Major
    English Major:
    PedanticPatrickPicksPronounProblemsProperly:
    Harrow:
    "The last step in my performance was to show how much faster their solution was in real-world use. The new smart card unlocked the session in less than a second and Sebastian beamed with pride."

    I think you should have changed one more "my" to "Sebastian's".

    -Harrow.

    "He was about to apologize and grab an old card from my stock..."

    ...and this "my" to "his"

    Not to mention the head of globel security was introduced twice in this story. Really confusing.

    Never met the head of globel security. Wrong story, bub.

  • HP PhaserJet (unregistered) in reply to English Major
    English Major:
    Not to mention the head of globel security was introduced twice in this story. Really confusing.
    I was think they were two different guys, 'cause the writer takes the time to describe him at the end as though he's a new character.
  • Spoc42 (unregistered)

    Not a card security problem, but a security problem in general.

    Some 15 years ago, I worked for a large international bank, on a project that consolidated the balance and P/L sheets of the bank and its daughter companies and affiliates.

    The central accounting department demanded that the final reports be exported to a particular program (name withheld to protect the guilty), in order that they could analyse the data further.

    Our team received a copy of the software to install on my computer (I was the chief analyst and designer of the software) and that of a member of the development team. I created a user profile with password, and started to examine the program.

    Half an hour after installation, one of the developers came in and said: "Hi, xxxxxxx [my password]!" It turned out that the program's database was an unprotected FoxBase application, and the user and password table was named "User Passwords". The rest of the data, including all the balance information, was equally accessible to any user. Furthermore, during logging in, if you tried to abort using Alt-Ctrl-Del, you suddenly found yourself in the system as super-user, able to change anything, including the table, form and table definitions.

    I mentioned the security problem to the project manager, who was not interested. Neither was the section head. Nor the department head. In fact, I received an official reprimand for wasting their time.

    I also mentioned the problem to the liaison man from the company that produced the software.

    Within a hour, I received a call from the CEO of the company (a very nice Swedish lady), who was appalled wben I explained what we had found. After cursing the programmers, who had promised to correct the problem months before, she assured me that I would receive a corrected version forthwith. It took two days.

    It turned out that the accounting department using the software until then consisted of two men. They came in to work together, left together, and had an independent network consisting only of their two computers. Data were transfered in and out via floppy disks. Secure enough, I suppose.

  • Bruce W (unregistered) in reply to frits
    frits:
    The new smart cards, whose distinguishing factor was holding twice as many certificates, are also significantly faster. I'd want those too...
    And it can hold twice as many PINs written on the back!
  • Owen Two (unregistered) in reply to Spoc42
    Spoc42:
    I mentioned the security problem to the project manager, who was not interested. Neither was the section head. Nor the department head. In fact, I received an official reprimand for wasting their time.
    That's because they knew they'd screwed up, and wanted you to keep your mouth shut.

    CAPTCHA: odio. The singular of odious, which is what the Project Manager, Section Head and Department Head were.

  • Matt Westwood (cs)

    I thought I could see one direction this might have been going.

    Thirty days before delivery of a project and the customer suddenly decides to withhold payment unless a completely left-field change request is implemented? That's the real WTF, right there.

    I'd be tempted to suggest they had a conversation with the company lawyers.

  • operagost (cs)

    "Superior security is vitally important. Your company will either comply in 30 days or we will withhold payment."

    Your investment will increase by $x,000 to cover this change in scope or we will halt the project.

  • Machtyn (unregistered)

    I'm curious as to why we got so much detail about the person who left. I was thinking that he was going to come back into the story somewhere; but, no, his mentioning was only a backdrop as to why Sebastian was where he was.

  • BentFranklin (cs) in reply to Matt Westwood
    Matt Westwood:
    I thought I could see one direction this might have been going.

    Thirty days before delivery of a project and the customer suddenly decides to withhold payment unless a completely left-field change request is implemented? That's the real WTF, right there.

    I'd be tempted to suggest they had a conversation with the company lawyers.

    Regarding threat to withhold payment, you just say "Oh that's a contract matter. That's over my pay grade. I'll forward your comment to my supervisor." The dude will be able to back down later after he no longer has an audience.

  • C-Octothorpe (cs) in reply to Spoc42
    Spoc42:
    It turned out that the accounting department using the software until then consisted of two men. They came in to work together, left together, and had an independent network consisting only of their two computers. Data were transfered in and out via floppy disks. Secure enough, I suppose.

    I was the dev lead on a project where, before our new application was developed, a single person had literally hundreds of millions, if not billions of dollars worth of confidential/secret trading information in an MS Access forms database they wrote themselves... on their laptop that they took home everyday and let their kids play with...

    I mean, loosing the data would be bad, but the potential for reputational damage was incredible should any of the information leak.

    Needless to say they lost their laptop until the database was removed and secured and had their laptop scrubbed.

  • PedanticCurmudgeon (cs) in reply to boog
    boog:
    "I recently read an in-depth white paper about a new, ultra-secure card that holds double the amount of certificates that your company is implementing."
    By "in-depth white paper", do you suppose he just means an ordinary advertisement he saw in an IT magazine? Maybe a page with the text "New! NEW!! Get the new CardTronix DX400!!! It's faster! It's more in-depth! It's doubleized the number of certificates since the DX200!!!" next to a picture of charts and tables behind secure-looking bars with a giant lock?

    Or maybe the background on the page was white, and he thought that's all that was needed?

    It's an unwritten law that senior management is allowed to refer to advertisements as whitepapers without fear of reprisal. This is because some whitepapers are nothing more than unpaid advertisements, so the distinction is no longer useful.

  • boog (unregistered) in reply to C-Octothorpe
    C-Octothorpe:
    I was the dev lead...
    That's very unlikely.
  • Ham Hands Bill (unregistered)

    I'm glad I'm not the only one with meat for hands.

  • HP PhaserJet (unregistered) in reply to boog
    boog:
    C-Octothorpe:
    I was the dev lead...
    That's very unlikely.
    You're very unlikely.
  • C-Octothorpe (cs) in reply to boog
    boog (closet homo):
    C-Octothorpe:
    I was the dev lead...
    That's very unlikely.

    Perhaps unlikely my mentally disadvantaged dimwit, however it is (was) true.

  • boog (cs) in reply to boog
    boog (failing test build):
    That's very unlikely.
    Highly. It's highly unlikely.

    sigh

    At this rate, I'll never compose a completely-coordinated company of clones to command. Back to the drawing board...

  • C-Octothorpe (cs) in reply to boog
    boog:
    boog (failing test build):
    That's very unlikely.
    Highly. It's highly unlikely.

    sigh

    At this rate, I'll never compose a completely-coordinated company of clones to command. Back to the drawing board...

    Alliteration win.

  • boog (cs) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    It's an unwritten law that senior management is allowed to refer to advertisements as whitepapers without fear of reprisal. This is because some whitepapers are nothing more than unpaid advertisements, so the distinction is no longer useful.
    Indeed. Saying "I read a white paper" is certainly a way for not-so-smart people to sound smart.
  • Pr0gramm3r (unregistered) in reply to C-Octothorpe
    C-Octothorpe:
    Spoc42:
    It turned out that the accounting department using the software until then consisted of two men. They came in to work together, left together, and had an independent network consisting only of their two computers. Data were transfered in and out via floppy disks. Secure enough, I suppose.

    I was the dev lead on a project where, before our new application was developed, a single person had literally hundreds of millions, if not billions of dollars worth of confidential/secret trading information in an MS Access forms database they wrote themselves... on their laptop that they took home everyday and let their kids play with...

    I mean, loosing the data would be bad, but the potential for reputational damage was incredible should any of the information leak.

    Needless to say they lost their laptop until the database was removed and secured and had their laptop scrubbed.

    I heard about that in the news. Apparently the dev lead of that project owned that laptop.

  • C-Octothorpe (cs) in reply to Pr0gramm3r
    Pr0gramm3r:
    C-Octothorpe:
    Spoc42:
    It turned out that the accounting department using the software until then consisted of two men. They came in to work together, left together, and had an independent network consisting only of their two computers. Data were transfered in and out via floppy disks. Secure enough, I suppose.

    I was the dev lead on a project where, before our new application was developed, a single person had literally hundreds of millions, if not billions of dollars worth of confidential/secret trading information in an MS Access forms database they wrote themselves... on their laptop that they took home everyday and let their kids play with...

    I mean, loosing the data would be bad, but the potential for reputational damage was incredible should any of the information leak.

    Needless to say they lost their laptop until the database was removed and secured and had their laptop scrubbed.

    I heard about that in the news. Apparently the dev lead of that project owned that laptop.

    You know what, I wish because I would be a really wealthy man right now rolling in piles of ill-gotten money... Or in jail for insider trading. Either way it would have been a helluva ride.

  • Mr Keith (unregistered) in reply to Matt Westwood
    Matt Westwood:
    I thought I could see one direction this might have been going.

    Thirty days before delivery of a project and the customer suddenly decides to withhold payment unless a completely left-field change request is implemented? That's the real WTF, right there.

    I'd be tempted to suggest they had a conversation with the company lawyers.

    If the terms of any Change Orders in the contract are "time and materials", this is your profit margin.

  • Coyne (cs) in reply to ih8u
    ih8u:
    Coyne:
    What to say about this?

    I long ago lost count of the number of people I've encountered who were "concerned about security" that have accepted lapses like this.

    I once got in trouble for not locking a door that was adjacent (no kidding: ad-jac-ent) to a door that was permanently unlocked (didn't even have a lock).

    I know what you mean. I was about to go upstairs to bed when I locked the closet door. To be sure it was adjacent (no kidding: ad-jac-ent) to the front door, which I left unlocked.

    Here's my address:



    **********, ** *****

    Okay, maybe I wasn't clear enough; my bad.

    Both doors went from the same hallway, through two walls that met in an "L", into the same auditorium: A single door with no lock, and a set of double doors that had a lock.

    Not only was it silly to have a lock on the double doors, but I was ordered to lock the double doors; when all you had to do to unlock them was go through the unlocked (and unlockable) single door into the auditorium, go around the corner, and turn the knob on the double doors from inside.

    I was accused of not securing the auditorium. No joke. (Well, it was a joke, but the person giving the orders was dead serious.)

    Truly ridiculous.

  • HP PhaserJet (unregistered) in reply to C-Octothorpe
    C-Octothorpe:
    [I would be] in jail for insider trading. Either way it would have been a helluva ride.

    And then some guy would have a helluva ride on your ass.

  • C-Octothorpe (cs) in reply to HP PhaserJet
    HP PhaserJet:
    C-Octothorpe:
    [I would be] in jail for insider trading. Either way it would have been a helluva ride.

    And then some guy would have a helluva ride on your ass.

    Is this your way of proposing?

  • airdrik (unregistered) in reply to Machtyn
    Machtyn:
    I'm curious as to why we got so much detail about the person who left. I was thinking that he was going to come back into the story somewhere; but, no, his mentioning was only a backdrop as to why Sebastian was where he was.
    No kidding. I was expecting that the presentation notes were stored on his computer and they had to scramble to figure out to pull them off the encrypted partition, which also had some of the required features yet-to-be-checked-in.

    With as much influence as Simon had on the story, nothing would have been missed if he had been left out altogether.

  • HP PhaserJet (unregistered) in reply to C-Octothorpe
    C-Octothorpe:
    HP PhaserJet:
    C-Octothorpe:
    [I would be] in jail for insider trading. Either way it would have been a helluva ride.

    And then some guy would have a helluva ride on your ass.

    Is this your way of proposing?

    The things I am thinking I am ashamed to utter.

Leave a comment on “Not So Smart Card”

Log In or post as a guest

Replying to comment #:

« Return to Article